IBM Security QRadar Reviews

We use this solution for log correlation and alerting.

This solution has allowed us to correlate logs from multiple sources.

The searching capability is good.

We would like to see better instrumentation for debugging changes in the log flow.

The primary use of the solution in our deployment was for threat detection. 

The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area. 

The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans.

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on.

Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement.

In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

It's very stable. The only issue we can report about is a system issue. When the partition is full, the whole system shuts down. If some partition of the logs is not in QRadar, maybe we can't find any solution to do this from QRadar.
In fact, we observed that sometimes the systems are going down when a partition is up to 90%. This issue is related to Red Hat, also we observed this issue relating to logs TOMCAT, the /var/log be up to 100% quickly.

In my experience the upgrade, it could lead to some misconfiguration. We had this experience of disruption when upgrading the 7.2.7 to 7.2.9 and then 7.3.0.

We observed that some application and configuration needs to be redone. The scalability at this moment, because it's an older version, has some issues. Otherwise, I think scalability is excellent.

We don't use IBM Support. We communicate with Morocco Teams about this. When I have an issue, I post it and ask for the community, because I have an account in the IBM Community. The community is very, very knowledgeable and strong.

The setup is really very easy. It takes a few hours. The integration, orchestrating all the components to send logs to, etc., is very, very complicated. In the last setup we did for our customer, it took us four months to integrate. The setup, on the other hand, took only half a day.

The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best.

I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable.

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer.

The ticketing system is not fully automated and needs to be improved.

There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team.  

The pricing needs to be such that they are more competitive with other vendors.

This is a very stable solution and I don't think that we have lost it once. This is good compared to our other system that had gone down three times.

I would say that it is ok. I can buy licenses when I need to scale the solution.

Our experience with technical support has not been smooth. There is a lot of bureaucracy to get to the technical team. In fact, in some cases, we resolved the issues ourselves and then explained to their technical team how it should be done for other customers.

The initial setup for this solution is complex. There are many different components, and only the IBM technicians have the permission, or credentials, to modify the system online. As a customer, I cannot go in and install it myself. Rather, I am dependent on the IBM professionals.

We used a consultant to assist with the installation of this solution.

I have used several other products including ArcSight, AlienVault, and Splunk. Some of these solutions are on-premises or in-house.

I do not like Splunk, but I think that ArcSight is a good solution. ArcSight is complicated, but it is a more mature solution with much greater options than IBM is offering in QRadar.

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements.

I would rate this solution a seven out of ten.

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

This solution provides me with various alarms, and I have found security issues with some of my other products. We also have some special correlation rules that give me information about mail servers, websites, and other user behavior.

The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. 

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment.

The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

We have not experienced any bugs or vulnerabilities, so the stability seems to be fine.

The scalability seems great.

We have five hundred people in our company. All of them are end-users, except for myself and one of my colleagues who are administrators. We have more that one hundred assets, such as databases, that are monitored by this solution.

I have never used technical support for this solution.

The initial setup for this solution is very easy. It is an image file, and we haven't had any difficulties in the setup. After installation, there are many things to do. Again, the difficult part is the configuration of the product.

The installation period was very short, at perhaps one or two weeks. The configuration takes six months or more.

We have a technology company, and we are working with them for deployment and maintenance. They spend one or two hours per week maintaining this solution.

We have not calculated ROI.

I am familiar with products from other vendors, such as McAfee. We specifically evaluated Splunk, which is a good solution but there is no local partner in Turkey for support. Having a local partner is very important to us.

We chose this solution because we have a good relationship with IBM, and they are able to provide us with local support.

There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support.

We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however.

I would rate this solution an eight out of ten.

We are a partner and provide this solution to our customers.

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

This is a very stable solution.

The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.

The initial setup of this solution is not complex.

Deployment normally takes between one and three months.

We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.

I would rate this solution an eight out of ten.

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

QRadar is the primary tool in our security center. We use it to collect information from different devices, detect, and analyze various threats or attacks to protect our system.

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

The solution is scalable. Currently, wehave between 50 to 70 users working with this solution.
We have plans to increase the usage of the product in the future.

My experience with technical support has not been so good because I would prefer support in Spanish which I haven't gotten.

The initial setup was very complex.

We are planning to take at least one year for the complete setup. Deployment went fast, between six and three hours.

We used an integrator for the deployment. The experience was excellent, outstanding.

This kind of solution is essential. The communication network functions very well.

On a scale of one to 10, ten being the best, I would give this product a rating of nine.

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

It's very stable.

The solution is very scalable.

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

I've used Alien Vault, McAfee, and Splunk.

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

QRadar has significantly improved our security. It has reduced threats considerably. The solution provides increased visibility along with actionable intelligence. We are looking into implementing it to proactively take steps to prevent or reduce the attacks.

The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

It's very stable. We never need much help with that.

The solution is very scalable; it's designed to be, it's distributed architecture. It's entirely scalable.

Currently, there are five domain users working with this solution. We don't have visibility on our end user count due to the fact that end users don't need to log on to the application.

Our maintenance needs require just one experienced QRadar analyst to moderate.

Technical support has proven to be very helpful.

The initial setup wasn't straightforward. The setup is situation specific.

The deployment for us took about 3 months.

Implementation was done in-house.

I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution

On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.