IBM QRadar Review

Good visibility of network and endpoints, correlate events to specific point-in-time

What is our primary use case?

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

How has it helped my organization?

This has been indispensable in detecting intrusion attempts and many forms of malicious activity. 

What is most valuable?

This solution provides amazing visibility into the network and endpoints. The ability to correlate point in time and things happening over time is priceless in today's threat environment.

The rules can look for things both from log sources and from data traversing your network which is unique in the SIEM world and makes QRadar a consistent magic quadrant leader.

The QNI file hash in-flight search is helpful.

The ability to transition from microscopic to macroscopic view, instantly, is very good.

What needs improvement?

I would still  like to see a better GUI. improvements have been made but there still a way to go.

There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again.  In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered  carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for  5 or 6 figures in hardware  and software, it aught to keep up with my typing. 

But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

For how long have I used the solution?

I have been using IBM QRadar for more about five years.

What do I think about the scalability of the solution?

Scalability is very good.

What's my experience with pricing, setup cost, and licensing?

This is not a trivial undertaking. You will need at least one experienced user and considerable infrastructure to support this if you use the on-prem version which we did. The cloud version has less overhead but there are some limitations so choose carefully.

Which other solutions did I evaluate?

Other solutions were investigated but none none came close to QRadar's capability.

What other advice do I have?

If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More IBM QRadar reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,057 professionals have used our research since 2012.
Add a Comment
ITCS user