IBM QRadar Review

Alerts and correlates the aggregate events or offenses we receive through all the applications we use

What is our primary use case?

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

How has it helped my organization?

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

What needs improvement?

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and technical support?

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

Which solution did I use previously and why did I switch?

I've used Alien Vault, McAfee, and Splunk.

How was the initial setup?

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

What about the implementation team?

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

What's my experience with pricing, setup cost, and licensing?

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

What other advice do I have?

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment