IBM QRadar Review

Has great scalablity, if you use APS 25 GPS license you can change to 3000 EPS anytime

What is our primary use case?

Our primary use case of this solution is to identify threats. 

How has it helped my organization?

We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is. 

What is most valuable?

This solution has many valuable features but I especially like the Log Manager feature.

What needs improvement?

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

IBM QRadar is stable and scalable. 

What do I think about the scalability of the solution?

Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.

How are customer service and technical support?

We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support. 

How was the initial setup?

The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions. 

It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.

What about the implementation team?

We deploy it for our clients.

What's my experience with pricing, setup cost, and licensing?

Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.

What other advice do I have?

I would rate it an eight out of ten. Not a ten because of the complex interface. 

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment