IBM Security QRadar Reviews

The most valuable feature of this product is the nice UI. It is easy and quick to get the information you're looking for.

The benefits are that it's easy to navigate the UI and to get the information as quickly as possible. We're able to resolve problems quicker, so that we get to the solution in an easier manner.

It would probably be better to get more access to the APIs.

The product is very stable. I don't have any issues with stability at all.

Scalability is nice, as well. We have a distributed environment and it's real easy to both manage and upgrade. Anything we need to do, we can do it from the console.

On a scale of 1-10, probably seven; I would rate the technical support team a 7/10.

We were previously using a different solution that just wasn't getting the job done. It was taking too long to get where we needed to get to.

The setup was very straightforward. The special services team gave us insight and helped out to resolve any issues.

QRadar was at the top our list. We also looked at other solutions such as HPE ArcSight and Splunk. The reason we went with QRadar is because we could bring it on-prem, which made it nice, and we also use other IBM products as well.

In general, when selecting a vendor, support is probably going to be the number one criteria. Then, the second criteria is the availability of the product; the product is not very good if it's not available, it's broken, etc.

Make sure you try them all and then, pick the one that you think would work the best. It's nice to value other people's opinions, but it's better to test all the products and choose what you think would be best, for whatever your need is.

It's very easy and initiative. It's just a good overall solution, compared to the other ones I've used.

• The ability to correlate data across our global enterprise in near real time
• The ability to integrate a lot of third-party solutions
• The machine learning pieces with Watson, indicators of compromise, and utilizing that across the value stream

I look at the solution as the best-of-the-breed product. The fact that it can work with what everybody else is doing in the cyber landscape is really what gives it the edge.

The solution has improved the efficiency of our security team. These improvements prevent the need for more proactive security activities.

The improvements did not reduce our staff. It's funny, because IBM keeps on having this conversation about staff headcount. It probably sounds good to senior leadership, like to a CIO. The reality is that nobody's looking to decrease the number of staff who they are hiring.

We're looking at refocusing those resources and energy on being able to do additional, higher-value activities. It's more of the case that I don't need as many junior resources. I can focus on some of the things that are a little bit more important.

Our equipment collects billions of pieces of data. We're 100,000-plus EPS per second. The daily list of required investigations for the offenses is manageable.

We've had incidents in our environment. How long it takes QRadar to detect them is always a function of the rules being correlated, the people watching them, and pieces of that nature. I'd say it's in real time. The question is, when it comes to tuning, we want to know if it was tuned appropriately, so it's not lost in the pile of needles.

Room for improvement is more in relation to a lot of the features, the automation of incidents themselves, and being able to automate workflow responses.

Overall, I love the product. IBM usually puts good resources and talent behind things. What they fail to do is to bring all the security together and make sure everything inter-operates and creates one pane of glass.

Actually, I don’t want to say "one pane of glass" because we have seen other vendors do that. They fail miserably because they do not understand where people are coming from.

In terms of some of the right-click functionality that is within QRadar, it should work automatically for all the other IBM products. It shouldn't be something that customers develop. There are pieces in which they have to step back and get some of the foundational pieces.

There are pieces that I feel that IBM should do better. They own Guardium, they own AppScan, and they own some of these other pieces of the security infrastructure that need to relate to QRadar or to Watson. It's the foundational pieces that I feel they need some focus on.

Let's do some of the basics really well. I'm looking at it from owning 50 or 60 different security products across a global organization.

They keep on adding products based on a simple feature set that they can do real well, but they can't integrate them into the rest of the security economy. It doesn't make sense to keep on buying products like that. Whether it's IBM or others, there are companies in the endpoint space that are taking over because they're saying, "Hey, we're going to do everything across your gamut of security needs."

IBM needs to look at that and how they are going to integrate across all of the security products and have them work together.

We have been using this solution for four years.

The stability is good.

The scalability is great.

We don't really use technical support. We're part of some of the engineering and development behind it and we work with a lot of the backend engineers.

Once in a while, we may put something in PMR but most of the time, we are working with the engineers themselves to figure out a solution. They are not really tech support issues.

We have used other solutions, but that was years ago. We've had QRadar for four years. Before that, it was the Symantec solution. The landscape for SIEM has changed progressively over the years.

You're not even talking about the same set of requirements around those things. We just needed to upgrade. We needed the speed, the flexibility, and we needed the correlation building block pieces of it.

I was involved in the initial setup. We are an advanced user of QRadar. While the initial setup was not hard for us, it is a lot more complex where we are right now. It works with integrating some of other IBM products into QRadar, and there's work that needs to be done there to make it seamless.

We were able to be operational in a matter of weeks or months, which is not a long time.

When picking a vendor, the most important thing is partnership.

I honestly have nothing but good things to say about the IBM relationship that we have related to QRadar.

Partnership is going be important. Having the right skillset from an engineering standpoint is important to ensure that you don't set up things backwards. You have a high probability of doing it. This is one of those pieces where IBM doesn't “dummify” the solution for you.

On one side for my senior engineers, they don't want it “dummified” because they need to do it. On the other side of it, there are some aspects that don’t need to be this complex.

For the SMB market, those are some of the areas where I counsel people and say they need to get these types of solutions and do these types of processes. Selling something like QRadar to them becomes a little bit more of a burden because of that complexity. It's like a compliance check mark.

It's easy for us to see what's happening in the environment. It's very good to see the logs and the analytic stuff.

We can see the vulnerabilities much easier with the product. You see a popup on the screen. We do not have to look for it. It is pushed to us.

It is very expensive; very expensive.

The solution is very stable.

I think it is scalable.

We have used technical support. They are very good and very nice.

We didn't evaluate any alternatives. We have yearly talks with the IBM consulting team. We look at the trends.

When choosing a vendor, we look for a stable and trustworthy company. I think QRadar is the best solution you can get.

We are using it for monitoring different systems, and we are monitoring the logs with QRadar. This is one of the good tools which we have identified, and we are using it for monitoring the application.

Any issues regarding monitoring, if we feel that there is anything going on in the application, QRadar collects the logs, we monitor those logs, and we get alerts for those logs.

Reporting should be very good, and a proper integration with cloud, not only the IBM cloud, but with other clouds also.

The stability is good. I never got a complaint, but sometimes we have difficulty in configuring new applications. Since it is going into the cloud, we have a big challenge how we are going to monitor those applications which are sitting in Bluemix.

The scalability is good. We have been using and increasing the applications most of the time.

I think my team has used technical support. They are responsive, I can say it is 8-9/10.

We were using a different solution, and we moved to QRadar. It has some more benefits than our previous solution. We have totally transferred to QRadar now.

I was not involved in the initial setup.

We have evaluated only the large vendors. As we have a long-standing relationship with IBM, that's why we moved to QRadar. I don't know which other vendors were on the shortlist for evaluation.

If you have the budget, go for QRadar. It depends on the company size. It's expensive.

Most of the time, a well-defined rule helps us to detect and investigate different threat scenarios, especially with the QRadar Vulnerability Manager (QVM) and the asset model. It also gives us a historical correlation of who has been using the box, over that time period.

The pre-canned rules and reports in this product are a huge plus. Along with this, they have new apps to integrate different tools into QRadar’s dashboard. These features are most important, since it provides a single pane for viewing and researching the offenses, thus, saving a lot of time and resolving the complexity of the issues.

This product has room for improvement in a lot of areas including the default emailing template that it uses to alert on offenses.

It also needs a lot of work in terms of the flows and the log source parsing. A lot of the times, it is very difficult to add a new/uncommon log source to this tool, as we need to map a lot of fields, rather than simply extracting these from the payload.

QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.

IBM QRadar is a wonderful product, until they release some patches and that breaks something else. There are many advancements that need to be done in terms of DSMs, when it comes to parsing.

We did encounter stability issues as IBM’s patches are not stable at all. Every time they release a new patch, it breaks certain components immediately and the worst part is, it breaks certain components over a period of 90 days.

Apart from the pricing issues, scaling of the product with the infrastructure is pretty easy and convenient.

Most of the technical support is provided by their L2 support level technicians and I would give them a 7/10 rating.

We have only been using this solution. We have not used any other solutions.

Setting up the equipment and installing it across the network is pretty easy. It is similar to installing a Linux server.

Most of the time, it is easier and cheaper to buy a new product or the QRadar box. For example, with the QRadar Event Collector 1605, as and when you need to expand your EPS and the number of log sources; it’s much cheaper and the boxes usually ship with the default 1000 EPS and 750 log source limit. They have another advantage, i.e., the storage.

We chose this product based on the Gartner Magic Quadrant review. I had gone through a few PoCs and chose this tool, as it is full-proof.

Evaluate your network first. Determine the target audience that you will be monitoring and working on this tool.

It is important to note whether your organization is looking for a compliance-based check mark practice (defensive security), or active threat monitoring and out-of-the-box security posture.

SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.

You have the visibility of different events, thus we can resolve the issue.

They should provide more integration with more devices.

I have been using this solution for three years.

I would give the technical support a 8/10 rating. They are excellent.

The setup was straightforward.

The pricing policy is good.

We looked at another solution, NitroSecurity Inc.

If you have a good budget, then go for IBM QRadar.

Its technology is quite new and it has a predefined set of templates that can be readily used for our business, so we don't have to innovate much. These are some unique features about this tool.

Security: We do have cloud services. It's very difficult to control cloud vendors, when it is for security. But this tool conducts an independent audit and makes sure that security, identity and governance are in check every time.

This tool is more suited for the technical industries or it's more specific for technical security. However, now since new laws are coming out such as the GDP in Europe and the biometric laws, in order to secure patient data, IBM may have to innovate more and incorporate certain legislation / regulations into their tool. It should be readily available to the pharma companies, so that they don't need to struggle to make more templates and thus don't have to tailor it to our needs. It should be a custom off-the-shelf solution, i.e., COTS. So, they're looking for more innovations in that area.

We're just the earlier adoptors of this tool for now. We are in the pharma industry, so we have started doing pilots across different functions in the organization. It will take us around one or two years to come to a conclusion in regards to the stability of this solution.

It is a little bit too premature for me to comment on scalability but it is quite good, because they have already identified 10-11 projects that we we'll be using with this tool. So, we don't think scalability is going to be an issue.

We do use technical support. We are IBM customers and IBM controls our infrastructure for the company. We do use their technical and business analysts. They were very helpful and knowledgeable. They are prepared for the pharma industry. That is very important for us.

We were not previously using a different solution. IBM approached us with best practices and they conducted a survey. They control our infrastructure and security; they advised us in regards to the product. After a series of discussions, our management decided to go ahead with certain pilots, so as to see the efficiency and then finally decided on this solution.

We are a grounded manufacturing and pharma organization, thus we are looking for vendors with proven skill sets in that arena. We are bound by more regulations than any other industry, so we look for certain certifications that the vendor should have. They should be compliant with the USFDA guidelines, before we select a vendor. After we start evaluating vendors, it does depend on the versatility and the scalability of the solutions.

Currently, there are a couple of vendors in the shortlist. After we complete our pilot, we will be choosing one single vendor. We are a SAP shop for ERP, so we did have some discussions about the interoperability within IBM and SAP. I think both of them are good partners in that area. At this point, we are not looking for any other vendors.

The solution seems to be very promising on paper, i.e., in theory, some things look good but practically, after we apply the solution in the next one or two years, we'll come to know more.

You should first conduct an assessment from IBM and the system should follow the selection of the tool. You should not just go by what you want, but instead by what you need. Most of the companies don't know what they need in terms of the security.

It gives us more visibility in terms of the threat surface and to proactively look at mitigation measurements, in terms of managing our risks. As our side business is increasing, it gives us a better way to handle of things.

We are using this SIEM solution, which is pretty good in terms of detecting threats and managing the intelligence for us.

In the next release, I obviously would want to see more integration to the cloud-based services such as Microsoft Azure and the other line of business applications, so that we have a comprehensive view on a hybrid cloud stack.

The stability of this product is pretty good. It's helping us a lot and they keep on adding new features. Thus, as a platform, it's quite stable.

Scalability is good because it is a cloud-based offering and a managed services offering solution. The scalability is left for IBM to manage, so it's not a headache for us to manage.

We have used the technical support on and off. Since it's on a 24/7 SLA, it gets managed well. It is pretty good. On a scale of 1-10, I would give it an eight.

The setup was a bit complex. But as a project team, we pulled it through. It was complex because you need to understand the product and they need to understand our business requirements, as all of this is in the setup. So, it's not a straightforward payoff by just putting us off way there.

The SIEM solutions list we looked from included IBM, Cisco and Check Point.

The most important criteria while selecting a vendor are that it is a future-proof and tabulating solution. Also, the other factors involved are being a global leader and getting us up there as well.

The primary reason as to why we chose IBM is because we had a significant local presence. Also, QRadar's portfolio and its features on the Gartner's website were pretty much at the top end, i.e., as a leader in the leadership aspect.

This is quite an established solution so, I will have no hesitations in recommending it.