IBM QRadar Review

Its correlation and the parsing features result in good scalability and performance


What is our primary use case?

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar.

I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

How has it helped my organization?

Previously, we had to do a lot of debugging when we wanted to change our firewall policy to find out which rule was blocking things, etc. With Qradar, when you integrate the logs of the firewall, you have with two clicks, the info in real-time.

What is most valuable?

The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.

What needs improvement?

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Sometimes, but not from the system itself, but from the amount of logs it has received.

What do I think about the scalability of the solution?

Not at all.

How are customer service and technical support?

Technical support is good when they using WebEx. By portal, they are slow and inefficient.

Which solution did I use previously and why did I switch?

My service since the beginning has been to only sell and manage QRadar.

How was the initial setup?

It is very easy to deploy. It is not a user-friendly way to deploy, but for IT guys who have the skills of Linux servers, etc., it is easy.

What's my experience with pricing, setup cost, and licensing?

Think what you will integrate into QRadar. It is a SIEM. You need to send it logs, but not everything.

Pricing (based on EPS) will be more accurate.

Which other solutions did I evaluate?

I had the chance to test some other products, and there is a lot of them on the market. However, when you have to deploy and manage it, not just demo it, it is a total different story.

QRadar is not perfect, but I have had the chance to manage ArcSight, Sumo Logic, Unomaly, and RSA for some specific features, and comparatively, QRadar is good

What other advice do I have?

Think scalability and make sure your product can be integrate into QRadar.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email