IBM Security QRadar Reviews

Most of the features are good. It is an excellent solution. 

Some of the features should be more cooperative but other than that, everything is okay.

I have been using IBM QRadar User Behavior Analytics for a year. 

It is very stable. 

It is also scalable. 

Our team handles its own support. We are capable of doing our own technical support but we also have IBM to get their help as well.

The initial setup is not straightforward but of medium complexity. It's not simple but not so complex. It usually takes two to three weeks to deploy. 

The price is very high. Some of our customers cannot afford it. 

IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer.

I would rate it an eight out of ten. They should reduce the pricing. 

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud. 

Instant continuous monitoring so that we can take action immediately and be proactive as much as possible with handling hacking and attacking attempts. Also, It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well. We also use it for testing our controls if it is performing well or not. We can say that the visibility, monitoring, testing and reliability of our controls is all assisted by this solution. The most important benefit we get is from the SIEM solution.

The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need.

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

It is very stable. We have not faced interruptions in the past four and a half years.

It's great! This is one of the major features of the solution.

Technical support is good, but not great. 

It was straightforward, but we had to do some customization. 

When choosing a vendor, we always consider:

• Scalability
• Diversity of Connecting Systems
• Storage

We considered another solution from HP and ArcSight.

We use this solution for log correlation and alerting.

This solution has allowed us to correlate logs from multiple sources.

The searching capability is good.

We would like to see better instrumentation for debugging changes in the log flow.

The primary use of the solution in our deployment was for threat detection. 

The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area. 

The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans.

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on.

Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement.

In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

It's very stable. The only issue we can report about is a system issue. When the partition is full, the whole system shuts down. If some partition of the logs is not in QRadar, maybe we can't find any solution to do this from QRadar.
In fact, we observed that sometimes the systems are going down when a partition is up to 90%. This issue is related to Red Hat, also we observed this issue relating to logs TOMCAT, the /var/log be up to 100% quickly.

In my experience the upgrade, it could lead to some misconfiguration. We had this experience of disruption when upgrading the 7.2.7 to 7.2.9 and then 7.3.0.

We observed that some application and configuration needs to be redone. The scalability at this moment, because it's an older version, has some issues. Otherwise, I think scalability is excellent.

We don't use IBM Support. We communicate with Morocco Teams about this. When I have an issue, I post it and ask for the community, because I have an account in the IBM Community. The community is very, very knowledgeable and strong.

The setup is really very easy. It takes a few hours. The integration, orchestrating all the components to send logs to, etc., is very, very complicated. In the last setup we did for our customer, it took us four months to integrate. The setup, on the other hand, took only half a day.

The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best.

I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable.

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer.

The ticketing system is not fully automated and needs to be improved.

There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team.  

The pricing needs to be such that they are more competitive with other vendors.

This is a very stable solution and I don't think that we have lost it once. This is good compared to our other system that had gone down three times.

I would say that it is ok. I can buy licenses when I need to scale the solution.

Our experience with technical support has not been smooth. There is a lot of bureaucracy to get to the technical team. In fact, in some cases, we resolved the issues ourselves and then explained to their technical team how it should be done for other customers.

The initial setup for this solution is complex. There are many different components, and only the IBM technicians have the permission, or credentials, to modify the system online. As a customer, I cannot go in and install it myself. Rather, I am dependent on the IBM professionals.

We used a consultant to assist with the installation of this solution.

I have used several other products including ArcSight, AlienVault, and Splunk. Some of these solutions are on-premises or in-house.

I do not like Splunk, but I think that ArcSight is a good solution. ArcSight is complicated, but it is a more mature solution with much greater options than IBM is offering in QRadar.

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements.

I would rate this solution a seven out of ten.

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

This solution provides me with various alarms, and I have found security issues with some of my other products. We also have some special correlation rules that give me information about mail servers, websites, and other user behavior.

The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. 

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment.

The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

We have not experienced any bugs or vulnerabilities, so the stability seems to be fine.

The scalability seems great.

We have five hundred people in our company. All of them are end-users, except for myself and one of my colleagues who are administrators. We have more that one hundred assets, such as databases, that are monitored by this solution.

I have never used technical support for this solution.

The initial setup for this solution is very easy. It is an image file, and we haven't had any difficulties in the setup. After installation, there are many things to do. Again, the difficult part is the configuration of the product.

The installation period was very short, at perhaps one or two weeks. The configuration takes six months or more.

We have a technology company, and we are working with them for deployment and maintenance. They spend one or two hours per week maintaining this solution.

We have not calculated ROI.

I am familiar with products from other vendors, such as McAfee. We specifically evaluated Splunk, which is a good solution but there is no local partner in Turkey for support. Having a local partner is very important to us.

We chose this solution because we have a good relationship with IBM, and they are able to provide us with local support.

There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support.

We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however.

I would rate this solution an eight out of ten.

We are a partner and provide this solution to our customers.

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

This is a very stable solution.

The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.

The initial setup of this solution is not complex.

Deployment normally takes between one and three months.

We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.

I would rate this solution an eight out of ten.

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

QRadar is the primary tool in our security center. We use it to collect information from different devices, detect, and analyze various threats or attacks to protect our system.

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

The solution is scalable. Currently, wehave between 50 to 70 users working with this solution.
We have plans to increase the usage of the product in the future.

My experience with technical support has not been so good because I would prefer support in Spanish which I haven't gotten.

The initial setup was very complex.

We are planning to take at least one year for the complete setup. Deployment went fast, between six and three hours.

We used an integrator for the deployment. The experience was excellent, outstanding.

This kind of solution is essential. The communication network functions very well.

On a scale of one to 10, ten being the best, I would give this product a rating of nine.