What is our primary use case?
We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.
How has it helped my organization?
It helped our organization in the sense that having it was better than nothing. However, I did not enjoy the product overall and I advised we switch to something else.
What is most valuable?
The user behavior analytics as part of our deployment was okay, even though it was clunky.
The solution can scale.
What needs improvement?
I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.
The solution is clunky.
The interface could be much better.
The integration capabilities within the product are not that great.
For how long have I used the solution?
I've been using the solution for about two years at this point. My team has been using it for two to three years, so we have a total of about five years of experience in all.
What do I think about the stability of the solution?
I wouldn't describe the solution as stable.
It was really buggy. Like other app integrations, it wasn't straightforward. It was pretty clunky. We tried to integrate Qualys with it and it wasn't effective. To integrate anything took quite a bit of time and energy. It wasn't easy. When it did, it didn't work properly. It wasn't really pulling in the data correctly.
What do I think about the scalability of the solution?
Scalability was hard as it was on-prem. We needed to add more modules, and had to add more of the servers to stack it. It wasn't that a simple task at all. I wouldn't say that it scales well, although technically, you can scale it.
When we were using the solution, we had ten to 15 users on it. They were anyone from Information Security Engineers to regular IT admins.
How are customer service and technical support?
Technical support was awful. We often didn't even have any assistance available to us. On a scale from one to ten, I'd rate them at a three. We were very unsatisfied with the level of support we received. They just simply weren't helpful when it came down to it.
Which solution did I use previously and why did I switch?
The organization didn't previously use a different solution before choosing QRadar.
We actually switched to LogRhythm as I didn't like how the solution was working for the organization.
How was the initial setup?
I didn't handle the initial setup. It was handled before I arrived at the organization.
What other advice do I have?
I'm not sure of which version of the solution we're using.
I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay.
Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC.
Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.
Which deployment model are you using for this solution?