IBM Security QRadar Reviews

We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc.

We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.

The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.

IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.

There isn't any additional feature I'd like added to IBM QRadar at this point because it's sufficient for visualizing the logs.

I've been with the company for one and a half months, and I've been using IBM QRadar almost daily, but the solution was deployed five or six months ago.

IBM QRadar is a stable solution.

IBM QRadar is a scalable solution. My company currently has seven to eight different accounts on IBM QRadar, so it's a scalable technology. It has no problems with scalability.

I didn't have any problems with IBM QRadar, so I never contacted the technical support team.

I'm assuming that the main reason my company chose IBM QRadar is that IBM is one of the biggest tech companies in the world, so IBM products would be more secure and more reliable than other solutions.

As I didn't set up or deploy IBM QRadar, I have no information on whether it was easy or complex to set up.

I have no information about the licensing costs of IBM QRadar, and whether or not it requires a license.

I'm an intern at one of the biggest telecommunication companies, and my company uses IBM QRadar.

My advice if you want to use IBM QRadar is that you should use it because it's very scalable and it's easy to use. The solution also has many dashboards, and you don't have to write any code or write different scripts to get the information you need. You can do it from the UI of IBM QRadar. The only room for improvement in the solution is that it doesn't support newer technologies, and it's late when it comes to updates.

I'm rating IBM QRadar nine out of ten because my experience with it has been excellent. The only downside to it is that IBM is late with adding new features or supporting new technologies compared to its competitors.

My company is an IBM QRadar customer.

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

I have been using IBM QRadar User Behavior Analytics for approximately three years.

IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

The scalability of IBM QRadar User Behavior Analytics is good. 

We have two people using this solution. We do not have plans to increase usage.

We use a consultancy company for support and are not directly connected to IBM support.

The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

I rate the price of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

I rate IBM QRadar User Behavior Analytics a six out of ten.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

Depending on the organization's needs the solution can monitor different types of security through logs.

I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.

There could be better integration with the solution.

I have been using the solution for approximately three years.

Every solution has some bugs and other issues but for the most part, this solution is stable.

The solution is scalable. The amount of users is dependant on what your needs are. You can have many users having access to the solution. For example, out of a 5,000 person network, you could have five with access to it for security. 

The solution has great support. Whenever we had an issue they were able to give us support within 15 minutes.

The installation was easy but this can depend on what appliances you want to install it on. If it is VMware, then the installation is easy, it took me 30 minutes.

We did use a consultant to do the deployment and we only needed one technician.

The solution is priced fairly, there is a license for the solution, and we pay annually.

I would recommend the solution to others and we plan to continue using it in the future.

I rate IBM QRadar a nine out of ten.

We mostly use the product for PCI compliance.

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

It is generally very stable. We've had odd little breakages, however, generally, nothing major has gone wrong. The performance is good. It's a reliable product.

The scalability aspect of the product is very good. That was one of the reasons that we bought it. If a company needs to expand it, it can do so with relative ease. It's not hard.

Currently, all the members of the tech ops team use the product, and there are five of them.

We may not increase usage; we may switch to something else. That has yet to be determined. It's not set in stone.

We've used technical support in the past and we haven't been satisfied with the level of service on offer.

Trying to get answers out of IBM is like trying to get blood out of a stone. They need to be more helpful and responsive. Right now, they aren't either of those things.

The initial setup was not difficult or complex. It was very straightforward. A company should have too much trouble with the process.

The deployment process was very, very quick as well. There is a collector deployed on our network. We spun that out. You point your log sources at it, you point it at some IP addresses that IBM gives you, and it just works.

We did not use an integrator or consultant for the deployment. We handled it ourselves, with our own staff. Everything was done in-house.

The product is not a cheap solution. it's quite expensive.

We do also pay more in order to use Watson.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

We are just a customer and end-users. We don't have a business relationship with IBM.

We are using the latest version of the solution, as we have the cloud version of the product. Whatever the latest version is, IBM upgrades it automatically. We don't need to worry about that on our end.

In general, I would rate the solution at a seven out of ten. If it were cheaper it might rate a bit higher, however, for the most part, it does what we need it to do.

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

This has been indispensable in detecting intrusion attempts and many forms of malicious activity. 

This solution provides amazing visibility into the network and endpoints. The ability to correlate point in time and things happening over time is priceless in today's threat environment.

The rules can look for things both from log sources and from data traversing your network which is unique in the SIEM world and makes QRadar a consistent magic quadrant leader.

The QNI file hash in-flight search is helpful.

The ability to transition from microscopic to macroscopic view, instantly, is very good.

I would still  like to see a better GUI. improvements have been made but there still a way to go.

There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again.  In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered  carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for  5 or 6 figures in hardware  and software, it aught to keep up with my typing. 

But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

I have been using IBM QRadar for more about five years.

Scalability is very good.

This is not a trivial undertaking. You will need at least one experienced user and considerable infrastructure to support this if you use the on-prem version which we did. The cloud version has less overhead but there are some limitations so choose carefully.

Other solutions were investigated but none none came close to QRadar's capability.

If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.

QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

I've been using QRadar UBA for two and a half years.

QRadar UBA is quite stable.

QRadar UBA's price is a little more than street price and could be reduced.

I would rate QRadar UBA seven out of ten.

From a sales perspective, IBM QRadar is very competitive when it comes to prices. It's a flexible and valuable product. It has a good edge in the region and good references as well. You can easily capitalize and upsell on whatever you sold previously.  It's a modular product, so you can set up a roadmap and plan for your customers. This is one of the main advantages of QRadar.

Right now, there are a lot of solutions in the market that consider themselves next-gen SIEM solutions, like AzureVM. IBM QRadar can be revised considering the competition, market segment, references, and the maintenance of the landscape.

Some modules can be shared as embedded within the same solution because this would be a compelling edge versus others. When it comes to other products, like LogRhythm for example, they can consider the SOAR and the threat Intel embedded with the SIEM Solution licenses. However, when it comes to IBM, they consider each module as a separate license with a separate cost. So it doesn't make sense to compete if the customer isn't convinced with IBM, because you'd have tough competition when it comes to financials.

I have been using QRadar for more than five to six years.

IBM QRadar is a stable product.

I would rate it an eight out of ten.