IBM QRadar Review

Has somewhat of a new structure recently compared to the last gen. They have moved from the standard UI based infrastructure.


What is our primary use case?

My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.

How has it helped my organization?

It has improved my efficiency. It has also reduced the implementing time. So we have reduced the time we are getting it readily available and you can just do small customizations. We can also do automation, as well using QRadar.

What is most valuable?

QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure. There are multiple aspects coming in which are actually plugin and play kind of stuff, we don't have to write rules, we don't have to create dashboards and all. For example, on the dashboard we have user behavior analytics. And, it is very helpful for us to use customization and build from scratch.

What needs improvement?

There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is very stable. I've seen this product grow since it started. It initially started with another company and then it was bought by IBM.

What do I think about the scalability of the solution?

This tool is very user friendly, and is scalable. But, we do use other products in tandem with it.  

How is customer service and technical support?

There are three zones that make up the technical support team, one is Asia Pacific(where the people from India are IBM India they work in that particular region), there are Europe(people from the UK and the Netherlands) and America (the people from the US). When comparing these support teams, the Indian team is lacking.

What was our ROI?

There are an abundance of  customers in the market who are actually using QRadar for their security monitoring purposes. This is a real advantage of this solution.

Which other solutions did I evaluate?

We compared it to Splunk. The only difference between QRadar and Splunk is that Splunk works on the data analytics, This makes it easy to help create those data lakes and searches whereas QRadar does not focus on that. The SQL database on the back end, takes some time and it's not so flexible in data storage or data lake creation, so that is the only backfall of QRadar. 

Additionally, Splunk is app based, and QRadar is not app based.

What other advice do I have?

There are new things that are coming up in QRadar, such as AI to IBM Watson. This is going to create a huge impact in these types of solutions, because we don't have an artificial intelligence coming in. There are other tools that have artificial intelligence, but IBM QRadar getting integrated with artificial intelligence is the next step.

It should be noted that the QRadar type products are actually changing their strategy. they will move on to the next stage that is called "Threat Hunting." Instead of waiting for some attack to happen and getting an alert, the new solutions will try to find out those suspicious activities in your network or environment and resolve it before it creates havoc.  

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.
Add a Comment
Guest
Sign Up with Email