IBM QRadar Review

Well priced with information granularity, but has lousy tech support and provides false positives of attacks

What is most valuable?

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

What needs improvement?

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

For how long have I used the solution?

I have been using IBM QRadar for five years. 

What do I think about the scalability of the solution?

When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities. 

How are customer service and technical support?

IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls. 

I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this. 

How was the initial setup?

The initial setup is quite straitforward and not so difficult. 

What's my experience with pricing, setup cost, and licensing?

The pricing is always fine. 

What other advice do I have?

We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use. 

I rate IBM QRadar as a six or seven out of ten. 

**Disclosure: My company has a business relationship with this vendor other than being a customer: partner
More IBM QRadar reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,057 professionals have used our research since 2012.
Add a Comment
ITCS user