The SIEM features are what sell this product. Lately, it has been heavily expanded with others. For example vulnerability management, risk management, incident forensics, cognitive security, and user behavior analytics.
Basic SIEM features include log management, reporting, and correlations and alerting. All SIEM products started with those.
Modern SIEM solutions are expanded with additional components that i mentioned.
So today, you will rarely see RFP for only SIEM. It will usually include other requirements. To answer this, vendors started adding additional valuable features.
Lately, Qradar also opened their APIs to the development community, in order to confront Splunk, and that resulted in a large number of additional functionalities in the form of add-ons (Qradar apps).
We are an IBM business partner. In short, this tool helps our clients have visibility into the IT infrastructure, events, and network traffic.
Dashboards!!! Dashboards are one of the most frequent complaints I receive from customers. Customers are complaining about the limited set of graphs and the inability to change colors. Although this might seem trivial, a large number of the same complaints probably mean something.
A lot of bugs are reported for dashboard items. Also, I personally have found that it does not work as indicated by the documentation. The same methodology is used to produce different results for similar searches. Also, customers would like to see near real-time data on the dashboard, which is very hard to achieve according to the mentioned problems.
I have been using this since 2011, even before the IBM acquisition.
We have not had stability issues.
High availability deployments have serious upgrade issues.
Support is great, but sometimes they are a little slow.
We did not have any previous solution. We have used only QRadar for the last six years. Even at that time, it was leader in Gartner and so it remained. It is very user friendly.
The initial setup was very easy. Integrating the infrastructure configuration is the biggest problem for any SIEM project.
Licensing was simplified two months ago. I don’t have insight into pricing. But as with any software, the price can probably change depending on your negotiation skills :)
We didn’t evaluate other solutions. However, in my career, I saw Splunk, RSA, ArcSight, and AlienVault.
If you are a security officer who wants to protect his job, go for Splunk :) If you are a customer who wants to have an easy tool and save time and resources, definitely go for QRadar.