IBM Security QRadar Reviews

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region. 

Overall, I rate the solution a seven out of ten.

Neutral

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

The solution’s scalability is excellent. 

25 users are using this solution. 

I rate the solution’s scalability a nine out of ten.

IBM provides good support.We have paid licenses, which come with special performance enhancements.

Positive

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.

The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability.

IBM Security QRadar’s GUI could be improved.

I have been using IBM Security QRadar for 12 years.

I rate IBM Security QRadar ten out of ten for stability.

Around five to ten users are using the solution in our organization.

I rate IBM Security QRadar ten out of ten for scalability.

The solution's initial setup is pretty difficult. I rate IBM Security QRadar a four or five out of ten for the ease of its initial setup.

Based on the size and the number of use cases, the solution's deployment can take three or four days to a few months.

IBM Security QRadar is about 50% less expensive than Splunk. SIEM solutions charge by the amount of data, whether EPS or gigabytes. They directly incentivize you not to put things in it, which doesn't make sense since the goal is to put everything in it. They'd make it where you can't afford to do it.

On a scale from one to ten, where one is cheap and ten is expensive, I rate IBM Security QRadar's pricing a five out of ten.

Overall, I rate IBM Security QRadar a nine out of ten.

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

I have been working with IBM Security QRadar for over two years.

We have not had any stability issues with QRadar.

IBM QRadar is scalable to meet the growing needs of our business. As our network expands with additional devices and log sources, QRadar can easily accommodate them. We can also create specific use cases tailored to the nature of each log source.

Our experience with the initial setup of QRadar was smooth because we opted for a managed security solution through our service providers. The installation itself took about one to two hours but integrating various sources, creating use cases, fine-tuning, and enabling logs could take up to two to three months. However, in our enterprise network deployment, we managed to accomplish it within six months.

Implementing IBM QRadar is similar to investing in insurance for our organization's security. While the return on investment may not be immediately tangible, it is crucial for mitigating potential disasters and ensuring our organization's resilience against security threats in the long run.

Overall, I'm satisfied with the value IBM QRadar provides for its price. However, there is room for improvement in terms of including more features with the base license instead of requiring additional licensing fees for each feature or application.

We chose to work with IBM QRadar mainly because it was widely deployed in our country, Pakistan, with no significant presence of alternatives like Splunk or LogRhythm.

IBM Security QRadar has enhanced our threat detection and management processes by providing comprehensive visibility into network traffic and events. With QRadar, we have end-to-end visibility across our network, enabling us to monitor traffic from origin to destination and analyze all relevant logs and events.

IBM Security QRadar stands out with features like advanced analytics and customizable dashboards, making it effective for our security needs. While it shares common features with other SIEM solutions, these unique capabilities have been instrumental in improving our security.

Integration capabilities play a crucial role in enhancing the overall security posture of IBM QRadar. By integrating with various tools like Active Directory, privilege access management, firewalls, and email security appliances, QRadar aggregates logs from different sources. It then utilizes machine learning, artificial intelligence, and custom rules to analyze this data, helping our security operations center make informed decisions and respond effectively to potential threats.

Overall, I would rate IBM QRadar as a seven out of ten. It is a great tool but operating IBM QRadar requires a higher level of technical expertise.

Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.

The most valuable feature of the solution is its ability to rectify a situation involving any anomalies expeditiously.

I am dealing with the tool from an arm's length. I am not sitting right in the middle of things in my position. I work in the sales position,and as far as sales marketing is concerned, I am not qualified to speak about what needs improvements in the tool.

IBM is in there with the client, and they pretty well have them covered in a lot of different areas. If the customers are doing their job and they are running the business the way they ought to, then IBM is in a position to do a good job for most of the clients. Communication between the silos sometimes becomes an issue, making it an area where improvements are required.

I have been using IBM Security QRadar since 2015 or 2016.

The solution's stability is pretty good. The tool has been there in my company over a long period of time. It is a solid product. IBM doesn't produce junk, and if it does, then such tools are taken off the market pretty quickly.

Scalability-wise, I rate the solution an eight out of ten.

The tool is used by government contractors who are our clients.

The tool offers plug-and-play options, and it does not even involve APIs, making it pretty easy.

IBM Security QRadar's interface is useful. The product is highly competitive. Though Splunk has become a standard tool, IBM Security QRadar is still out there even though it is not number one.

I rate the technical support an eight out of ten.

Positive

The main difference between Splunk and IBM is that the former one is on the edge in terms of innovation, but the latter one is not that good. Compared to IBM Security QRadar, IBM X-Force is good.

On a scale of one to ten, if ten means easy, I rate the product's initial setup phase as an eight.

As long as you have your policies and if they all relate to security and other areas like infrastructure, then the rules are pretty easy to feed into the product.

The time needed for the product's deployment phase depends on how the entity, the client, has its policies and rules set up. I don't want to say the tool is like a plug and play product because nothing really is in today's market. The tool offers ease of use and integration. I rate the tool a seven to eight for the ease of use and integration it offers.

The tool's ability to redeploy resources, like manpower, is about the same as that of other competitors. The benefit the tool offers is the protection and the ability to act on whatever the situation might be quickly, efficiently and terminate whatever is happening. The tool is useful to the bottom and helps with the remediation part.

The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace. The marketplace right now is being set by Splunk, which offers a pretty good deal if someone wants it. As a matter of fact, I would say that out of who we are working with right now, Splunk is the major one.

Speaking of how the tool handles real-time threat management in our specific industry, I would say that for our company's services, which are used with Crows Nest Software, we face the product as per the policies and rules that are set up within an entity or a client. For instance, if we see an anomaly, like if I send you an email, and we are within the same company, or I am within this ABC company, and you are external to it. If I am sending you information that I am not allowed to send outside of the company, what happens is we can either stop it ourselves, especially if that is what the instructions are through the policy, or if the client says, then we send such information to IBM Security QRadar and as per the instructions and policy, they can terminate it or do what they will with it after it is terminated.

Speaking about how anomaly detection has impacted security operations, if I consider it from a dollars and cents point of view, I would say that if I am sending you something that is intellectual property and they stop it, it is like you can put a price tag on it after it is leaked, but prior to it, things could seem hard. For instance, if I am a nefarious individual in a company, then in most cases, I would be sending information outside of the organization to somebody who is in the government or serves as a contractor of a nation or a state. They can then take such information and build whatever they want as far as the competition is concerned and be in the competitive marketplace with my product. Such instances happen all the time with government contractors. When I say government contractors, they are those who deal in military hardware development, and, for that matter, they may be involved in a business revolving around air conditioners. In the market concerning air conditioners, there might be someone who has perfected a new way of pulling moisture out of the air and making it into ice cream, which may seem ridiculous.

In the tool, the rules are really external. The good rules are external, and when I say that, it means it goes with the development of your security policies or your policies in general as they relate to security. When sitting down with the client, to be honest, what happens is that if they are installing something like this and they are developing rules and policies to go with it, it acts as an eye-opener for a lot of folks. With some companies, we classify data according to what we are able to pull. Suppose it is data that we have been given access to. In that case, we can determine and produce how it is in a snapshot over a two-week period and sit down with a client or somebody like a consultant firm to help in the area of BPM or something that can be like a spin-off of KPMG, and they do an excellent job of working with us. To prepare policies and rules, and those can be easily, you know, migrated or installed into any product, like Splunk and IBM Security QRadar.

IBM offers Watson for machine learning and artificial intelligence. I feel IBM has done a pretty good job with it.

We have partnered with various groups and companies that enhance their products, and we are continuing to do that. Since we utilize machine learning and AI from the start, we are well-versed in both areas. Additionally, we are working on something innovative with blockchain, as well as collaborating with another company focused on classification. There are companies on the periphery that specialize in the classification of various things, and they do tasks we don't handle on the front end. They provide us with information, and we share it, enabling us to interface more effectively with platforms like Splunk, QRadar, or others.

I rate the tool an eight out of ten.

We use the product to customize rules and detect malicious behavior. 

The tool's most valuable feature is real-time detection. 

The solution is not as flexible as Splunk. 

I have been working with the product since 2016. 

I haven't contacted technical support yet. 

I worked with Splunk before IBM Security QRadar.

The solution's pricing is based on the EPS model. 

I prefer Splunk since it gives a lot more freedom and flexibility. I rate the overall solution a six out of ten. 

I’m working with the on-prem version of IBM Security QRadar. We initially deployed it with the help of IBM’s professional services for a client, but now we handle deployments ourselves. The process is quite straightforward for us because we gained knowledge from our first implementation and used the available documentation. Deployment takes a couple of hours the first time, including configuration and integration with third-party devices. I usually work with a colleague, so two people handle the deployment. Our environment is well-suited for this, and we’re using it on a virtual appliance. The experience has been smooth and efficient.

We are promoting QRadar to various financial institutions, including banks and microfinances, as a superior option compared to other vendors like Fortinet. While some institutions are using other solutions, we are encouraging them to switch to QRadar for better security.

We monitor tweets and other activities on the IBM Security QRadar portal. Once, we noticed unusual traffic patterns, like tweets triggering alerts, and we blocked that traffic. We also detected some security issues on the APM through the portal, which was a great experience. As for integration, we’ve successfully integrated QRadar with other security products like Cisco, Fortinet, and Check Point. Initially, we worked with IBM’s professional services to guide us through the integration process, and after that, we were able to follow their steps to integrate third-party devices ourselves.

QRadar has a significant impact on operational costs for clients. For example, we’re recommending QRadar to several banks due to its effectiveness in handling high traffic and preventing scams. The banks we’ve worked with are very satisfied and are encouraging others to deploy QRadar as well.

I think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems.

In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption.

I have been using IBM Security Qradar for last one years.

As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money.

Overall, I would rate IBM QRadar as a ten.