IBM Security QRadar Reviews

Our primary use case for this solution is compliance. 

This solution has improved our organization by allowing us to promote vertical security as an added service for our customers.

It has also improved our integration with other applications. Previously we used to have challenges in terms of application integration. I think that it is slowly changing; for example, Oracle Hyperion and these kinds of products integrate more easily because they have the proper plugins. It is important to know that they are properly integrated with your solution.

First, the dashboard is a valuable feature. There is a single dashboard that gives us a complete overview of what is happening around the globe. We are able to follow the devices that are connected to the network. 

The second thing is the customization that we have done. For example, if there is an account login made in Tokyo then we will immediately get an alert.

With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels.

Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product.

The stability of this product is pretty good.

The solution is highly scalable. It is one of the reasons that we have chosen this product.

Currently, our network has more than thirteen countries deployed. A roadmap is in place for a total of forty countries, so twenty-six more will be added. Deployment is a continuous exercise for us in terms of increasing the number of devices and applications.

The EPS (Event Per second Licensing) is adjusted based on scale. At this time we have close to three or four hundred events per week. As we grow, we are expecting at least fifteen-hundred events per week.

The support is very important during the implementation and initial stages.

I think that the turnaround time has to improve. If we raise a ticket then we have to wait for a patch. After this, the patch will probably have to be applied within our test environment. After testing it has to be promoted to production. Overall, the turnaround time is slow. 

Choosing the cloud platform gives a significant advantage in terms of the setup. I have been deploying the same solution across enterprise organizations from day one, and previously it used to take a month for implementation. Now, I think that it has been reduced to two weeks.

The challenge with the old model is that you normally need to work with the hardware vendors to ensure the right patches or data is available. We used to install the physical hardware, but with the cloud version, you can just start your service and add devices. You can start populating and getting reports on alerts and such in a week's time.

The implementation team is about three or four members. It has not yet grown to an operational stage because we are still implementing the solution. 

We do the implementation in-house. I am the program manager and I lead the model from inception to completion. That said, we have to connect with the IBM team to assist with integrating the solution. We're getting pretty good support from them.

The solution is a subscription-based model. It is a yearly subscription from my understanding.

In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from.

There is the EPS licensing cost (Event per second licensing), which is a parameter that you choose. By adding countries to our solution, we have to increase the EPS.

Yes, for each project we discuss which product to choose, and decide depending on what suits our needs.

SolarWinds is one of the solutions that we use for our NOC operations. We had internal discussions and considered many parameters, but later we decided to move to IBM.

I would rate this solution eight and a half out of ten.

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

In addition to using this solution for our security operations center, we are using it for our other customers.

It needs more resilience and functionality. 

My impressions of the stability is that it is good.

The scalability is good. Internally we have many customers, but we offer this as a specific consultancy service. I do not know with certainty the number of users for this product in our customer environment.

We used a consultant to assist us with the implementation of this solution.

Our licensing costs for this solution is on a yearly basis.

I would rate this product eight out of ten.

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

We have integrated IBM QRadar with our firewall and some services that we use. When the logs are about to get full of SQL, IBM QRadar makes a notification. The admin knows that they're about to get full so he just goes and clears them out. That is when we usually use IBM QRadar. On our firewall, when the issue notifications are generated, we don't usually open the firewall but QRadar alerts us about what went down in our environment.

The most valuable feature of IBM QRadar is its slow control and even activation. I also like the post notifications on the screen.

The quoting and the dashboard session could be improved. It should be more user-friendly.

Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.

IBM QRadar is very stable. It doesn't have many errors.

IBM QRadar is easy to scale. We can integrate other devices if we want to. We could go to distributed architecture instead, but we like this product. It doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. 

Our organization has staff in the software department that manages IBM QRadar for us. The security division just manages the login. Overall, only two to three staff are required for the management of IBM QRadar. They are more than enough to control the situation because most of it is easy. We definitely have plans to increase our current usage of the solution in the future.

Technical support from IBM is not that good here in this region. It's quite helpful to have local support. They don't have much expertise in this product. 

We usually have to go to IBM to resolve the issues if we have them because the overall product is a bit complex. There are not many local resources here in this region with expertise in IBM QRadar.

The initial setup is straightforward. It's very easy. I think anyone can install it within minutes. The deployment of IBM QRadar takes around 20 to 25 minutes if you have a good hard drive.

We deployed IBM QRadar ourselves. We have technicians. We bill the client and do the installation on our own, along with other IBM products

We do licensing on a yearly basis. It's for deployment. If the client wants more services, we support the license. There are no other costs for the product.

When I joined the company we were already partners with IBM. I didn't have much experience with other products.

I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar. 

IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical. As of the moment, we are more secure than before.

One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.

The first area for improvement is the cost. It's a little bit too expensive for us. 

Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.

In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very reliable. It's very stable.

It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.

I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We have just fixed things ourselves.

We did not use any solutions before QRadar.

It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already communicating.

We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too much downtime since we're just monitoring a few servers and a couple of security tools.

We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also gave us a little bit of training and knowledge transfer.

It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.

We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need.

This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters.

In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers.

At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years.

I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

Instead of logging in to multiple devices and checking the logs, QRadar gives us one centralized point for comparing data against each other and rules to make sure that you don't miss anything. It tells you where all the detections happened. It provides easier access and we pick up things way quicker than in the past.

The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.

It would be good if the program allowed certain profiles to only see certain customer information.

If you're running the latest version under recommended specifications, it is very stable thus far.

It's scalable.

The technical support has definitely improved. In 2016-17 it took me about ten hours to get a reply from IBM. It now takes an hour to two hours for them to reply to me.

We went with QRadar because it's a more well-known product. I was only using the AlienVault Community Edition, a free version. It wasn't a fully-paid version I was using at the time. IBM QRadar was just the product the company was using.

The setup is straightforward. The last one I did took me about three days. It only takes half an hour to set up QRadar, but getting the other systems to talk with QRadar, to forward syslogs, is what took the additional time, because I didn't have all the login information. If you've got all the relevant information, it shouldn't take you more than a day to set it up.

QRadar is quite expensive. It wouldn't be worth it for a small business unless, through a third-party company, they used it in a software-as-a-service type of arrangement, rather than buying the licenses outright.

There are additional costs beyond the standard licensing fees. For example, there are add-ons like the QRadar Vulnerability Manager.

QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product.

In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one dashboard and about ten people would be monitoring it. The users have a specific role.

The amount of staff required for deployment or maintenance depends on the type of update or patch that's being deployed. For deployment of a new patch it, it could take anything from an hour to about ten hours. It depends on the patch, how big the patch is, and if you've gone through a testing phase or not. So there are multiple dependencies on how long it would take. An average, for me, would be three hours to do certain deployments.

Currently it's being used quite widely. The only downfall of this product would be its price. I wouldn't recommend it for a small company. For larger companies I know it's being widely used.

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

Before implementing this solution, we had no security. After integrating many thing, we received reports letting us know what is compromised.

It's user-friendly when compared to other products. New users can easily understand the product.

It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.

They should introduce some automation into the product.

It has good stability. If there is an issue, we restart the box.

It is easily scalable.

Our team has nine people.

The technical support is good.

Previously, I was using McAfee Nitro. Comparing with McAfee, QRadar is user-friendly and easy to use.

There was some complexity in the initial setup due to bandwidth issues.

The implementation took two to three days.

It helps us discover any threats with their alerts and tracking.

QNI is the most valuable feature. 

I would like for them to lower the price. 

The system is quite stable, so far we haven't had any problems. Although the initial supply of the appliance was a bit faulty, the processor kept on failing. We were within the warranty so they supplied new ones. After loading logs, the system is very stable and nothing to worry about.

It's very scalable. There are currently five users. We may still onboard more users depending on the requirements and their departmental level.

We do plan to increase usage. 

Their support is excellent, they are available when we need them. I'm satisfied so far.

The initial setup wasn't exactly straightforward but the vendor who set it up for was helpful. It was very straightforward with their help. The deployment took two months. 

We require two admins for maintenance. 

We used our own people and the certified IBM vendor for the implementation. We had a very good experience with them. 

We do licenses once a year. 

We also looked at LogRhythm.

I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems.

If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference. 

I would rate it an eight out of ten. 

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely. 

The security has improved my organization. 

The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. 

Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.

If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.

We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

Stability is very good. It's better than it used to be. 

Scalability is very good. 

Everyone has used this solution for security purposes. We use it daily.

The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two. 

The initial setup is fine. The moment we send the packets for an update it's easy but then there are challenges for the users. We have actually changed the hardware, so it got updated. We have to check if the problems are due to the hardware or due to the software.

The initial setup normally will take a day. it depends on the number of users. We have 300 users on the system which took around ten days. 

We require five to ten staff members for deployment and maintenance. 

Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.

I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it.

I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.