IBM Security QRadar Reviews

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. 

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. 

Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

I have been using this solution for five years.

It is absolutely stable. It depends upon how the implementation has been done. We definitely have the skills to do this kind of implementation. We ensure that a customer's environment is absolutely protected.

It is very scalable, but it also depends upon how the implementation was done. We are providing services to one of the major brands in India. They have somewhere around 30,000 devices. We are currently managing more than 1 lakh QRadar users.

QRadar has a good technical team. They provide timely support whenever a ticket is raised.

Deployment of such solutions always takes time because these solutions are not simple. You should have the expertise and you should understand what is really needed for the business. We understand the real business need, and accordingly, we implement the policies.

We have been managing some of the security tools for the past 11 years. We have expert engineers who can help our customers with installation, configuration, planning, designing, and other things.

If you have an environment of 5,000 or 10,000 devices, three to five people should be enough to manage it.

Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for.

I would rate IBM QRadar a nine out of ten.

The most valuable feature of this product is the nice UI. It is easy and quick to get the information you're looking for.

The benefits are that it's easy to navigate the UI and to get the information as quickly as possible. We're able to resolve problems quicker, so that we get to the solution in an easier manner.

It would probably be better to get more access to the APIs.

The product is very stable. I don't have any issues with stability at all.

Scalability is nice, as well. We have a distributed environment and it's real easy to both manage and upgrade. Anything we need to do, we can do it from the console.

On a scale of 1-10, probably seven; I would rate the technical support team a 7/10.

We were previously using a different solution that just wasn't getting the job done. It was taking too long to get where we needed to get to.

The setup was very straightforward. The special services team gave us insight and helped out to resolve any issues.

QRadar was at the top our list. We also looked at other solutions such as HPE ArcSight and Splunk. The reason we went with QRadar is because we could bring it on-prem, which made it nice, and we also use other IBM products as well.

In general, when selecting a vendor, support is probably going to be the number one criteria. Then, the second criteria is the availability of the product; the product is not very good if it's not available, it's broken, etc.

Make sure you try them all and then, pick the one that you think would work the best. It's nice to value other people's opinions, but it's better to test all the products and choose what you think would be best, for whatever your need is.

It's very easy and initiative. It's just a good overall solution, compared to the other ones I've used.

We are implementors and implement this solution for our clients, who use it for analytics. 

It offers good machine learning. The analysis is very helpful. 

The user activity is effectively flagged. It can pinpoint strange activity. 

It is stable and reliable.

The product can scale.

Technical support is good. 

The product can be a bit complex. A lot of things, like visualization, could be better. It would help the customer gain a better understanding. 

I've used the solution for five to six years. I've used it for a while now at this point. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

The solution is scalable. It can handle thousands of users or maybe even more. I'd rate the scalability nine out of ten. 

We mostly deal with small or medium enterprises. 

Most of the time, technical support is helpful. I am satisfied with the level of service we receive. 

Positive

It is easy to implement. I'd rate the ease of implementation seven out of ten. 

The deployment only takes no more than a few hours. There are configurations and fine-tuning that have to happen after that, and everything could take about a week. 

As implementors, we can implement the solution for our clients. 

The pricing is reasonable. It's not expensive compared to other solutions. If you get the console and other licenses, you can easily use it with other QRadar solutions. 

New clients should know that it does give good analytics and it will help them save time.

I'd rate the solution seven out of ten. It's a good product.

QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.

QRadar is helping us to identify ongoing, day-to-day threats. We use it to analyze the risk in our environment, including user behaviors. We can easily monitor many things using this tool.

All of the features offered by this product are useful for analysis. Essentially, everything that it offers is critical and we use it.

Several things need to be improved.

We have been struggling with the QRadar support team for quite a long time. There are things that they can reproduce in their lab environment and can fix, yet we struggled with them trying to get this done. These issues included things like custom logs. There are many things that they need to improve upon.

This product should support multiple log sources.

They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules.

The risk manager module needs to be improved.

It's not a very user-friendly interface.

I have been working with IBM QRadar for seven years.

IBM QRadar is quite stable.

We have approximately 50 users and we keep expanding its usage. It is growing on the infrastructure level, as well as the EPS level.

Three or four administrators are all that is required for the maintenance.

I recommend this product for large enterprises.

We have had a lot of trouble with technical support. As of late, they take too long to respond to our issues. For 99% of our issues, they take too long to respond. It's not instant.

I do not have any experience with other SIEM solutions. QRadar is the first one for me.

The initial setup is complex because it is not managed properly.

Our implementation strategy is based on it being a distributed environment.

We completed the implementation and deployment ourselves.

We did not evaluate other options prior to selecting QRadar.

This is a good product for large enterprises. Smaller companies should implement an open-source solution but for a large enterprise, QRadar is a good product.

I would rate this solution a seven out of ten.

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.

The threat hunting capabilities in general are great. 

I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

I have been using this solution for two and a half years. 

This solution is quite stable. 

We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.

We used to use Splunk.

How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything. 

Deployment took two to three weeks from beginning to end.

The price of this solution is a little high.

Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required. 

Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.

Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it. 

Our clients who are implementing or trying to implement a Security Operations Center use the IBM QRadar SIEM solution. This solution helps automate incident processing and provides visibility into the incident management process.

The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing.

The integration of our customer's infrastructure with other security management systems, such as Active Directory, firewalls, and vulnerability management systems, is effective.

The solution is difficult to understand in the beginning and has complex management configurations that can be improved.

The stability has room for improvement.

The cost has room for improvement.

I have been using the solution for two years.

I give the stability a seven out of ten. There is sometimes unexpected behavior within the logic of the playbook engine and features.

I give the scalability an eight out of ten.

We have had issues that were not resolved by technical support.

Neutral

For the most part, the initial setup is straightforward and I give it a seven out of ten. The initial deployment and configuration require one month, followed by an additional 11 months of implementing various use cases and processes that need to be automated.

I give the price of the solution a four out of ten. The solution comes with a high price tag, while some of the competitors provide identical functionality in their offerings at no extra cost.

I give the solution a seven out of ten.

We have around 20 users.

The solution is of good quality and can be implemented successfully. However, in order to fully utilize its benefits, one must possess expertise in Python programming.

We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc.

We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.

The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.

IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.

There isn't any additional feature I'd like added to IBM QRadar at this point because it's sufficient for visualizing the logs.

I've been with the company for one and a half months, and I've been using IBM QRadar almost daily, but the solution was deployed five or six months ago.

IBM QRadar is a stable solution.

IBM QRadar is a scalable solution. My company currently has seven to eight different accounts on IBM QRadar, so it's a scalable technology. It has no problems with scalability.

I didn't have any problems with IBM QRadar, so I never contacted the technical support team.

I'm assuming that the main reason my company chose IBM QRadar is that IBM is one of the biggest tech companies in the world, so IBM products would be more secure and more reliable than other solutions.

As I didn't set up or deploy IBM QRadar, I have no information on whether it was easy or complex to set up.

I have no information about the licensing costs of IBM QRadar, and whether or not it requires a license.

I'm an intern at one of the biggest telecommunication companies, and my company uses IBM QRadar.

My advice if you want to use IBM QRadar is that you should use it because it's very scalable and it's easy to use. The solution also has many dashboards, and you don't have to write any code or write different scripts to get the information you need. You can do it from the UI of IBM QRadar. The only room for improvement in the solution is that it doesn't support newer technologies, and it's late when it comes to updates.

I'm rating IBM QRadar nine out of ten because my experience with it has been excellent. The only downside to it is that IBM is late with adding new features or supporting new technologies compared to its competitors.

My company is an IBM QRadar customer.

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

I have been using IBM QRadar User Behavior Analytics for approximately three years.

IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

The scalability of IBM QRadar User Behavior Analytics is good. 

We have two people using this solution. We do not have plans to increase usage.

We use a consultancy company for support and are not directly connected to IBM support.

The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

I rate the price of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

I rate IBM QRadar User Behavior Analytics a six out of ten.