IBM QRadar Review

Helps us monitor and generate statistics that help to illustrate what is going on in the company

What is our primary use case?

We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.

How has it helped my organization?

In terms of how IBM QRadar has improved our company, on peak days it helps us monitor and generate statistics that help to illustrate what is going on in the company. For example, SMB detects ransomware and invalid log-on. If a user is located in the United States, or we expect a login in Russia, or Ukraine, or Kenya, it is very important for us because we can detect what application they are using there, or if a hacker is trying to log in by mobile or another device.

What is most valuable?

I have found its network traffic log, network bit log, and QBI most valuable.

We have a lot of domain controllers in QRadar tracking all the security. It is also useful for identity management.

What needs improvement?

In terms of where it could be improved, this includes its forensics, incident response, and security operation center features. Additionally, some also struggle with the rules. We need more features in order to create rules to detect or to meet some requirements for other areas, such as catching the event from other authentication tools, like in Okta, for example.

In some cases, I have issues because some tools are not integrated in QRadar, such as other tools similar to DLP (Data Loss Prevention). We need to create all the integrations manually because they are not integrated in QRadar. We have a problem, for example, because they have Symantec DLP integrated in QRadar, however, it is not working because it's not detected automatically. It is not converting all the columns, but we do have the option to create manually. This is not difficult because it's very clear in the procedures.

For how long have I used the solution?

I have been using IBM QRadar for seven years.

What do I think about the stability of the solution?

QRadar's stability is great because it is always live and is always catching and monitoring all the information that we need. When we need information, it is here in QRadar. 

In terms of maintenance of QRadar, my internet is secured by IBM.

What do I think about the scalability of the solution?

For me, the scalability is good.

At the moment, we have no more than 15 people working on QRadar. This includes analysts, forensics, internet response, and active directory.

How are customer service and technical support?

Tech support is good. Additionally, I can find all the information at IBM.

How was the initial setup?

In some cases, the system or the hardware do not meet the requirements to install one flow collector. Or the menu is not displayed. The menu has 10 options. If the CPU and memory are not enough, the menu shows only five or six options. But this information is not mentioned in the installation process. But it is not complex because the installation is very clear as long as we are meeting all the requirements for the CPU, memory, or the space.

The solution takes maybe four months because we have a lot of integrations.

What other advice do I have?

I would absolutely recommend QRadar because it has a lot of options to improve or detect some information.

On a scale of one to ten, I would give QRadar a 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

Which version of this solution are you currently using?

Version 7.4
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More IBM QRadar reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
536,548 professionals have used our research since 2012.
Add a Comment
ITCS user