IBM QRadar Review

It has helped us with our response time to threats


How has it helped my organization?

It has helped us with our response time to threats. It also showed us where weaknesses were in our environment, so we could actively target those patches first.

What is most valuable?

It works well with IBM products.

What needs improvement?

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

Network Breach

I have only once experienced a network breach with QRadar. QRadar detected the breach within an hour and the triage investigation took another four hours. Overall, it took about six hours to remediate everything. 

Efficiency of Security Team

With QRadar, everything runs better.

What do I think about the stability of the solution?

It is a very stable product. I cannot say anything bad about it.

What do I think about the scalability of the solution?

It is very scalable. It does a good job.

How is customer service and technical support?

Their Level 1 support is weak, but the support that we worked with to set up our feature sets is good. Their Level 2 and 3 support are good to work with overall, like most companies.

We contacted their technical support about adding more feature sets. We worked with their engineers to set up the feature sets that we wanted to expand upon and deliver the product, which they did.

Which solutions did we use previously?

We originally used ArcSight, which got cumbersome and expensive. Also, HPE ruins everything that it touches. Therefore, we moved to QRadar.

How was the initial setup?

It is a pain to set up; basically it is not that easy.

Which other solutions did I evaluate?

We evaluated LogRhythm and Splunk. 

  • LogRhythm had limitations.
  • Splunk was never designed to be a SIEM.

What other advice do I have?

Do your research before implementing it, because it is tough to implement.

Most important criteria when selecting a vendor: support. I say this to every vendor.

It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email