IBM QRadar Review

Single pane of glass for analysts and SIEM administrators


How has it helped my organization?

It has provided support for several log sources, which has historically been problematic/unsupported by competitors. It is easy to make changes on the fly to default parsers to customize fields/mappings to our use cases.

What is most valuable?

  • Ease of use
  • Time to value in implementation
  • Single pane of glass for analysts and SIEM administrators

What needs improvement?

  • User/identity modeling needs improvement. However, it seems that they are already focusing on that. 
  • Needs better visualization options beyond the time series charts and a few other options that they have.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We have definitely not encountered any issues with stability.

What do I think about the scalability of the solution?

We have definitely not encountered any issues with scalability.

How are customer service and technical support?

Better than average versus their competitors.

Which solution did I use previously and why did I switch?

We previously used McAfee and ArcSight. We made the switch to IBM QRadar for scalability, ease of administration and use.

How was the initial setup?

It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way. Adding log sources is very straightforward, along with device updates, etc., which are all centrally managed.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are competitive. Their new licensing options allow logs to bypass the correlation engine for a flat rate, which is also appealing for log data that is compliance-driven for a small amount of money.

Which other solutions did I evaluate?

We evaluated  ArcSight, LogRhythm, Splunk, etc.

What other advice do I have?

Understand how your analysts need to use SIEM to execute use cases. This platform can collect and normalize data better than just about anything (if you want it to), but it will not be useful if it is not presented in a useful way.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email