Most Helpful Review
Lacks log/URL monitoring and reports are limited to 1,000 servers though it's relatively inexpensive
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.
The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.
It is very stable. We have not faced interruptions in the past four and a half years.
It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well.
It is really helpful to us from the compliance point of view.
The initial setup is not complex or difficult.
QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure.
Flexible architecture: You can extend the system and its capacity by attaching another cluster pair.
With this tool it is interesting to show the info to the client and explain where the traffic is.
It's given us the ability to create various real-time network performance reports and distribute them to any colleague who can access these reports immediately.
The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go.
Scalability. I have never had to worry about how to handle really big environments.
The monitoring of the network is very customizable. That is its unique feature.
I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution.
Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer.
AI is superb but need improvements.
Technical support is good, but not great.
The tech support is not that good.
The Indian tech support is not helpful.
It is not app based.
The initial setup was complex, and it took six months.
SevOne should work with the graphs legend functionality.
The method of searching for SIP and the way to create the groups.
Software upgrades can be tricky is not easy.
There is no service mode setup in this monitoring tool if you want to snooze alerts for any specific amount of time, to account for any activity change or major incident.
The GUI: both the dashboard/user view and the admin tool.
Pricing and Cost Advice
It is cheaper than ArcSight.
The cost of this product is expensive.
It is very expensive.
A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing.
Pricing and licensing are competitive. Their new licensing options allow logs to bypass the correlation engine for a flat rate, which is also appealing for log data that is compliance-driven for a small amount of money.
Pricing (based on EPS) will be more accurate.
An X-Force feed is free with QRadar.
It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises.
Prices per license are not huge, but they exist.
It is inexpensive compared to other monitoring tools.
Choose a SevOne partner who can provide SevOne as a service and can deliver professional services and maintenance.
Have a bank of licenses, because it is about the number of objects (RAM, ports, CPU, etc.).
out of 41 in Log Management
out of 41 in Log Management
Compared 41% of the time.
Compared 10% of the time.
Compared 8% of the time.
Compared 11% of the time.
Compared 8% of the time.
Compared 6% of the time.
Also Known As
|QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar|
The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.
With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.
SevOne provides the only digital infrastructure performance monitoring solution engineered for Speed at Scale for the world’s most demanding service-delivery environments. The patented SevOne Cluster™ architecture leverages distributed computing to monitor any device in the service-delivery path, integrating performance metrics, flows and logs at scale, and providing answers in seconds to prevent performance-impacting outages. SevOne’s global customer base includes 5 of the 7 top global investment services companies, enterprises, CSPs, MSPs and MSOs. SevOne is backed by Bain Capital Ventures and was named a Visionary in Gartner’s 2015 Magic Quadrant for Network Performance Monitoring and Diagnostics. More information can be found at www.sevone.com and SevOne’s video channel and community, The Network Project. Follow SevOne on Twitter at @SevOneInc.
Learn more about IBM QRadar
Learn more about SevOne
|Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.||Aflac, Comcast, Credit Suisse, CSC, eBay, Electronic Arts, Lockheed Martin, NASDAQ, Telstra, Time Warner and Verizon.|
Financial Services Firm27%
Financial Services Firm18%
Comms Service Provider12%
Comms Service Provider42%
Comms Service Provider34%
Financial Services Firm15%