What is most valuable?
The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.
How has it helped my organization?
We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.
What needs improvement?
In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.
There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.
What do I think about the stability of the solution?
There were no stability issues.
What do I think about the scalability of the solution?
There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.
How is customer service and technical support?
We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.
Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.
How was the initial setup?
I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.
What other advice do I have?
It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.
When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.