IBM QRadar Review

It helps our incident handlers find incidents within our environment and track down new threats.

What is most valuable?

The most valuable features are its ease of use and that it provides good return on investments. It's the best solution out there, in my opinion.

How has it helped my organization?

It brings down the time for our incident handlers to find incidents within our environment, to track down new threats and to keep them gainfully employed, by finding the new problems that we see.

What needs improvement?

I'm not really sure in regards to any additional features, because everything I've seen on the roadmap looks good. So, I'm pretty happy with that.

There is always scope for improvement. The QRadar WinCollect feature needs to be improved. The Windows Log collection is sort of problematic and needs to work better.

A little bit more improvement needs to be brought about in the Watson integration and I still need to see how that works. A little more improvement can be brought about in the User Behavior Analytics and Network Analytics. That would be great.

What do I think about the stability of the solution?

We've had no issues with its stability or scalability.

How is customer service and technical support?

The technical support is very good. After the Q1 Labs integration into IBM, they kept the same people. I'm a long-time user and I keep talking to the same people year after year.

What's my experience with pricing, setup cost, and licensing?

It's worth the cost. There are a lot of other options out there that are way more expensive, and that may be better in certain areas, but in my opinion, the overall best solution is QRadar.

What other advice do I have?

First, make sure that it's sized right and read all the manuals, before you do it.

Interoperability with other products is what I look for in a vendor. An open API is the big thing. I want be able to make sure that if I buy something, it will be able to talk with other products. I won't need to keep going down the same path, i.e., if I buy company X, I have to buy company X products all the way; otherwise, they won't talk to each other. Being able to talk with other products really makes a difference.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More IBM QRadar reviews from users
...who work at a Financial Services Firm
...who compared it with McAfee ESM
Add a Comment