IBM QRadar Room for Improvement

DAX Paulino
Cybersecurity Practice Lead at a tech services company with 201-500 employees
The first area for improvement is the cost. It's a little bit too expensive for us. Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it. In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting. View full review »
Program Manager at a tech services company
With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels. Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product. View full review »
Vulnerability Manager at a tech services company with 51-200 employees
I would like to see a more user-friendly product. I would like them to make it much more user-friendly. At this stage, you need to use a lot of widgets to do your searches. To advance searches, you must do a lot of Regex expressions. View full review »
Find out what your peers are saying about IBM, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: February 2020.
397,983 professionals have used our research since 2012.
Vulnerability Manager at a tech services company with 51-200 employees
It would be good if the program allowed certain profiles to only see certain customer information. View full review »
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused with our requests. View full review »
Cyber Security Specialist at AEC
There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar. View full review »
Larbi Belmiloud
Security Engineer at a tech services company with 11-50 employees
The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on. Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement. In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head. View full review »
Dameer Siddiqui
Senior Associate Consultant at Skill Orbit (Pvt.) Ltd.
The quoting and the dashboard session could be improved. It should be more user-friendly. Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product. View full review »
Senior Security Architect at a tech services company with 10,001+ employees
There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well. View full review »
B.T. Güvenlik Yöneticisi at a recruiting/HR firm with 10,001+ employees
There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment. The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten. View full review »
D.M.Hashim-Ul- Alom
Senior Server Security Engineer
I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client. IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution. View full review »
Nimesh Bhatia
IT Security and Business Development Manager at a tech services company with 51-200 employees
If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them. If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers. We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update. View full review »
Managing Director at a tech services company with 1,001-5,000 employees
They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not. View full review »
Sr. Security Analyst with 1,001-5,000 employees
Keep up with more apps. They need to continue working with other companies to develop apps for integrations. Yes, they currently have 192 apps, but that number is nowhere near the number of security products on the market. That means if your company has a product that is not in the application list then you just have to work a little harder to pull the data you need from the log source. I'm not against hard work, I'm just trying to work smarter and faster. Time is money, so saving time without compromising the end product is a win for everyone. It would reflect well for IBM because it would show they understand the customers’ needs and it would reflect well internally because we would be able to present cleaner dashboards and reports without hours or days devoted to building them. View full review »
Security Analyst at a security firm with 11-50 employees
QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one. Plus, it is also vulnerable because the ports used to integrate those log sources with QRadar are well-known and most of them are vulnerable ones. View full review »
Director of Market Enabling Solutions at a tech services company with 51-200 employees
The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging. View full review »
Chief Technology Officer at a tech services company with 51-200 employees
There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer. The ticketing system is not fully automated and needs to be improved. There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team. The pricing needs to be such that they are more competitive with other vendors. View full review »
Network Security Engineer at a health, wellness and fitness company with 10,001+ employees
The overall workload automation should be built into it. Part of the efficiency side of it is the ability to take the information as it comes in and assign it into a group. Now, the team leader no longer needs to assign it manually. He manages the workflow as it comes in directly to the individuals. Then, the individuals respond on it. As it closes, it goes back to the workflow, recording the amount of time it took for them to close it. It should show: * How long did it take to get assigned? * How long did it take for the person to open it? Then, you can show that a person may have issues opening network problems. View full review »
Muhammad Adeel
Senior Security Engineer at dig8labs
The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops. View full review »
Mathieu Dorckel
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees
The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM. View full review »
Onyegbule Uche
Technical Consultant at Activedge Technologies
I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place. View full review »
Phillip Okemwa
Senior Information Security Analyst at a financial services firm with 501-1,000 employees
I would like for them to lower the price. View full review »
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees
The implementation and configuration are not easy. We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk. View full review »
Information Security Manager at a comms service provider with 1,001-5,000 employees
There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product. View full review »
Douglas Concepcion
Security Solutions Architect at Micro Strategies
QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior. View full review »
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at Cyber Intelligence Agency Pty Ltd
The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved. The configuration steps are not easy to follow compared to NetWitness. View full review »
Luis Yndigoyen
Partner at a tech services company with 11-50 employees
For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers. View full review »
Harshit Jaiswal
Security Consultant at Varutra Consulting
The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects. They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal. View full review »
Lead Security Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
* User/identity modeling needs improvement. However, it seems that they are already focusing on that. * Needs better visualization options beyond the time series charts and a few other options that they have. View full review »
Daniel Sichel
User at a healthcare company with 5,001-10,000 employees
I would like to see a better GUI. Think xterm circa 1995. Painful at times. There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again. In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for 5 or 6 figures in hardware and software, it aught to keep up with my typing. But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else. View full review »
Marketing Director at a aerospace/defense firm with 1-10 employees
The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool. View full review »
Shaikh Jamal Uddin
Senior Information Security Consultant at Secure Coat
Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements. View full review »
Senior Information Security Analyst at a tech services company with 501-1,000 employees
I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions. View full review »
General Manager at New System Engineering
It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices. View full review »
Mika Suomu
Cloud Security Architect at a tech company with 201-500 employees
* Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more. * The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. * I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions. View full review »
Rajeev MM
Senior Analyst at a tech services company with 201-500 employees
They should introduce some automation into the product. View full review »
Senior Field Manager at a tech services company
I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution. View full review »
Rossella Falcone
Sr. Security Engineer at OmnitechIT
It needs more resilience and functionality. View full review »
Sebastian Osterc
Member at CIFAL Argentina
The user interface needs improvement. View full review »
Manager, Cybersecurity at a tech company with 11-50 employees
Dashboards and reports could provide better visualization of SIEM activity. An executive or CISO dashboard would be nice to have by default. View full review »
Daniel Christian
Operations Analyst at a logistics company with 51-200 employees
QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold. View full review »
Yong Chen
Security Consultant at a tech services company with 11-50 employees
They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement. View full review »
Nizar Hedhili
General Manager with 11-50 employees
* Data encryption * Flow encryption * Third-party compliance * Its architecture is very complicated. * Its hardware is Lenovo-based. View full review »
Software Trainee at a tech services company with 1,001-5,000 employees
The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS. View full review »
Vik Solem
President, Consultant, Trainer at MEI Security
We would like to see better instrumentation for debugging changes in the log flow. View full review »
Find out what your peers are saying about IBM, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: February 2020.
397,983 professionals have used our research since 2012.