IBM QRadar Review

Great integration capabilities with excellent scalability potential and an easy setup

What is our primary use case?

We primarily use the solution for log collection and security incidents as well as event management.

How has it helped my organization?

We benefit the most from the integration on offer. IBM QRadar offers a solution to our enterprise customers, and certainly, the admin has been benefiting from it, in terms of having more visibility on what's happening on the network in terms of events, flows, et cetera, and all in real-time. 

What is most valuable?

In general, the product is awesome. It's almost perfect.

The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.

The initial setup is pretty straightforward.

The stability is good.

We've found the scalability to be excellent.

It offers all of the specifications of the hardware that we need.

What needs improvement?

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better.

Technical support could be improved by a bit.

For how long have I used the solution?

I've been dealing with the solution for five years at this point.

What do I think about the stability of the solution?

The stability of the solution is very good. It's reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's been good.

What do I think about the scalability of the solution?

There's nothing better than QRadar when it comes to scalability. You can scale it to 100,000s of events per second. It can be scaled as much as you want. It has no limitations to it.

How are customer service and technical support?

Technical support is okay. On a scale from one to ten, I would give them an eight. They could do better, however, we are mostly happy with their level of support.

How was the initial setup?

The initial setup is not complex at all. It's quite straightforward. If a company implements this solution, they shouldn't have any issues with the setup process at the outset.

How long it takes to deploy depends on the size of the environment and the company. If it's a small enterprise, it can be done basically in a week or so. It's all about not just the department, however. It's all about collecting the log sources to integrate into it. That is where the process takes time. If the log sources are put together, things become much easier to handle. It's quicker and easier to define the rules, correlations, and reporting. The most time spent at the outset is in collecting the log sources and getting the log sources to send the data to.

The deployment process doesn't need many people. It depends on the deployment structure at first. If it treats a distributed architecture, of course, you need a couple of guys to be on board. However, then it's not only about deploying the solution, it's all about integrating the solution with different products or different platforms. That is where the time goes in. It's not a one-person job. Right from the application database, metro securities, and different controls that are in place, they all need to be integrated into the center. If we're talking about an enterprise, the team in an enterprise is equally responsible for waiting for those things to integrate.

What's my experience with pricing, setup cost, and licensing?

The NEMA licensing structure is very easy. It's far better than the previous licensing structure they had. They charge you based on the number of events per second and flows per second, and that's the beauty of it. The rest of the components are complimentary. That's it. It's not a complex process of licensing anymore. It's very simple and straightforward.

What other advice do I have?

We are resleers of QRadar.

In general, we have been quite happy with the solution. I would rate it nine out of ten.

We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving.

When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role.

It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
More IBM QRadar reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,773 professionals have used our research since 2012.
Add a Comment
ITCS user