What is our primary use case?
We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud.
How has it helped my organization?
Instant continuous monitoring so that we can take action immediately and be proactive as much as possible with handling hacking and attacking attempts. Also, It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well. We also use it for testing our controls if it is performing well or not. We can say that the visibility, monitoring, testing and reliability of our controls is all assisted by this solution. The most important benefit we get is from the SIEM solution.
What is most valuable?
The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need.
What needs improvement?
There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.
For how long have I used the solution?
What do I think about the stability of the solution?
It is very stable. We have not faced interruptions in the past four and a half years.
What do I think about the scalability of the solution?
It's great! This is one of the major features of the solution.
How are customer service and technical support?
Technical support is good, but not great.
How was the initial setup?
It was straightforward, but we had to do some customization.
What about the implementation team?
When choosing a vendor, we always consider:
- Diversity of Connecting Systems
Which other solutions did I evaluate?
We considered another solution from HP and ArcSight.