IBM Security QRadar Reviews

The UBA feature is the most valuable because you can see everything about users' activities. 

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

I started to use it two to three years ago.

Its stability is very good. I don't have any problem with it.

It has good scalability. It is easy to scale, but it is a little bit expensive to scale because you have to pay a lot for everything.

Their technical support is good.

I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.

It is an easy tool for me, so the initial setup was easy for me, but it might not be easy for everyone. If you compare it with Kibana, QRadar is easier to implement.

The implementation strategy was to follow the users, collect the logs, and then implement QRadar.

We implemented it ourselves.

Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar.

When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use.

I would rate IBM QRadar a nine out of ten.

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

This product is easy to install, integrate, and use.

It has very rich functionality.

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

I have been working with IBM QRadar for between three and four years.

This is a very stable product.

QRadar is a scalable solution.

Technical support is very good.

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

The primary use case of this solution is for monitoring the network.

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

I have been working with QRadar for two years.

We are working with the latest version.

The stability is excellent.

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

The third-party vendor manages the system

We had a third party vendor to complete the installation, so it wasn't bad.

We evaluated all of the Gartner top quadrants.

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

We have been working with QRadar for less than one year.

This is a very stable product.

This is a scalable product that can scale to a large-sized organization.

My client for QRadar is medium-sized.

You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.

It's a process to deploy, but once you have it configured it's easy to operate.

The deployment can be done in-house.

The pricing is okay, it's comparable to other vendors.

It's not expensive for the resources that it gives you.

I think the tool is very complete and very agile.

I would rate this solution a ten out of ten.

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.

It is very stable, but the hard drive sometimes does not have logs.

IBM is always there to support us. We have no trouble with them.

We have agreements with different companies for support. They are good. For some issues, they take more time, like a day or two days. 

We have almost ten engineers for IT sites.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.

It's quite stable. 

It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users. 

The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.

The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.

It's free of charge.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

One to three years...

No issues.

Very good

Mcafee, switched due to the bad correlation of data.

It was straightforward

Splunk and Logrhythm..

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

I really like the feature we have with the logs, that if there are any credit card numbers  being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere.

Additionally, there should be integration with IBM Guardian. 

Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

I have been using IBM QRadar User Behavior Analytics for a month or two.

In terms of stability, in my current company, QRadar is working fine. But in my previous organization that was using QRadar, we experienced some QRadar failures. There were two or three times the data was wiped out instead of transferring to EGA and we had to restart QRadar from scratch and all the data was lost. It happened a lot. Maybe it was due to lack of management since it was a new company.

We do have experience with support. We get support from the IBM people in Karachi, Pakistan.

They're good.

The initial setup was really easy, it was really straightforward. I got it done in one day.

What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different.

On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven.

I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement. 

It is a complex product compared to LogRhythm.