IBM QRadar Review

It is really helpful to us from the compliance point of view.


What is our primary use case?

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it. 

How has it helped my organization?

It is really helpful to us from the compliance point of view. Whenever we had an external lawyer come in, he used to ask us for the data retention and log retention. So, QRadar could put out reports that could audit for us within the log collections. It was very helpful for us to meet compliance requirements.

In addition, it is a helpful solution for forensic analysis. It will easily perform Google type searches and get the logs searched easily. This is really helpful for us, and gives us a quicker investigation.

What is most valuable?

The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.

What needs improvement?

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is very good. There is not a single point lacking in terms of stability. And, I have never faced technical issues.

What do I think about the scalability of the solution?

The scalability is good, especially with the introduction of data nodes. As of now, it is not a problem.

How are customer service and technical support?

The tech support is not that good. They often rely on their learned knowledge base, instead of getting their hands dirty upon the actual case issues. They just think of the traditional approach of "OK, try this, or that." Obviously, we already know which steps to follow, we need for them to come up with some out-of-the-box solutions. This delays the process of finding a solution to the problem. Unfortunately, this happens a lot.

Which solution did I use previously and why did I switch?

I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.

How was the initial setup?

The initial setup was straightforward. It was not complex or difficult. It is not complicated.

What's my experience with pricing, setup cost, and licensing?

The cost of this product is expensive.

What other advice do I have?

If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex.

When deciding on a solution, we always consider:

  • Cost-benefit
  • Shelf-life of the solution
  • Security of the solution
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email