IBM QRadar Review

Integration with other platforms and the ease of rule making are valuable features.


What is most valuable?

These features make it easy to operate the application:

  • Integration with multiple platforms
  • Ease of rule making
  • Manufacturer support (IBM)

How has it helped my organization?

We use QRadar for application security, generating customized rules of correlation according to the operation of our business. It extends the security of our most critical assets.

What needs improvement?

From my point of view, they should improve the backup procedures. QRadar does not allow sending backups by FTP or SFTP, limiting the tool. I had to make a script but it is a manual process. It would be great to have it automated.

For how long have I used the solution?

I have used it for approximately five years.

What do I think about the stability of the solution?

We did have stability issues. Some errors were generated when applying updates.

What do I think about the scalability of the solution?

We have not needed to scale the solution.

How is customer service and technical support?

It has taken a long time for support to respond to our request regarding AIX.

Which solutions did we use previously?

We didn’t have a previous solution. We have always used QRadar.

How was the initial setup?

The initial configuration is simple; the maturation of the application is complex. Not because of the application of QRadar, but because they include many factors, such as the identification of critical assets and how we can secure them, with the application.

What's my experience with pricing, setup cost, and licensing?

QRadar is a very expensive application but it is a good product. My advice is to validate with other correlator solutions and validate which product is right for the organization.

Which other solutions did I evaluate?

We did evaluate other similar products that are good, such as McAfee ESM and HPE ArcSight.

What other advice do I have?

First, identify the most critical assets to be included in SIEM and then the most critical events of my organization. With that, you avoid bringing unnecessary events into SIEM.

It's a very good and versatile correlator.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a partner.
Add a Comment
Guest
Sign Up with Email