IBM QRadar Review

In one single pane of glass, we can see all the issues. Though, the architecture could be improved.


What is our primary use case?

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

How has it helped my organization?

It saves a lot of time. We integrate the customer's firewall with all their networking devices. If there is an issue, it helps us do the proactive work before it becomes a bigger issue. We are able to pinpoint issues and solve them.

Additionally, it is very easy to figure out. In one dashboard, we can see all the issues. There is no need to login to every device. In one single pane of glass, we can see everything.

What is most valuable?

Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.

What needs improvement?

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

It is a combination of multiple factors. The issues is from the customer side, not from QRadar. If you are able to get the right details from the customer, this solution is scalable.

How is customer service and technical support?

I am not involved with technical support because I am in pre-sales.

Which solutions did we use previously?

Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.

What's my experience with pricing, setup cost, and licensing?

I do not have control over pricing, though I do help customers with their sizing.

Which other solutions did I evaluate?

I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.

My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared. 

We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.

What other advice do I have?

I would rate it a seven out of 10. I have had some challenges integrating this solution.

Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures.

People who handle only four or five security devices spread across the globe should go with this SIEM tool.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest

Sign Up with Email