We use Sophos now. Sophos provides us with a team called MTR. The team analyzes the vulnerabilities in our network. We need to pay separately for it. However, compared to us, they have better product knowledge. This kind of support is not available in QRadar. It will be great if IBM adds these features.

In my experience, Splunk is efficient because it is customizable. You can create scripts to detect multiple behaviors based on scheduled jobs. 

We chose QRadar over McAfee ESM.

We looked at ArcSight but the cost is more expensive than IBM. ArcSight did have the artificial intelligence model.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

We are looking at implementing a SIEM solution, and currently, we're comparing various commercial and open-source SIEM solutions. We have tested Wazuh, which is an open-source SIEM solution, but we have not finalized anything.

We chose this solution because it was provided to us through software as a service.

QRadar was at the top our list. We also looked at other solutions such as HPE ArcSight and Splunk. The reason we went with QRadar is because we could bring it on-prem, which made it nice, and we also use other IBM products as well.

In general, when selecting a vendor, support is probably going to be the number one criteria. Then, the second criteria is the availability of the product; the product is not very good if it's not available, it's broken, etc.

We did not evaluate other options prior to selecting QRadar.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

Other solutions were investigated but none none came close to QRadar's capability.

QRadar UBA's price is a little more than street price and could be reduced.

I am familiar with products from other vendors, such as McAfee. We specifically evaluated Splunk, which is a good solution but there is no local partner in Turkey for support. Having a local partner is very important to us.

We chose this solution because we have a good relationship with IBM, and they are able to provide us with local support.

We have evaluated only the large vendors. As we have a long-standing relationship with IBM, that's why we moved to QRadar. I don't know which other vendors were on the shortlist for evaluation.

We didn’t evaluate other solutions. However, in my career, I saw Splunk, RSA, ArcSight, and AlienVault.

We do a SIEM solutions review every few years. Other options we have evaluated: LogRhythm, Splunk, AlienVault.

The two big options we evaluated would be IBM and HP. What we understood was that QRadar would be a more simplistic implementation, taking up less time.

I did not choose this product.

There are competing products but IBM is a well-known brand so for the most part, we offer IBM QRadar to our clients.

I am evaluating Splunk.

I have used several other products including ArcSight, AlienVault, and Splunk. Some of these solutions are on-premises or in-house.

I do not like Splunk, but I think that ArcSight is a good solution. ArcSight is complicated, but it is a more mature solution with much greater options than IBM is offering in QRadar.

We chose this product based on the Gartner Magic Quadrant review. I had gone through a few PoCs and chose this tool, as it is full-proof.

I also evaluated a lot of SIEM solutions, but I like LogRhythm and QRadar. 

We considered another solution from HP and ArcSight.

We did not evaluate any other options.

We did look at a few other options. 

We compared it to Splunk. The only difference between QRadar and Splunk is that Splunk works on the data analytics, This makes it easy to help create those data lakes and searches whereas QRadar does not focus on that. The SQL database on the back end, takes some time and it's not so flexible in data storage or data lake creation, so that is the only backfall of QRadar. 

Additionally, Splunk is app based, and QRadar is not app based.

QRadar needs a lot of fine tuning. I had to schedule meetings with IBM for help. For example, one of the things that we were having difficulties with QRadar is that the detection rules are sent by IBM and we wanted those detection rules. In one case, I know there's new malware out there, BlackIce, but I am not able in QRadar, because it's a managed service, to go in and create a detection rule that say the malware is out.

I wasn't completely part of the whole process when they chose a product. I know they evaluated AlienVault, which unfortunately I do not have any experience with. I'm not able to provide pointers as to why the company chose IBM QRadar. I believe it's because we are a partner with them.

We evaluated HPE ArcSight.

We are a grounded manufacturing and pharma organization, thus we are looking for vendors with proven skill sets in that arena. We are bound by more regulations than any other industry, so we look for certain certifications that the vendor should have. They should be compliant with the USFDA guidelines, before we select a vendor. After we start evaluating vendors, it does depend on the versatility and the scalability of the solutions.

Currently, there are a couple of vendors in the shortlist. After we complete our pilot, we will be choosing one single vendor. We are a SAP shop for ERP, so we did have some discussions about the interoperability within IBM and SAP. I think both of them are good partners in that area. At this point, we are not looking for any other vendors.

I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.

We evaluated  ArcSight, LogRhythm, Splunk, etc.

I wasn't completely part of the whole process when they chose a product. I know they evaluated AlienVault, which unfortunately, I do not have any experience with, neither was I part of the whole processes. I'm not able to provide pointers as to why the company chose IBM QRadar. I believe it's because we are a partner with them.

We have a security department in the Czech Republic. We are basically only implementing IBM security products.

We did evaluate other similar products that are good, such as McAfee ESM and HPE ArcSight.

Yes, for each project we discuss which product to choose, and decide depending on what suits our needs.

SolarWinds is one of the solutions that we use for our NOC operations. We had internal discussions and considered many parameters, but later we decided to move to IBM.

We are recommending IBM QRadar, SolarWinds, and ArcSight to our clients.

We evaluated LogRhythm. LogRhythm is a really good product. It's close to QRadar, but, as I mentioned, those custom parsers. Also, LogRhythm's a little more difficult to install; we did the PoC for both leading SIEM solutions. Working with other IBM products, plus getting a discount for how much IBM stuff we already buy; it was easier for us to go with the QRadar route.

In general, when I go to work with a vendor, the important criteria I look for are how well they build relationships with you; how well they're willing to help you. Also, what are little things they're willing to do for free? Are they willing to, maybe, teach you how to do something a little bit here and there for free? Little things, give and take, here and there, make a good relationship with a vendor.

Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.

We looked at numerous other players. We chose IBM because it has a lot of power, and you can grow it as much as and however you want it to.

When I am looking for a vendor, I don't look for a VAR, I look for a partner.

I had the chance to test some other products, and there is a lot of them on the market. However, when you have to deploy and manage it, not just demo it, it is a total different story.

QRadar is not perfect, but I have had the chance to manage ArcSight, Sumo Logic, Unomaly, and RSA for some specific features, and comparatively, QRadar is good

We did consider other options before choosing this product.

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

• Mcafee Nitro
• Juniper STRM
• AlienVault. Note. We would probably have used AlienVault but there was no representation in Asia Pacific at the time
• TrustWave

We have compared Securonix and many other solutions to this one.

We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.

I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.

My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared. 

We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.

We evaluated all of the Gartner top quadrants.

We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.

I work as security engineer for the Department of Justice. We test hundreds of applications. I actually see which ones work best for the infrastructure.

We didn't evaluate any alternatives. We have yearly talks with the IBM consulting team. We look at the trends.

The SIEM solutions list we looked from included IBM, Cisco and Check Point.

The most important criteria while selecting a vendor are that it is a future-proof and tabulating solution. Also, the other factors involved are being a global leader and getting us up there as well.

The primary reason as to why we chose IBM is because we had a significant local presence. Also, QRadar's portfolio and its features on the Gartner's website were pretty much at the top end, i.e., as a leader in the leadership aspect.

We did evaluate other options. I think Splunk is the second-best option.

I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.

Splunk and Logrhythm..

We evaluated Check Point, but went with IBM because of price.

We evaluated Red Hat and Bonita. We now prefer Red Hat for the price.

We looked at other solutions such as RSA enVision and HPE ArcSight.

We did evaluate other options before selecting this product.

We evaluated LogRhythm and Splunk. 

• LogRhythm had limitations.
• Splunk was never designed to be a SIEM.

We evaluated AlienVault, McAfee, and Splunk.

When I joined the company we were already partners with IBM. I didn't have much experience with other products.

We looked at other solutions, such as McAfee Nitro and LogRhythm.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

We also looked at LogRhythm.

We looked at another solution, NitroSecurity Inc.