IBM QRadar Review

Custom parsing tool makes customization easy, and UI is friendly

How has it helped my organization?

The features make my work easier.

What is most valuable?

The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.

Customizing it is very easy and it has a user-friendly interface. 

What needs improvement?

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

The scalability is good. I'm quite satisfied with it.

How are customer service and technical support?

Technical support is the area IBM should work on. Support is not that responsive. If I open a support ticket, it takes three to four days for them to respond. They take that much time.

Which solution did I use previously and why did I switch?

I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.

How was the initial setup?

The initial setup was very straightforward. I didn't have to do anything once I installed it and configured it. It was very simple. Other solutions I have worked on, such as McAfee and LogRhythm, are a bit complex. This one is very easy to install and configure.

The deployment takes one to two months, max. The implementation strategy is totally dependent on the number of EPS, the requirements, and the types of log sources. We collect this information and then create our strategy.

I have been an engineer in many firms. I have deployed it by myself. One expert can deploy it. If there are 100,000 EPS you'll need more resources. If you have 5,000 to 10,000 EPS, one person can do it.

What's my experience with pricing, setup cost, and licensing?

IBM has subscriptions plans that run for one year.

What other advice do I have?

Overall, it's much better than other products.

In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment