IBM QRadar Review

Enables our clients to detect threats and vulnerabilities in real time

What is our primary use case?

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

How has it helped my organization?

Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast. 

What is most valuable?

The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.

What needs improvement?

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.

The configuration steps are not easy to follow compared to NetWitness.

What do I think about the scalability of the solution?

Scalability is good. I have plans to increase usage it just depends on the contracts. If I get more contracts I get more people. Most clients want to manage security and so they would want to outsource their expertise. If they outsource their expertise that means I have to recruit more people.

How are customer service and technical support?

Their technical support is pretty good. 

How was the initial setup?

The initial setup was easy. It usually takes around three months or so. In terms of the implementation strategy, once we get the correct events sorted, the strategy is to connect enough events sources so that they give you an efficient solution. 

We require five to ten people for setup and maintenance. 

What about the implementation team?

I'm the consultant so we do the implementation ourselves. 

What's my experience with pricing, setup cost, and licensing?

The licensing depends on the customer. The pricing is good.

What other advice do I have?

I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment