What is our primary use case?
We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.
Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.
What is most valuable?
QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis.
There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.
From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.
What needs improvement?
When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar.
Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.
For how long have I used the solution?
I have been using this solution for five years.
What do I think about the stability of the solution?
It is absolutely stable. It depends upon how the implementation has been done. We definitely have the skills to do this kind of implementation. We ensure that a customer's environment is absolutely protected.
What do I think about the scalability of the solution?
It is very scalable, but it also depends upon how the implementation was done. We are providing services to one of the major brands in India. They have somewhere around 30,000 devices. We are currently managing more than 1 lakh QRadar users.
How are customer service and technical support?
QRadar has a good technical team. They provide timely support whenever a ticket is raised.
How was the initial setup?
Deployment of such solutions always takes time because these solutions are not simple. You should have the expertise and you should understand what is really needed for the business. We understand the real business need, and accordingly, we implement the policies.
What about the implementation team?
We have been managing some of the security tools for the past 11 years. We have expert engineers who can help our customers with installation, configuration, planning, designing, and other things.
If you have an environment of 5,000 or 10,000 devices, three to five people should be enough to manage it.
What's my experience with pricing, setup cost, and licensing?
Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.
What other advice do I have?
I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for.
I would rate IBM QRadar a nine out of ten.