What is our primary use case?
In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.
How has it helped my organization?
Since IBM opened up the API for third-party app integration it has made it increasingly easy to add other tools into the dashboards.
What is most valuable?
Currently, the App Exchange offers over 192 applications that allow QRadar to integrate with some of the top security programs on the market, along with extension add-ons provided by QRadar. Some third-party apps include (but not limited to) Splunk, McAfee, Cisco, Carbon Black, Palo Alto, ObservIT, Exabeam, Gigamon, PhishMe. Extension add-ons by QRadar include report extensions, MS AD extensions, user behavior analytics, etc.
We have a very small team and anytime I can integrate with our other tools, and save time doing so, that is a plus for my company.
What needs improvement?
Keep up with more apps. They need to continue working with other companies to develop apps for integrations. Yes, they currently have 192 apps, but that number is nowhere near the number of security products on the market. That means if your company has a product that is not in the application list then you just have to work a little harder to pull the data you need from the log source.
I'm not against hard work, I'm just trying to work smarter and faster. Time is money, so saving time without compromising the end product is a win for everyone. It would reflect well for IBM because it would show they understand the customers’ needs and it would reflect well internally because we would be able to present cleaner dashboards and reports without hours or days devoted to building them.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
We experienced some memory usage issues with a user behavior app.
What do I think about the scalability of the solution?
We haven't really had any scalability issues. You are always limited to your EPS/FPM licensing, so you have to make sure you don’t exceed those limits.
How is customer service and technical support?
Tech support is excellent.
How was the initial setup?
The initial setup is straightforward.
Which other solutions did I evaluate?
We do a SIEM solutions review every few years. Other options we have evaluated: LogRhythm, Splunk, AlienVault.
What other advice do I have?
Research, and don’t be afraid to do a few PoCs. Also, make sure you have a team for the tool. Most solutions require a team, so if you cannot apply a team towards the tool then hopefully you can use one of the managed SIEM options.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 01 2018