What is most valuable?
We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.
What needs improvement?
Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.
For how long have I used the solution?
I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.
How are customer service and technical support?
The solution has a good technical team.
How was the initial setup?
The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.
What's my experience with pricing, setup cost, and licensing?
When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.
Which other solutions did I evaluate?
We have compared Securonix and many other solutions to this one.
What other advice do I have?
I rate IBM QRadar a nine out of ten.