What is our primary use case?
We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.
The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home.
Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared.
What is most valuable?
The SOAR features are very good.
The product is able to handle special requests.
It can effectively search local files.
We are able to deploy in two or more different locations.
The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems.
The initial setup is pretty straightforward.
The solution is stable.
The product can scale.
Technical support is good overall.
Qradar has a lot of integration capabilities with different security products.
If we talk about functionality in general for SIEM systems, it's good.
What needs improvement?
In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.
It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.
It would be ideal if the solution offered new connectors to other systems.
The reporting system could use some upgrading.
For how long have I used the solution?
We've been using the solution for at least the last 12 months or so.
What do I think about the stability of the solution?
The stability is good. there are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The scalability of the product is very good. Sometimes we get requests for specific functionality and usually, we can accommodate that.
How are customer service and technical support?
Generally, we are happy with technical support. They are helpful and responsive.
How was the initial setup?
The initial setup is very simple for our customers due to the fact that the first step is a demo for a customer. We need about 5 to 15 working days to make this demo. We talk about making a core system. It's not difficult to make over the Qradar SIEM. After that, if the customer needs some special function for, for example, different parts of the organization, we can propose some separate parts of SIEM. That's about two or eight weeks away.
In general, for a SIEM project, you are looking at a deployment time of about two til eight months.
What about the implementation team?
As integrators, we can help advise clients and assist in the deployment process.
What's my experience with pricing, setup cost, and licensing?
IBM Qradar has an interesting scheme for payments. They have annual payments for customers who use subscriptions for some services. I can't see any problem with the current financial scheme for this product generally. It's okay.
What other advice do I have?
We are implementors. Our customers are the ones that use IBM Qradar.
We are an IBM partner.
We strongly recommend to our customers use the latest version of Qradar. It's important for security. We tend to use the latest in general.
Our customer is a government organization, including some ministries. Therefore, they use on-premise deployments only. However, they have some plans for hybrid clouds or private clouds in the next three or four years. That said, it's very hard to say exactly as the work at the ministry is about security. On-premise is deemed to be more secure.
I'd rate the solution at a nine out of ten.
Which deployment model are you using for this solution?