IBM Security QRadar Reviews

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable.

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer.

The ticketing system is not fully automated and needs to be improved.

There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team.  

The pricing needs to be such that they are more competitive with other vendors.

This is a very stable solution and I don't think that we have lost it once. This is good compared to our other system that had gone down three times.

I would say that it is ok. I can buy licenses when I need to scale the solution.

Our experience with technical support has not been smooth. There is a lot of bureaucracy to get to the technical team. In fact, in some cases, we resolved the issues ourselves and then explained to their technical team how it should be done for other customers.

The initial setup for this solution is complex. There are many different components, and only the IBM technicians have the permission, or credentials, to modify the system online. As a customer, I cannot go in and install it myself. Rather, I am dependent on the IBM professionals.

We used a consultant to assist with the installation of this solution.

I have used several other products including ArcSight, AlienVault, and Splunk. Some of these solutions are on-premises or in-house.

I do not like Splunk, but I think that ArcSight is a good solution. ArcSight is complicated, but it is a more mature solution with much greater options than IBM is offering in QRadar.

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements.

I would rate this solution a seven out of ten.

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

This solution provides me with various alarms, and I have found security issues with some of my other products. We also have some special correlation rules that give me information about mail servers, websites, and other user behavior.

The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. 

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment.

The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

We have not experienced any bugs or vulnerabilities, so the stability seems to be fine.

The scalability seems great.

We have five hundred people in our company. All of them are end-users, except for myself and one of my colleagues who are administrators. We have more that one hundred assets, such as databases, that are monitored by this solution.

I have never used technical support for this solution.

The initial setup for this solution is very easy. It is an image file, and we haven't had any difficulties in the setup. After installation, there are many things to do. Again, the difficult part is the configuration of the product.

The installation period was very short, at perhaps one or two weeks. The configuration takes six months or more.

We have a technology company, and we are working with them for deployment and maintenance. They spend one or two hours per week maintaining this solution.

We have not calculated ROI.

I am familiar with products from other vendors, such as McAfee. We specifically evaluated Splunk, which is a good solution but there is no local partner in Turkey for support. Having a local partner is very important to us.

We chose this solution because we have a good relationship with IBM, and they are able to provide us with local support.

There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support.

We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however.

I would rate this solution an eight out of ten.

We are a partner and provide this solution to our customers.

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

This is a very stable solution.

The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.

The initial setup of this solution is not complex.

Deployment normally takes between one and three months.

We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.

I would rate this solution an eight out of ten.

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

QRadar is the primary tool in our security center. We use it to collect information from different devices, detect, and analyze various threats or attacks to protect our system.

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

The solution is scalable. Currently, wehave between 50 to 70 users working with this solution.
We have plans to increase the usage of the product in the future.

My experience with technical support has not been so good because I would prefer support in Spanish which I haven't gotten.

The initial setup was very complex.

We are planning to take at least one year for the complete setup. Deployment went fast, between six and three hours.

We used an integrator for the deployment. The experience was excellent, outstanding.

This kind of solution is essential. The communication network functions very well.

On a scale of one to 10, ten being the best, I would give this product a rating of nine.

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

It's very stable.

The solution is very scalable.

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

I've used Alien Vault, McAfee, and Splunk.

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

QRadar has significantly improved our security. It has reduced threats considerably. The solution provides increased visibility along with actionable intelligence. We are looking into implementing it to proactively take steps to prevent or reduce the attacks.

The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

It's very stable. We never need much help with that.

The solution is very scalable; it's designed to be, it's distributed architecture. It's entirely scalable.

Currently, there are five domain users working with this solution. We don't have visibility on our end user count due to the fact that end users don't need to log on to the application.

Our maintenance needs require just one experienced QRadar analyst to moderate.

Technical support has proven to be very helpful.

The initial setup wasn't straightforward. The setup is situation specific.

The deployment for us took about 3 months.

Implementation was done in-house.

I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution

On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.

Our primary use case for this solution is compliance. 

This solution has improved our organization by allowing us to promote vertical security as an added service for our customers.

It has also improved our integration with other applications. Previously we used to have challenges in terms of application integration. I think that it is slowly changing; for example, Oracle Hyperion and these kinds of products integrate more easily because they have the proper plugins. It is important to know that they are properly integrated with your solution.

First, the dashboard is a valuable feature. There is a single dashboard that gives us a complete overview of what is happening around the globe. We are able to follow the devices that are connected to the network. 

The second thing is the customization that we have done. For example, if there is an account login made in Tokyo then we will immediately get an alert.

With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels.

Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product.

The stability of this product is pretty good.

The solution is highly scalable. It is one of the reasons that we have chosen this product.

Currently, our network has more than thirteen countries deployed. A roadmap is in place for a total of forty countries, so twenty-six more will be added. Deployment is a continuous exercise for us in terms of increasing the number of devices and applications.

The EPS (Event Per second Licensing) is adjusted based on scale. At this time we have close to three or four hundred events per week. As we grow, we are expecting at least fifteen-hundred events per week.

The support is very important during the implementation and initial stages.

I think that the turnaround time has to improve. If we raise a ticket then we have to wait for a patch. After this, the patch will probably have to be applied within our test environment. After testing it has to be promoted to production. Overall, the turnaround time is slow. 

Choosing the cloud platform gives a significant advantage in terms of the setup. I have been deploying the same solution across enterprise organizations from day one, and previously it used to take a month for implementation. Now, I think that it has been reduced to two weeks.

The challenge with the old model is that you normally need to work with the hardware vendors to ensure the right patches or data is available. We used to install the physical hardware, but with the cloud version, you can just start your service and add devices. You can start populating and getting reports on alerts and such in a week's time.

The implementation team is about three or four members. It has not yet grown to an operational stage because we are still implementing the solution. 

We do the implementation in-house. I am the program manager and I lead the model from inception to completion. That said, we have to connect with the IBM team to assist with integrating the solution. We're getting pretty good support from them.

The solution is a subscription-based model. It is a yearly subscription from my understanding.

In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from.

There is the EPS licensing cost (Event per second licensing), which is a parameter that you choose. By adding countries to our solution, we have to increase the EPS.

Yes, for each project we discuss which product to choose, and decide depending on what suits our needs.

SolarWinds is one of the solutions that we use for our NOC operations. We had internal discussions and considered many parameters, but later we decided to move to IBM.

I would rate this solution eight and a half out of ten.

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

In addition to using this solution for our security operations center, we are using it for our other customers.

It needs more resilience and functionality. 

My impressions of the stability is that it is good.

The scalability is good. Internally we have many customers, but we offer this as a specific consultancy service. I do not know with certainty the number of users for this product in our customer environment.

We used a consultant to assist us with the implementation of this solution.

Our licensing costs for this solution is on a yearly basis.

I would rate this product eight out of ten.