IBM Security QRadar Primary Use Case

Frank Eargle - PeerSpot reviewer
Information Security Engineer at Glasshouse Systems

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.

View full review »
Anto Sebastin - PeerSpot reviewer
Technical Presales Engineer at Redington India Limited

The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.

View full review »
MUHAMMADNADEEM1 - PeerSpot reviewer
Deputy Director at Board Of Revenue

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

View full review »
Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
KM
Head of Cyber security analysis at DNV Poland Sp. z o.o.

We analyze all our authentication traffic in QRadar UBA using the solution's AI module to detect and understand uncommon authentication patterns. There is also the rule logic, but we don't use that much. Instead, we mostly rely on AI to do that. In that respect, I wouldn't say we are using the product to the fullest extent because we only have the AI and what the CM is providing. We have a suite of security products, and QRadar UBA is only one source of information that we rely on.

QRadar UBA collects information on 16,000 employees in the company, including when they log in and out or when they launch applications. We have a team of 10 security analysts who go into the solution to check the alarms. IBM has set the solution up so that we only need to react to the alarms. The UBA will flag it if someone does something weird, and our security team will investigate the anomaly to see if that was valid or malicious. 

We are currently on QRoC — short for QRadar for Cloud — so it's the latest and greatest solution. It was originally on a private cloud, but we moved to the public cloud three years ago.

View full review »
Artur Marzano - PeerSpot reviewer
Security Analyst at Localiza

Currently, our main use case for IBM QRadar User Behavior Analytics revolves around investigating user activity: specific user activity which we find suspicious. We don't monitor the dashboard of IBM QRadar User Behavior Analytics actively, but whenever we have an alert from other tools, we use it to check whether the user has triggered rules in our SIEM, whether the risk score is high, and other suspicious behaviors we can track.

View full review »
Lokesh Puthalapattu - PeerSpot reviewer
Senior Marketing Specialist II at Harman International

Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.

View full review »
EM
Director of Incident Response at a retailer with 10,001+ employees

The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.

View full review »
Elshaday Gelaye - PeerSpot reviewer
Lead Technical Architec at Commercial Bank of Ethiopia

We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time. 

QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live.

We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.  

View full review »
YE
Technical Analyst at a manufacturing company with 10,001+ employees

Our company includes 20 senior engineers and analysts who use the solution to detect viruses on Windows servers and critical assets.

We also track user activity such as connections during travel. 

We have many use cases and playbooks in our portfolio. 

View full review »
Jacob_Koithra - PeerSpot reviewer
Project & Program manager at Shell Grp

We use the blocking mode and spam mode for the IPS - XGS 5000 series and use of QRadar as a SIEM Solution for logging and monitoring network security, security analysis, and monitoring for network-related attacks. 

The playbook is defined with identified use cases. IPS acted as an inline to the firewall. It helped to track and sniff the packet and match the details. It helped to reduce the insider and outsider attacks. The traffic is analyzed and helped users to know the patters and access level in the network and resource being used.

View full review »
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees

We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.

View full review »
Artur Marzano - PeerSpot reviewer
Security Analyst at Localiza

We use this solution for deploying and integrating log sources and use cases.

We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions.

We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments.

Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.

View full review »
Mohamed Elprince - PeerSpot reviewer
SOC Manager at ALEXBANK

Our primary use case is in the banking industry in two banks here in Egypt. We generally are monitoring the user behavior of the employees, For example, working after working hours, and signing into the machines after working hours.

View full review »
MG
IT Security Administrator at Zitouna Bank

I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.

View full review »
James Riffenburg - PeerSpot reviewer
Principal Cybersecurity Consultant (Architecture, Engineering, Operations) CISO VCISO at a financial services firm with 10,001+ employees

The primary use case of this solution is to help customize the workflows and dashboards for our clients in a secure manner.

View full review »
BS
CS engineer at AYACOM

We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.

View full review »
QI
Manager SOC at a comms service provider with 10,001+ employees

I'm an administrator. I have been leading the security operation center for the past four years. I have more than 12 members or SOC analysts for our 24/7 operations. I have been pitching the solutions to multiple customers, and I have also designed, implemented, and administered customer projects and completed them at the specified timeline.

We have many use cases. The most common use cases are related to insights into any threats from the inside and outside. I have also configured X-Force with QRadar, and we are getting all the feeds showing malware-based IPs, etc. I also have designed some anomaly-based rules in case anyone has logged in from outside Pakistan. Most of the rules are custom-based.

View full review »
ST
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees

We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.

View full review »
Abbasi Poonawala - PeerSpot reviewer
Chief Enterprise Architect at a financial services firm with 10,001+ employees

It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases. 

View full review »
DL
Head of Cybersecurity at a computer software company with 51-200 employees

I use IBM Security QRadar in my company as it provides features like SIEM, SOAR, and QNI.

View full review »
it_user1369023 - PeerSpot reviewer
Senior Manager Information Security at Conduent (formerly Xerox Services)

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar.

The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

View full review »
Ayoub Jaaouani - PeerSpot reviewer
Solutions Architectv at Smarttech247

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

View full review »
MT
IT Solutions Product Manager at SMTSTECH

I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.

View full review »
EG
Senior Information Technology Security Officer at a financial services firm with 5,001-10,000 employees

The tool helps with infrastructure, application, and network monitoring. 

View full review »
CV
Information Security Manager at a financial services firm with 1,001-5,000 employees

My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard.

My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities.

My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.

View full review »
Yaw Agyare - PeerSpot reviewer
Managing Director at Volta River Authority

Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.

View full review »
DB
Security Sales Consultant at Google, LLC

I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant. 

View full review »
AK
Works

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

View full review »
RU
Senior Solutions Architect at a manufacturing company with 51-200 employees

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

View full review »
Khalid Majeed - PeerSpot reviewer
Cyber Security Consultant at Software Productivity Strategists, Inc. (SPS)

We are implementors and implement this solution for our clients, who use it for analytics. 

View full review »
SD
IM Operations Manager at a tech services company with 1,001-5,000 employees

IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.  

View full review »
AK
Cyber Security Consultant at raf

QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.

View full review »
PK
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

View full review »
YS
IT Specialist​ at IT Specialist LLC

Our clients who are implementing or trying to implement a Security Operations Center use the IBM QRadar SIEM solution. This solution helps automate incident processing and provides visibility into the incident management process.

View full review »
Farid Lalayev - PeerSpot reviewer
Cyber Security Student at Baku Higher Oil School

We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc.

We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.

View full review »
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

View full review »
JM
Sr.Network Engineer at NTT Security

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

View full review »
DS
SOC Team Lead at a financial services firm with 1,001-5,000 employees

Depending on the organization's needs the solution can monitor different types of security through logs.

View full review »
CM
Security Operations Manager at a comms service provider with 501-1,000 employees

We mostly use the product for PCI compliance.

View full review »
DS
Works at a healthcare company with 5,001-10,000 employees

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

View full review »
AI
Chief Technology Officer at a tech services company with 51-200 employees

We are users and implementers of this solution. 

View full review »
HH
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. 

What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall.  However, that's the lesser use case.

View full review »
JN
Director of Information Security at a financial services firm with 501-1,000 employees

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

View full review »
MM
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel

This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.

View full review »
ÖO
B.T. Güvenlik Yöneticisi at a energy/utilities company with 10,001+ employees

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

View full review »
VP
Manager-Cloud Security Operations at a retailer with 10,001+ employees

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it. 

View full review »
willie.Na. - PeerSpot reviewer
System Engineer at Trans Business Machines Ltd

Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer. 

View full review »
JR
Cybersecurity Business Development Manager at a comms service provider with 10,001+ employees

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries. 

View full review »
DD
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees

We are using QRadar as a managed service.

View full review »
RO
Information Security Specialist at a comms service provider with 501-1,000 employees

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

View full review »
it_user398799 - PeerSpot reviewer
Sr. Security Analyst with 1,001-5,000 employees

In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.

View full review »
UzairKhan - PeerSpot reviewer
Business General Manager at Mutex Systems

We are a solution provider and QRadar is one of the products that we implement for our customers.

The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.

The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.

Endpoints are not included for most of the clients.

View full review »
VK
AVP - Cyber Secuirty at Cloud4C Services

We are using the current version.

View full review »
SS
Information Security Manager at a tech services company with 1,001-5,000 employees

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

View full review »
AI
Chief Technology Officer at a tech services company with 51-200 employees

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

View full review »
MI
Certified AIX I.T Manager at a financial services firm with 10,001+ employees

We primarily use QRadar for monitoring and preparing use cases. 

This solution is deployed on-prem. 

View full review »
JT
IT Security Analyst at a manufacturing company with 10,001+ employees

We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.

View full review »
MA
Information Security Manager at a comms service provider with 1,001-5,000 employees

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud. 

View full review »
it_user246402 - PeerSpot reviewer
Sr SIEM Consultant at a tech services company with 51-200 employees

As a PS consultant on projects where the customer is transitioning from a competitor's SIEM to QRadar, they are very pleased when they see the number of quality offenses being caught soon after implementation and integration of log sources just from the out-of-the box rules enabled by default.

View full review »
JT
Solution Architect at Ostec

We are using it for visibility and compliance.

View full review »
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at Magarah

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

View full review »
it_user927267 - PeerSpot reviewer
Senior Security Architect at a tech services company with 10,001+ employees

My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.

View full review »
OS
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services

My primary use case for this solution is to monitor security events in our cloud environment.

View full review »
GR
SOC Manager at Nais Srl

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

View full review »
PP
Management Executive at a security firm with 11-50 employees

We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. 

Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.

View full review »
RB
Founder at Halainfosec

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

View full review »
SP
Senior Security Engineer at a wholesaler/distributor with 10,001+ employees

This a Security Information and Event Management (SIEM) solution and we use it for many purposes.

View full review »
Md Saiful Hyder - PeerSpot reviewer
AGM, Enterprise Solutions at Omgea Exim Ltd

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

View full review »
AS
Co-owner and CEO at Data Security Solutions

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

View full review »
FC
Ingénieur d'étude R&D at DOGA

We primarily use the solution to develop software, for some device controllers.

View full review »
it_user1379427 - PeerSpot reviewer
Application Security Architect at Bank Al Habib Limited

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

View full review »
JJ
Managed Security Product at a comms service provider with 1,001-5,000 employees

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

View full review »
BK
Program Manager at a tech services company

Our primary use case for this solution is compliance. 

View full review »
WP
Vulnerability Manager at a tech services company with 51-200 employees

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

View full review »
it_user797751 - PeerSpot reviewer
Security Consultant at Varutra Consulting

We use it to detect security incidents.

View full review »
NH
General Manager at Global Solutions Services
  • CRM and billing system
  • 100 multiple technology servers: Windows AD, Linux, HP-UX, etc.
  • 40 firewall multiple routers 
  • Cisco Nexus switches
View full review »
VS
President, Consultant, Trainer at MEI Security

We use this solution for log correlation and alerting.

View full review »
NB
IT Security and Business Development Manager at a tech services company with 51-200 employees

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely. 

View full review »
Ahmed Hossam - PeerSpot reviewer
SOC Analyst Tier 2 at IP Protocol INC

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

View full review »
PD
Assistant Engineer at Harel Mallac Technologies Ltd

I use IBM QRadar for user behavior analytics, and mostly incident handling.

View full review »
JW
Solution Security Architect at PT. Sinergy Informasi Pratama

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

View full review »
MD
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar.

I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

View full review »
MH
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy.

You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on. 

View full review »
SU
Team Lead - Information Security at a computer software company with 10,001+ employees

The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.

View full review »
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

We are a service provider and we are providing the solution as a managed service for multitenancy security.

View full review »
GO
Marketing Director at a aerospace/defense firm with 1-10 employees

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

View full review »
SW
Cyber Security Consultant at Gulf Business Machines

We primarily use the solution for log collection and security incidents as well as event management.

View full review »
DP
Chief Technical Officer at IT Specialist LLC

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

View full review »
SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

View full review »
AF
Cyber Security Specialist at AEC

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

View full review »
SS
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

View full review »
JC
Director, Cybersecurity at a media company with 51-200 employees

We used QRadar SIEM over Juniper Secure Analytics platform. 

The company profile is telecom. The infrastructure has a large geographical spread.

View full review »
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at Magarah

IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.

View full review »
TG
Sr. Information Security Analyst at a insurance company with 51-200 employees

The primary use case of this solution is for monitoring the network.

View full review »
BB
Enterprise Architect, CISSP at a tech services company with 1,001-5,000 employees

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

View full review »
it_user970365 - PeerSpot reviewer
Cybersecurity Practice Lead at a tech services company with 201-500 employees

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

View full review »
TM
Senior Cybersecurity Consultant at CIA Botswana

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

View full review »
MB
Information Security Leader at a computer software company with 1,001-5,000 employees

We use IBM QRadar for user behavior analytics and incident handling.

View full review »
FA
Security Analyst at a security firm with 11-50 employees

SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar

It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. 

I am a security analyst working with QRadar.

View full review »
RR
IT Security Manager at a tech services company with 201-500 employees

Our primary use case is for monitoring global infrastructure.

View full review »
OK
Analyst at a tech services company with 501-1,000 employees

We use IBM QRadar to monitor security logs across the network.

View full review »
JS
Cybersecurity Architecture and Technology Lead at Appxone

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

View full review »
OU
Technical Consultant at activedge

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

View full review »
DA
Senior Server Security Engineer

Our primary use case of this solution is to identify threats. 

View full review »
BT
Assistant IT Manager at a insurance company with 1,001-5,000 employees

I use QRadar for cybersecurity defense, operation, and to improve performances.

View full review »
HG
Network Security Engineer at a computer software company with 51-200 employees

We are using IBM QRadar for threat protection and management.

View full review »
KA
AVP - Security at a tech services company with 501-1,000 employees

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

View full review »
LY
Partner at a tech services company with 1-10 employees
  • Origination process in banks.
  • Insurance claims on insurance companies.
View full review »
DC
Operations Analyst at a logistics company with 51-200 employees

I used the IBM QRadar product from 2015 until 2017.

View full review »
LD
Technical Presales at a tech services company with 1,001-5,000 employees

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

View full review »
OO
Cyber threat Intelligence Manager at CyberLab Africa

We use IBM QRadar for threat protection.

View full review »
MK
Practice Head at a tech services company with 51-200 employees

We have a POC environment but have not onboard it to any of our clients.

View full review »
LB
Security Engineer at a tech services company with 11-50 employees

The primary use of the solution in our deployment was for threat detection. 

View full review »
MH
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

View full review »
JM
CEO at a tech services company with 11-50 employees

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

View full review »
AC
General manager at a tech services company with 201-500 employees

We used this product as a SIEM, for information security.

View full review »
it_user984276 - PeerSpot reviewer
Senior Analyst at a tech services company with 201-500 employees

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

View full review »
RM
Senior Field Manager at a tech services company

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution. 

View full review »
VB
Principal Security Architect at a computer software company with 10,001+ employees

Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.

View full review »
DS
Works at a tech services company with 11-50 employees

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

View full review »
YC
Security Consultant at a tech services company with 11-50 employees

I use it to analyze incidents. 

View full review »
OO
Founder at a university with 11-50 employees

This product helps to build a strong architecture, which is important to avoid problems.

View full review »
KJ
CEO at Xcelliti

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

View full review »
GC
Queretaro at a tech services company with 1-10 employees

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

View full review »
MA
General Manager at New System Engineering

We are a partner and provide this solution to our customers.

View full review »
it_user923115 - PeerSpot reviewer
Cloud Security Architect at Nordcloud Oy

It is under a non-disclosure agreement (NDA).

View full review »
it_user956985 - PeerSpot reviewer
Sr. Security Engineer at OmnitechIT

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

View full review »
AS
Cyber Security Team Leader at a tech services company with 501-1,000 employees

Our primary use case of this solution is for our customer's operations. 

View full review »
it_user805179 - PeerSpot reviewer
Solution Architect with 201-500 employees
  • Users' behavior analytics
  • Monitor leakage for data
  • Payment card industry compliance
  • Integration with end points management system
  • Integration with Incident Response and Ticketing System
View full review »
SH
Pre-Sale Consultant (Technical) at a tech services company with 51-200 employees

We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).

View full review »
Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.