IBM QRadar Review

It is not a user-friendly program.

What is our primary use case?

My primary use case for this solution is to monitor security events in our cloud environment.

What is most valuable?

They do have a way to pre-configure or have pre-configurations for companies that are starting and they don't know too much about SIEM or working with SIEMs. The solution uses SIEM to get the information to the managers so I will say that they have an ongoing boarding process that is very good if you are starting because it already has what you need to start up.

In addition, they have more HIPAA. It's a pre-order on QRadar, so when we go to the process of selecting our use cases, they go by building blocks. QRadar links it to building blocks so we don't have too much to cut on it.

What needs improvement?

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. 

In addition, the management services team needs some improvement. They are, at times, confused with our requests.

Network Breach

Another problem with QRadar, is that they have a very big signal protection. This needs to be fixed. You can only see what you know.  Let me give you an example of how I feel. Here is an analogy for you. Let's say you are a cowboy and you're on wild on the plains. You go out there and get your cows back, right? So you have a noose, you have your hat, your boots, your spurs, you are a real cowboy, right? But you are working on a, this is my opinion right? But you are working on building cars. So how would you look being fully dressed in all your gear, selling cars? It's like you are ready and prepared, you have your tools, but you don't like those rulings. You feel like you are in the wrong place.

Efficiency of Security Team

No, it has not improved the efficiency of our security team. They have an integrated mobile with Watson so what this means is when we have an event that has a high magnitude, Watson takes it and investigates, right? So every time I see an offense, I see Watson has gone and investigated this. What am I expecting from AI to do? I want to see location, what happened, what is it, sources, stuff like that. They just give you a routing chart of what I think was involved. I can do that with my bare hands, I don't need Watson to do that. So why am I paying for AI?

For how long have I used the solution?

One to three years.

How is customer service and technical support?

On a scale of one to four, I would rate it a four. We have had some issues. For example, the other day I wanted to add a new correlation. So I opened a ticket for that new correlation. I went to go change my correlation, but they took so long to get the correlations down. I had to go ahead and open the ticket before I got to change the management process.

Which solutions did we use previously?

I have used Splunk in the past. 

How was the initial setup?

The initial setup was complex, and it took six months. 

What's my experience with pricing, setup cost, and licensing?

It is a pricey product. It is very expensive. 

Which other solutions did I evaluate?

QRadar needs a lot of fine tuning. I had to schedule meetings with IBM for help. For example, one of the things that we were having difficulties with QRadar is that the detection rules are sent by IBM and we wanted those detection rules. In one case, I know there's new malware out there, BlackIce, but I am not able in QRadar, because it's a managed service, to go in and create a detection rule that say the malware is out.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email