The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.
The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.
It is really helpful to us from the compliance point of view. Whenever we had an external lawyer come in, he used to ask us for the data retention and log retention. So, QRadar could put out reports that could audit for us within the log collections. It was very helpful for us to meet compliance requirements.
In addition, it is a helpful solution for forensic analysis. It will easily perform Google type searches and get the logs searched easily. This is really helpful for us, and gives us a quicker investigation.
The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.
They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.
The stability is very good. There is not a single point lacking in terms of stability. And, I have never faced technical issues.
The scalability is good, especially with the introduction of data nodes. As of now, it is not a problem.
The tech support is not that good. They often rely on their learned knowledge base, instead of getting their hands dirty upon the actual case issues. They just think of the traditional approach of "OK, try this, or that." Obviously, we already know which steps to follow, we need for them to come up with some out-of-the-box solutions. This delays the process of finding a solution to the problem. Unfortunately, this happens a lot.
I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.
The initial setup was straightforward. It was not complex or difficult. It is not complicated.
The cost of this product is expensive.
If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex.
When deciding on a solution, we always consider: