IBM Security QRadar Reviews

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. 

What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall.  However, that's the lesser use case.

Inside IBM QRadar there are a lot of engines that actually work to help us to do the correlation and normalization as well for the logs that we're receiving from multiple devices. IBM is very powerful in that regard. 

QRadar, as a solution, can integrate with a lot of other applications. You can write your own custom rules if you want to. We can ask it to detect whatever we want it to, even with the devices that are not supported to send logs. IBM QRadar can understand these types of commands and we can still integrate and write our own rules to help us to detect those logs that are coming from, for example, IoT devices or from other devices that usually we don't understand.

It can handle really a huge number of logs with fewer false positives. We can use the artificial intelligence and the rules that IBM is providing to make it really smart. The solution can help you predict even the false positives when we are alerting the admin or the security admin about some offenses that we have seen from the logs.

Their product is very user-friendly.

Customer service is very good and very helpful.

The initial setup is quite straightforward.

The solution can scale.

The solution is very stable.

As per Gartner, maybe the price makes it so that the customers are not going for IBM QRadar. It's a little bit pricey compared to other solutions in the market. More or less that's the area that needs to be improved. That's usually the main concern that we receive from the customers - that it's a little bit pricey. That's the only thing I can say.

The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix. You need some advanced customers in order to use the custom rules or to use their rules in order to configure the IBM QRadar in a proper way. Usually, they find it very difficult, especially if they don't have the experience.

Sometimes it works and catches whatever we want, however, sometimes it doesn't work. That's in rare cases, however, that's one thing that they need to maybe enhance.

I've been working with the solution for three years or so.

For stability, I'm not a customer who's using it on daily basis, however, from feedback that I'm getting from the customers who are attending to the solution, I've heard that this solution is stable. That's why it's in the leader area in Gartner. If you compare it to others in Gartner, it shows how their product is actually efficient. Whether I get QRadar, whether it's Splunk, whether it's LogRhythm, all of those products as a SIM are very good at that point. They're all quite reliable.

The scalability is very good. The product is scalable. A company shouldn't have trouble expanding it if they need to.

We typically work with banks and bigger organizations.

Technical support has been very good. They are helpful and responsive.

I've also learned a lot from the documentation, especially the online documentation. Due to the fact that I'm an official instructor for IBM, I have my other resources too, on the Learning Center from IBM. Documentation is not a problem. It's very helpful.

The initial setup is very straightforward. It's not overly complex. It's quite easy.

The deployment takes time, definitely. You've got to prepare for your solution so that it's going to work in spanning all the other devices too. That doesn't mean it's a complex process, it just means it takes a bit.

IBM QRadar is pricey, and therefore, usually small enterprises are not able to afford it. Usually, probably most of the customers are usually large enterprises.

I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well.

While 7.4 is out, we're currently working with version 7.3.

Overall, I would rate the product at an eight out of ten. There's more to be done on it, however, we are mostly pleased with its capabilities.

This a Security Information and Event Management (SIEM) solution and we use it for many purposes.

One of the most valuable features of this solution is it has very good data correlation.

In a future release, the solution could provide malware analysis.

I have been using this solution for approximately three years.

The solution is stable.

The scalability is good and we have approximately 200 users using this solution.

The technical support has been very good in my experience.

The initial setup was straightforward.

There is a license required for this solution. There are some limitations depending on what license you purchase.

I would recommend this solution.

I rate IBM QRadar an eight out of ten.

The price is very good. It's quite reasonable.

The solution's performance is excellent. The stability is excellent.

We've found the technical support to be very good.

The pricing is very good.

The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.

I've been using the solution for approximately two years or so.

The stability of the product has been great. It's from 80% to 90% is stable. There are very few bugs or glitches. It doesn't crash or freeze. If you do run into issues, technical support is quite helpful. 

The product works well for small or medium-sized enterprises.

The technical support has been great so far. If you run into any kind of issue, their support is available. They are very helpful and extremely responsive. We're quite satisfied with their level of service. I'd give them a rating of 90% to 95%.

The pricing of the solution is quite reasonable.

We're a customer and an end-user. We don't have a direct business relationship with IBM.

Overall, I would rate the solution at a nine out of ten. We've been extremely satisfied with the product so far.

I'd recommend the solution, however, depends upon a company's budget and requirements. For small and medium enterprises, QRadar is the best solution, due to its price and performance.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

The product provides a very defined solution. It provides a complete platform for ingesting the log, doing the correlations and handling the runtime.

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

I have been using IBM QRadar for approximately four years.

IBM QRadar is a very stable product.

The product is very scalable and this can be done to a number of endpoints and towers. However, this is not very feasible, as it depends on the available in-house infrastructure. 

Technical support is very helpful. They are very knowledgeable. While the geographic location can sometimes pose a challenge, my overall experience with the technical support team has been very positive.

The complexity of the initial setup is intermediate. It is neither straightforward nor complex but somewhere in the middle. A person with experience working in a security operation center and who is experienced with correlation rules and use cases can directly configure into the solution. 

Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship.

I rate IBM QRadar as an eight out of ten. 

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

I have been working with IBM QRadar for the last four years.

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

As compared to LogRhythm, IBM QRadar's pricing is moderate.

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

I have been using this solution for approximately four years.

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

I am evaluating Splunk.

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

The SOAR features are very good.

The product is able to handle special requests.

It can effectively search local files.

We are able to deploy in two or more different locations.

The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems. 

The initial setup is pretty straightforward.  

The solution is stable.

The product can scale.

Technical support is good overall.

Qradar has a lot of integration capabilities with different security products.

If we talk about functionality in general for SIEM systems, it's good.

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.

It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.

It would be ideal if the solution offered new connectors to other systems.

The reporting system could use some upgrading.

We've been using the solution for at least the last 12 months or so.

The stability is good. there are no bugs or glitches. It doesn't crash or freeze.

The scalability of the product is very good. Sometimes we get requests for specific functionality and usually, we can accommodate that.

Generally, we are happy with technical support. They are helpful and responsive.

The initial setup is very simple for our customers due to the fact that the first step is a demo for a customer. We need about 5 to 15 working days to make this demo. We talk about making a core system. It's not difficult to make over the Qradar SIEM. After that, if the customer needs some special function for, for example, different parts of the organization, we can propose some separate parts of SIEM. That's about two or eight weeks away. 

In general, for a SIEM project, you are looking at a deployment time of about two til eight months. 

As integrators, we can help advise clients and assist in the deployment process.

IBM Qradar has an interesting scheme for payments. They have annual payments for customers who use subscriptions for some services. I can't see any problem with the current financial scheme for this product generally. It's okay.

We are implementors. Our customers are the ones that use IBM Qradar.

We are an IBM partner.

We strongly recommend to our customers use the latest version of Qradar. It's important for security. We tend to use the latest in general.

Our customer is a government organization, including some ministries. Therefore, they use on-premise deployments only. However, they have some plans for hybrid clouds or private clouds in the next three or four years. That said, it's very hard to say exactly as the work at the ministry is about security. On-premise is deemed to be more secure.

I'd rate the solution at a nine out of ten.