IT Central Station is now PeerSpot: Here's why

What is your primary use case for IBM QRadar?

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

PeerSpot user
7272 Answers

Elshaday Gelaye - PeerSpot reviewer
Top 10Real User

We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time. QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live. We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.

reviewer1305144 - PeerSpot reviewer

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

reviewer1789347 - PeerSpot reviewer
Real User

I'm an administrator. I have been leading the security operation center for the past four years. I have more than 12 members or SOC analysts for our 24/7 operations. I have been pitching the solutions to multiple customers, and I have also designed, implemented, and administered customer projects and completed them at the specified timeline. We have many use cases. The most common use cases are related to insights into any threats from the inside and outside. I have also configured X-Force with QRadar, and we are getting all the feeds showing malware-based IPs, etc. I also have designed some anomaly-based rules in case anyone has logged in from outside Pakistan. Most of the rules are custom-based.

reviewer1022949 - PeerSpot reviewer
Top 5Real User

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well. These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

reviewer1026825 - PeerSpot reviewer
Real User

We primarily use QRadar for monitoring and preparing use cases. This solution is deployed on-prem.

Kamal Abdelrahman - PeerSpot reviewer
Top 5LeaderboardReal User

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats. We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

Joao Manso - PeerSpot reviewer
Top 5Reseller

We use this solution both in our company and those of our clients. We are resellers of QRadar.

Johan Wibisono - PeerSpot reviewer
Top 20Real User

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

reviewer1598412 - PeerSpot reviewer
Top 5LeaderboardReal User

We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.

Simon Thornton - PeerSpot reviewer
Top 10Real User

We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.

Olakanmi Oluwole - PeerSpot reviewer
Top 5Real User

We use IBM QRadar for threat protection.

reviewer1348482 - PeerSpot reviewer
Top 20Real User

We have a POC environment but have not onboard it to any of our clients.

VijayKumar4 - PeerSpot reviewer
Top 5LeaderboardMSP

We are using the current version.

reviewer1609413 - PeerSpot reviewer
Top 20Real User

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall. However, that's the lesser use case.

reviewer1593615 - PeerSpot reviewer
Real User

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

reviewer1285209 - PeerSpot reviewer
Top 5LeaderboardReal User

We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.

reviewer1520922 - PeerSpot reviewer
Top 5LeaderboardMSP

We are a service provider and we are providing the solution as a managed service for multitenancy security.

reviewer1524594 - PeerSpot reviewer
Top 5LeaderboardReal User

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

reviewer1216545 - PeerSpot reviewer
Top 20Real User

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries.

reviewer1501230 - PeerSpot reviewer
Top 20Real User

We are using QRadar as a managed service.

SuhailWagle - PeerSpot reviewer
Top 10Reseller

We primarily use the solution for log collection and security incidents as well as event management.

Md Saiful Hyder - PeerSpot reviewer
Top 5LeaderboardMSP

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

AndyChan3 - PeerSpot reviewer
Top 5LeaderboardReal User

We used this product as a SIEM, for information security.

reviewer1488321 - PeerSpot reviewer
Top 20Real User

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

Andris Soroka - PeerSpot reviewer
Top 20Real User

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

reviewer1477878 - PeerSpot reviewer
Top 20Real User

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

Abbasi Poonawala - PeerSpot reviewer
Top 5LeaderboardReal User

It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases.

Francis Chapet - PeerSpot reviewer
Top 20Real User

We primarily use the solution to develop software, for some device controllers.

reviewer1349439 - PeerSpot reviewer
Real User

We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.

Kashif-Jamil - PeerSpot reviewer
Top 20Real User

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system. We are also selling this product.

reviewer1168407 - PeerSpot reviewer
Real User

The primary use case of this solution is for monitoring the network.

Amit Bhatnagar - PeerSpot reviewer
Top 10Real User

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

reviewer1318914 - PeerSpot reviewer
Real User

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.

reviewer1382016 - PeerSpot reviewer
Real User

We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).

Artur Marzano - PeerSpot reviewer
Top 5Real User

We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.

reviewer1385793 - PeerSpot reviewer
Top 20Reseller

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

Daniel Sichel - PeerSpot reviewer
Top 20Real User

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

Vik Solem - PeerSpot reviewer
Real User

We use this solution for log correlation and alerting.

chieftec1015569 - PeerSpot reviewer
Real User

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

QRadar677 - PeerSpot reviewer
Real User

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

Larbi Belmiloud - PeerSpot reviewer
Real User

The primary use of the solution in our deployment was for threat detection.

MohamedAfeilal - PeerSpot reviewer
Top 20Real User

We are a partner and provide this solution to our customers.

Marketdir9846 - PeerSpot reviewer
Real User

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

Cyberspec67 - PeerSpot reviewer
Real User

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

BALA - PeerSpot reviewer
Real User

Our primary use case for this solution is compliance.

Onyegbule Uche - PeerSpot reviewer

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

it_user956985 - PeerSpot reviewer
Real User

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

Dameer Siddiqui - PeerSpot reviewer
Top 20Real User

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

Vulnera08667 - PeerSpot reviewer

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

it_user797751 - PeerSpot reviewer

We use it to detect security incidents.

Dr Trust Tshepo Mapoka - PeerSpot reviewer
Top 5Real User

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

Nimesh Bhatia - PeerSpot reviewer
Real User

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.

DAX Paulino - PeerSpot reviewer
Real User

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

it_user984276 - PeerSpot reviewer
Real User

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

Yong Chen - PeerSpot reviewer

I use it to analyze incidents.

D.M.Hashim-Ul- Alom - PeerSpot reviewer

Our primary use case of this solution is to identify threats.

reviewer841053 - PeerSpot reviewer
Real User

Our primary use case of this solution is for our customer's operations.

senior0997 - PeerSpot reviewer

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.

reviewer916710 - PeerSpot reviewer
Real User

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud.

reviewer774660 - PeerSpot reviewer
Top 20Real User

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.

it_user927267 - PeerSpot reviewer
Real User

My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.

Omar Sánchez (Mr.Tech) - PeerSpot reviewer

My primary use case for this solution is to monitor security events in our cloud environment.

Nizar Hedhili - PeerSpot reviewer

* CRM and billing system * 100 multiple technology servers: Windows AD, Linux, HP-UX, etc. * 40 firewall multiple routers * Cisco Nexus switches

it_user923115 - PeerSpot reviewer

It is under a non-disclosure agreement (NDA).

Srijan-Sivakumar - PeerSpot reviewer

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. This solution is performing well.

it_user398799 - PeerSpot reviewer
Real User

In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.

Luis Yndigoyen - PeerSpot reviewer
Real User

* Origination process in banks. * Insurance claims on insurance companies.

Daniel Christian - PeerSpot reviewer
Real User

I used the IBM QRadar product from 2015 until 2017.

FarhanAli - PeerSpot reviewer
Real User

SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar. It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. I am a security analyst working with QRadar.

Mathieu Dorckel - PeerSpot reviewer

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar. I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

MazenHindawi - PeerSpot reviewer
Real User

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy. You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on.

Shaikh Jamal Uddin - PeerSpot reviewer
Top 20Consultant

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Buyer's Guide
IBM QRadar
May 2022
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
597,415 professionals have used our research since 2012.