IBM QRadar Review

It can collect different types of security feeds and correlate them in real-time with your logs.


What is most valuable?

The most valuable features are:

  • Auto update: QRadar will download new logs from the database on the supported security device, so that it will automatically normalize the new log format and you will not need to rewrite all your rules/offenses again.
  • X-Force/TAXII feed: QRadar can collect different types of security feeds and correlate them in real-time with your logs.

  • Search engine: QRadar is like Excel, i.e., you can add rows and filter like your daily office work, without writing any scripts. So level 1 support also can handle this type of jobs.

How has it helped my organization?

You will learn something that you don't know on the user/machine behaviour.

What needs improvement?

The dashboards and reports may need to improve. We need to export the CSV results to create a report by Excel.

For how long have I used the solution?

I have used this solution for three years.

What do I think about the stability of the solution?

It will slow down, when there are too many people doing a search at the same time, but that depends on your hardware and design.

What do I think about the scalability of the solution?

I did not encounter any scalability issues.

How is customer service and technical support?

You may need to allow remote support for them to help you, for troubleshooting the issues.

How was the initial setup?

The setup is complex, i.e., for the first setup. SIEM is not easy so as to enable logs without any performance issues and the deployment advisor is the key for the project.

What's my experience with pricing, setup cost, and licensing?

You only need to worry about the number of events per second and the number of flows per minute. Storage size is not an issue with QRadar.

Which other solutions did I evaluate?

We did evaluate other options. I think Splunk is the second-best option.

What other advice do I have?

If you have an experienced group of security members, then you may not at all need the advisor for the product. If not, then you will have to find the path to build your team, so as to become more knowledgeable.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are business partners.
Add a Comment
Guest
Sign Up with Email