What is our primary use case?
We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well.
Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.
How has it helped my organization?
The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.
What is most valuable?
The threat hunting capabilities in general are great.
What needs improvement?
I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.
For how long have I used the solution?
I have been using this solution for two and a half years.
What do I think about the stability of the solution?
This solution is quite stable.
How are customer service and technical support?
We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.
Which solution did I use previously and why did I switch?
How was the initial setup?
How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything.
Deployment took two to three weeks from beginning to end.
What's my experience with pricing, setup cost, and licensing?
The price of this solution is a little high.
What other advice do I have?
Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required.
Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.
Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it.
Which deployment model are you using for this solution?