IBM Security QRadar Reviews

Our primary use case was for compliance audits. We mainly used it for compliance purposes.

IBM Security QRadar had good rulesets, and the scenarios we could write regarding the compliance-related issues were quite helpful. We mostly used it for prevention.

The commercials can be looked into. The costing part could be improved.

I have been using the solution for around three years.

There were no issues at all. It was straightforward.

I was satisfied with IBM support.

Neutral

We switched mostly for commercial reasons.

The initial setup was straightforward. It took a couple of weeks because we had to set up the rules and other configurations.

The costing part, or commercials, was a concern.

I would rate IBM Security QRadar nine out of ten. The main reason for moving from this tool was the pricing.

Other

I think that the main weakness is the tool's architecture. The tool still provides a secured analytic application, although we have heard for many years that the solution is going to move to a container kind of architecture, which ArcSight, for example, made years ago. IBM Security QRadar's analysis part is sometimes a bit buggy. The interfaces sometimes could give users an inconsistent experience because different developers wrote several different GUIs at different times. Sometimes, the user experience is not so consistent. There were outdated areas of IBM Security QRadar, but you can still find some rudimentary parts that could sometimes be a weakness.

What my company misses at the moment revolves around the fact that the tool had a great feature around risk management, which the tool deprecated several years ago, and I think that it could be helpful in the present. The tool's user and entity behavior analytics application could be improved significantly because our recent experience shows that it is still kind of useless, but the customers and we also need it. More artificial intelligence and machine learning will be helpful in the tool.

I have been using IBM Security QRadar since 2012. My company is a customer, a partner, and a reseller of IBM.

The solution's technical support works, but sometimes, it can take quite a long time to get a solution from technical support. Generally, we are satisfied because we just understand how it works and that you shouldn't expect much from the technical support. It is not so bad, but sometimes it could be longer than you can expect. I rate the technical support a six to seven out of ten.

Neutral

My company has not worked with any other products before IBM Security QRadar. In our organization, we used different SIEM solutions, specifically ArcSight, FortiSIEM, and Rapid7. We repeatedly returned to IBM Security QRadar and didn't continue with any of its competitors.

I think the pricing is quite flexible. As a reseller, we had chances to win bids with IBM Security QRadar against Splunk, ArcSight, and even McAfee with better pricing around six or seven years ago. We won the deals with better pricing. Pricing could be flexible. It could depend on the number of assets used by the enterprise or on the number of events per second, allowing customers to choose what fits him or her the best.

My company is looking for different products in the market since we are upset with the recent news about the deal between IBM and Palo Alto. I think the deal doesn't touch the on-premises IBM Security QRadar, and both companies have only agreed to give Palo Alto the authorization for the cloud version, making it a reason why we continue to use the on-premises version.

I am generally satisfied with the product.

Considering that there is still room for improvement and that the vendor could improve it to be made faster than it is at the moment, it is still a good product.

I rate the tool an eight out of ten.

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

The solution’s scalability is excellent. 

25 users are using this solution. 

I rate the solution’s scalability a nine out of ten.

IBM provides good support.We have paid licenses, which come with special performance enhancements.

Positive

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.

On-premises

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.

The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability.

IBM Security QRadar’s GUI could be improved.

I have been using IBM Security QRadar for 12 years.

I rate IBM Security QRadar ten out of ten for stability.

Around five to ten users are using the solution in our organization.

I rate IBM Security QRadar ten out of ten for scalability.

The solution's initial setup is pretty difficult. I rate IBM Security QRadar a four or five out of ten for the ease of its initial setup.

Based on the size and the number of use cases, the solution's deployment can take three or four days to a few months.

IBM Security QRadar is about 50% less expensive than Splunk. SIEM solutions charge by the amount of data, whether EPS or gigabytes. They directly incentivize you not to put things in it, which doesn't make sense since the goal is to put everything in it. They'd make it where you can't afford to do it.

On a scale from one to ten, where one is cheap and ten is expensive, I rate IBM Security QRadar's pricing a five out of ten.

Overall, I rate IBM Security QRadar a nine out of ten.

Hybrid Cloud

The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.

We had enabled federated search. It allows us to search data both on-premises and on the cloud. We can check the functional insights. We use keywords for threat investigation. We use the product mostly for AWS delivery models.

Most people handling QRadar in organizations are IT engineers. They do not have experience with the tool. They read from manual documentation. If there is an emergency to search for details about malware, we need a response team’s help. Sophos has a team called Managed Threat Response. The team conducts investigations in our network. This feature is not available in IBM Security QRadar. They only provide technical support. The product does not have a team for investigating malware.

I have been using the solution for one year.

The tool is stable. SIEM is important for every company. It is needed if any attack occurs.

We deployed the solution for an enterprise business. I rate the scalability of the tool an eight out of ten.

I rate the ease of setup an eight out of ten.

The deployment takes almost half a day. If the environment is good, we can deploy the solution in 25 to 30 minutes. It will be helpful to have people who have knowledge of malware analysis and know specific languages that are relevant to the domain to deploy the tool.

In India, the solution is expensive. Only enterprise businesses can afford the tool. We need more than 3000 people in the organization to use it. We might have to pay for technical support separately.

We use Sophos now. Sophos provides us with a team called MTR. The team analyzes the vulnerabilities in our network. We need to pay separately for it. However, compared to us, they have better product knowledge. This kind of support is not available in QRadar. It will be great if IBM adds these features.

I am using the current version of the solution. We do not have a team to analyze malware. Overall, I rate the product a nine out of ten.

On-premises

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

I have been working with IBM Security QRadar for over two years.

We have not had any stability issues with QRadar.

IBM QRadar is scalable to meet the growing needs of our business. As our network expands with additional devices and log sources, QRadar can easily accommodate them. We can also create specific use cases tailored to the nature of each log source.

Our experience with the initial setup of QRadar was smooth because we opted for a managed security solution through our service providers. The installation itself took about one to two hours but integrating various sources, creating use cases, fine-tuning, and enabling logs could take up to two to three months. However, in our enterprise network deployment, we managed to accomplish it within six months.

Implementing IBM QRadar is similar to investing in insurance for our organization's security. While the return on investment may not be immediately tangible, it is crucial for mitigating potential disasters and ensuring our organization's resilience against security threats in the long run.

Overall, I'm satisfied with the value IBM QRadar provides for its price. However, there is room for improvement in terms of including more features with the base license instead of requiring additional licensing fees for each feature or application.

We chose to work with IBM QRadar mainly because it was widely deployed in our country, Pakistan, with no significant presence of alternatives like Splunk or LogRhythm.

IBM Security QRadar has enhanced our threat detection and management processes by providing comprehensive visibility into network traffic and events. With QRadar, we have end-to-end visibility across our network, enabling us to monitor traffic from origin to destination and analyze all relevant logs and events.

IBM Security QRadar stands out with features like advanced analytics and customizable dashboards, making it effective for our security needs. While it shares common features with other SIEM solutions, these unique capabilities have been instrumental in improving our security.

Integration capabilities play a crucial role in enhancing the overall security posture of IBM QRadar. By integrating with various tools like Active Directory, privilege access management, firewalls, and email security appliances, QRadar aggregates logs from different sources. It then utilizes machine learning, artificial intelligence, and custom rules to analyze this data, helping our security operations center make informed decisions and respond effectively to potential threats.

Overall, I would rate IBM QRadar as a seven out of ten. It is a great tool but operating IBM QRadar requires a higher level of technical expertise.

We use the product to customize rules and detect malicious behavior. 

The tool's most valuable feature is real-time detection. 

The solution is not as flexible as Splunk. 

I have been working with the product since 2016. 

I haven't contacted technical support yet. 

I worked with Splunk before IBM Security QRadar.

The solution's pricing is based on the EPS model. 

I prefer Splunk since it gives a lot more freedom and flexibility. I rate the overall solution a six out of ten. 

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected. 

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints. 

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

I have been working with the product for five years. 

I rate the tool's scalability an eight to nine out of ten. 

Troubleshooting delays have been a recurring challenge. Occasionally, responses take two to three days, leading to escalations. While their website’s knowledge base is commendable, troubleshooting scenarios demand more time. My observation is that they may be understaffed.

Neutral

My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.

Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.

The number of log sources significantly impacts deployment complexity. The process becomes more complicated for environments with 50 log sources compared to those with fewer sources (e.g., 20 or 10).

Each log source requires a connection to IBM, a task that can take several days or hours, depending on its complexity.

On average, the entire deployment process spans six to eight weeks.

The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it. 

I rate the overall product an eight out of ten. 

Hybrid Cloud