How has it helped my organization?
Maybe the best way it helped our organization is that QRadar is well prepared for PoCs. When you are doing PoCs, you just install the solution and you can show it to the customer.
It has great benefits because we don't spend a lot of time to set it up. There are a lot of features that are there out-of-the-box. It's great to do a PoC with customers and to reduce the money spent on the implementations.
What is most valuable?
The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA). All that stuff is really cool.
We are using the solution a lot on the customer side. We like the strength of the platform, basically. I know there is no other product like QRadar.
What needs improvement?
We thought about what was missing and it was the analysis of the user behavior. However, with the User Behavior Analytics (UBA), it's much less complicated.
I recently attended a conference presentation on machine learning, and it is a great plug-in to UBA. It will help us a lot because a lot of customers want to analyze their user behavior patterns.
Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that. It will be better.
I would like to see improvement in the technical support. Sometimes, when we do patching or something like that, it creates some problems. Maybe they could test the patches and the OEM product better.
What do I think about the stability of the solution?
The stability is not bad. We had some problems with patching, but there are problems with all software.
We had the problem when we patched from Version 7.2 to Version 7.2.8. There were some problems with the authentication tokens. It didn’t go so well, but we solved it with the help of technical support and it was very quick. I think that's cool.
Sometimes, we have a problem with support. We are also using QVM (IBM Security QRadar Vulnerability Manager) and I think it is a little bit buggy for now. We have a lot of problems with it. It should be better.
What do I think about the scalability of the solution?
In terms of scalability, there is no doubt about it: It is perfect.
How are customer service and technical support?
The quality of technical support depends on the agent. Sometimes, it's hard to get the person who you need. Sometimes, it's better to create a ticket when the USA is working because I think they can help you better.
Which solution did I use previously and why did I switch?
We had McAfee, but we are ending our use of it. There are only some small implementations that are running with it. We are no longer developing with it. I think in the future, we will switch to QRadar. This is because we don't want to have two separate platforms.
RSA enVision was being used with one of our banking customers. However, we transferred to QRadar last year.
How was the initial setup?
We implemented the solution from the scratch with our customers. We have a lot of implementations that they can check.
The setup was very complex. We have integration with a customer service desk and a lot of customization. It's the best thing that we can create our own app and adapt it to QRadar.
We attended the IBM master class to help us with an SDK to develop our own apps. Some of our customers are banks and they have a lot of things to do. Sometimes the features they need are not in QRadar, so we have to customize the solution a little bit for them.
Which other solutions did I evaluate?
We have a security department in the Czech Republic. We are basically only implementing IBM security products.
What other advice do I have?
Definitely try it. Do a PoC with a customer. You can get the value for the customer quickly. It's great.