IBM QRadar Review

Scanning by the Vulnerability Manager and alert-generation are key features for us


What is our primary use case?

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

How has it helped my organization?

Instead of logging in to multiple devices and checking the logs, QRadar gives us one centralized point for comparing data against each other and rules to make sure that you don't miss anything. It tells you where all the detections happened. It provides easier access and we pick up things way quicker than in the past.

What is most valuable?

The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.

What needs improvement?

It would be good if the program allowed certain profiles to only see certain customer information.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

If you're running the latest version under recommended specifications, it is very stable thus far.

What do I think about the scalability of the solution?

It's scalable.

How are customer service and technical support?

The technical support has definitely improved. In 2016-17 it took me about ten hours to get a reply from IBM. It now takes an hour to two hours for them to reply to me.

If you previously used a different solution, which one did you use and why did you switch?

We went with QRadar because it's a more well-known product. I was only using the AlienVault Community Edition, a free version. It wasn't a fully-paid version I was using at the time. IBM QRadar was just the product the company was using.

How was the initial setup?

The setup is straightforward. The last one I did took me about three days. It only takes half an hour to set up QRadar, but getting the other systems to talk with QRadar, to forward syslogs, is what took the additional time, because I didn't have all the login information. If you've got all the relevant information, it shouldn't take you more than a day to set it up.

What's my experience with pricing, setup cost, and licensing?

QRadar is quite expensive. It wouldn't be worth it for a small business unless, through a third-party company, they used it in a software-as-a-service type of arrangement, rather than buying the licenses outright.

There are additional costs beyond the standard licensing fees. For example, there are add-ons like the QRadar Vulnerability Manager.

What other advice do I have?

QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product.

In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one dashboard and about ten people would be monitoring it. The users have a specific role.

The amount of staff required for deployment or maintenance depends on the type of update or patch that's being deployed. For deployment of a new patch it, it could take anything from an hour to about ten hours. It depends on the patch, how big the patch is, and if you've gone through a testing phase or not. So there are multiple dependencies on how long it would take. An average, for me, would be three hours to do certain deployments.

Currently it's being used quite widely. The only downfall of this product would be its price. I wouldn't recommend it for a small company. For larger companies I know it's being widely used.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest

Sign Up with Email