IBM Security QRadar’s GUI could be improved.

View full review »

Most people handling QRadar in organizations are IT engineers. They do not have experience with the tool. They read from manual documentation. If there is an emergency to search for details about malware, we need a response team’s help. Sophos has a team called Managed Threat Response. The team conducts investigations in our network. This feature is not available in IBM Security QRadar. They only provide technical support. The product does not have a team for investigating malware.

View full review »

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

View full review »

Better algorithms or AI would always be appreciated, but this product does what it's supposed to do. And maybe there is something behind the scenes that could be improved, but I don't know. 

UBA is a plugin for QRadar SIEM. If we're talking about the SIEM solution as a whole, there is a lot I can talk about, but there isn't much to say about UBA as a standalone. I'm not in a position to criticize or comment on the underlying code.

View full review »

What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. For example: we are constantly looking for updates on the app and other features, so we could have a better user experience. Some screens are a bit clunky. We're still trying to figure out whether the solution is going to have a better user experience in the future, but nowadays it's a bit too complex. We need it to be more user-friendly.

View full review »

Whenever we are upgrading or installing any type of patch, at that time we have some delays. 

 Sometimes by mistake, AWS has migrated some other accounts to my enrollment. At that time, we receive a notification special for that. We have created one rule and a case. We receive a notification and we are informed that the Amazon AWS team, sent an email apologizing for this happening. They have confirmed that going forward we will not receive this type of account modification issue. They have sent an email to us. 

If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed. It is because Splunk is using Elasticsearch, while IBM QRadar User Behavior Analytics uses a normal one. For example, if Splunk takes two minutes, it will take IBM QRadar User Behavior Analytics approximately three minutes.

View full review »

It needs a little bit perhaps more fine-tuning on the SIM aspect of it. Out of the box, it's just not one of those things that I leverage as a single source of truth regarding the user behavior analytics aspect of it.

With QRadar, IBM has had ample time to innovate, make changes to the interface, and keep up with some of the competitors. Yet, IBM delays innovating QRadar, since, once people are tied into it, they stick to the SIM as that's what they're used to. Right now, you have many other players in the market, like Datadog, Sumo Logic, and Splunk. Splunk has a ton of connectors as well, which is making it more appealing for other people to look at other solutions, especially when they're trying to look at a cloud-native solution.

There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies. I know that many other solutions now provide ease of use in terms of sharing rules and for identifying and tracking some of these zero-day vulnerabilities out there. Radar needs to do the same.

View full review »

The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity. We deal with large data sets so need to have great visibility for detection of malicious activity and indicators for cybersecurity. 

For example, the dashboards for Power BI and Splunk are very efficient and it is easy to observe suspicious activity. 

View full review »

The user behavior analysis could be better. The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help. The security playbook needs more help when it comes to QRadar. The QRadar implementation guide, especially in cluster environment, is complicated to deploy in an enterprise level. The support of SIEM of QRadar is complicated and when we encounter implementation issues it needs quick response. The skilled resources are really important for support.

View full review »

SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar.

It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want. 

If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment.

View full review »

One thing one has to be aware is that qRadar doesn't have a standard UI style, but older (clunkier) and newer (more modern and easy to use) screens. The QRadar UI involves a lot of clicks and pop-ups to get where you want, which is certainly not the best UX, but isn't totally a pain also. Although it's a bit difficult to navigate through screens at first, the UX is pretty good once you learn the "qRadar way", which takes about a few weeks to master.

View full review »

I would like to see the interface improved along with the tuning and any adjustments when it comes to maintenance. It is not straightforward. I would also like to see some artificial intelligence and alternative solutions.

View full review »

I would like to see QRadar add more integration and interoperability. For instance, we are not able to send logs from Windows servers. We can send logs to the QRadar server from network devices and other types of servers. However, we have more than a hundred Windows servers that still don't use QRadar. 

View full review »

IBM Security QRadar is not hard to implement and administrate. To serve new use cases or do the tuning and allow correlation rules, you may need training since it is necessary to know the solution. With IBM solutions, you need training to know how to use the different features of the solution. IBM needs to provide training to its users to teach them how to use the case manager and how to tune rules.

View full review »

The solution can be improved by lowering the cost and bettering their technical support.

View full review »

The solution is still new to us. Currently, it's a work in progress with this. I'm not in any particular condition to tell what exact improvements are required. I will let a few more months go by before analyzing the overall UBS solution QRadar to get to know and final understanding of this particular application.

There are a lot of things that require modification. That's my initial observation, however, I need more time and a few more months to get to know it and get a final understanding of the solution as a whole.

I want a reduction of false positives. I want crisp true positive incidents out of it. I want to see proper user behavior. Whatever algorithm is working in the background, that algorithm should produce accurate, true positive incidents and not false positives.

View full review »

It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar. 

Its reporting can be improved.

View full review »

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

View full review »

The AQL queries could be better. With the queries, there's an option for you to create dashboards based on the queries that they have. The documentation that is available for AQL queries is not well received. They could maybe look at how Microsoft is leveraging AQLs from a Sentinel perspective and create more documentation and training materials and make those more available to the general public.

They have to facilitate more learning opportunities. Microsoft has something called Playground where you have some sample logs and where you can learn how to work on all this stuff, however, there is nothing like that for IBM. They really could make it more generalized and accessible to the general analyst population.

Technical support should be improved.

View full review »

I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side.

It could have pre-defined automation and integration of all those device parameters that analysts have to share manually.

View full review »

In terms of the GUI, they need to improve the consistency. It has been written by different teams at different times. So, when you go around the interface, you'll find a lot of inconsistencies in terms of the way it works.

I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that. 

Their support should also be improved. Their support is very slow, and it is very difficult to find knowledgeable people within IBM.

Its price and licensing should be improved. It is overly expensive and overly complex in terms of licensing. 

View full review »

I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. 

It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.

View full review »

We appreciate ease of use in the product, so I suppose they could bring the cost down. I haven't really thought about possible improvements. They've added a lot of good features to the apps. I'm still exploring those and there are a lot of good features there.

View full review »

The price of IBM Security QRadar is an area of concern where improvements are required. IBM is never known to provide products at a cheap price.

IBM Security QRadar's UI is an area with certain shortcomings where improvements are needed.

In the future, I would like IBM Security QRadar to have a library of adapters or APIs.

The area around recovery time is an aspect of IBM's technical support where improvements are required.

View full review »

When it sends the log source, QRadar generates a lot of noise and false positives. LogRhythm logs when the alarm rules are disabled, so it doesn't generate any noise when sending the log source. I think LogRhythm's one, this one too. QRadar, we have to cure it all the time. It's only this advantage with QRadar.

I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less. 

IBM needs to integrate better with Huawei. I opened one case with IBM, and they told me to submit a request for enhancement so they could write the correct DSMs to integrate with Huawei. We were very disappointed. Customers who want to implement QRadar or LogRhythm need to consider all the other components. The environment needs to be homogenous to avoid problems due to a lack of integration.

View full review »

A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.

View full review »

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

View full review »

I would like to see more integration in place after the security lock.

View full review »

I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. 

Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet. 

There are two types of dashboards in QRadar. One is the conventional or old one, and the other one is Pulse. The Pulse dashboard is better, but we would like to have more options in the dashboard.

Additionally, if possible, there should be a single product for SIEM and SOAR. Instead of having QRadar and Resilient separately, there should be a combined solution to benefit from both. Furthermore, there should be a built-in mechanism to configure it in the cluster mode and high availability mode.

View full review »

Room for improvement is more in relation to a lot of the features, the automation of incidents themselves, and being able to automate workflow responses.

Overall, I love the product. IBM usually puts good resources and talent behind things. What they fail to do is to bring all the security together and make sure everything inter-operates and creates one pane of glass.

Actually, I don’t want to say "one pane of glass" because we have seen other vendors do that. They fail miserably because they do not understand where people are coming from.

In terms of some of the right-click functionality that is within QRadar, it should work automatically for all the other IBM products. It shouldn't be something that customers develop. There are pieces in which they have to step back and get some of the foundational pieces.

There are pieces that I feel that IBM should do better. They own Guardium, they own AppScan, and they own some of these other pieces of the security infrastructure that need to relate to QRadar or to Watson. It's the foundational pieces that I feel they need some focus on.

Let's do some of the basics really well. I'm looking at it from owning 50 or 60 different security products across a global organization.

They keep on adding products based on a simple feature set that they can do real well, but they can't integrate them into the rest of the security economy. It doesn't make sense to keep on buying products like that. Whether it's IBM or others, there are companies in the endpoint space that are taking over because they're saying, "Hey, we're going to do everything across your gamut of security needs."

IBM needs to look at that and how they are going to integrate across all of the security products and have them work together.

View full review »

I'm not really sure in regards to any additional features, because everything I've seen on the roadmap looks good. So, I'm pretty happy with that.

There is always scope for improvement. The QRadar WinCollect feature needs to be improved. The Windows Log collection is sort of problematic and needs to work better.

A little bit more improvement needs to be brought about in the Watson integration and I still need to see how that works. A little more improvement can be brought about in the User Behavior Analytics and Network Analytics. That would be great.

View full review »

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports. 

View full review »

As a product, IBM QRadar User Behavior Analytics does everything mentioned on the datasheet for my company's version. Still, compatibility is a problem because my company needs to use an updated version of the tool. That version doesn't integrate with many new-generation tools, so this is an area for improvement.

You can scale IBM QRadar User Behavior Analytics, but it has room for improvement.

View full review »

The dashboards are all legacy and old. Their cloud support and the content available for cloud and containers are also minimal.

View full review »

The solution should include remote action capabilities.

View full review »

I think they could change their pricing model to be more cost effective. It currently relies on data ingestion. I'd like to see IBM extend their capability with the solution to include more than just fault finding, features such as predictive identification of threads. Having better support for things like MITRE and the ATT&CK chain, and using all of the known attacks that are out there when they're actually spotting events and correlations. 

View full review »

The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.

View full review »

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

View full review »

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.

It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.

It would be ideal if the solution offered new connectors to other systems.

The reporting system could use some upgrading.

View full review »

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. 

Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

View full review »

It would probably be better to get more access to the APIs.

View full review »

The product can be a bit complex. A lot of things, like visualization, could be better. It would help the customer gain a better understanding. 

View full review »

IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features.

View full review »

IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.

Massive improvement is required in reporting. IBM QRadar Advisor with Watson is not a tool that is known for its reporting capability. It's a highly operational tool that you use for monitoring, you can sit and you can watch your alerts, whether it's flows or EPS, and you set up your playbooks directly. It is not a reporting tool. It is the worst possible tool to ever expect any reporting. It's unfortunate it's not a great reporting tool.

In a future release, there could be a bit more intelligence in terms of predictive accuracy and overall predictions. I haven't been too close in the last two, three, or four months, but I certainly would expect that their technology would be simplified to provide predictive analytics as opposed to retrospective looking back and analyzing past historic data.

View full review »

Several things need to be improved.

We have been struggling with the QRadar support team for quite a long time. There are things that they can reproduce in their lab environment and can fix, yet we struggled with them trying to get this done. These issues included things like custom logs. There are many things that they need to improve upon.

This product should support multiple log sources.

They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules.

The risk manager module needs to be improved.

It's not a very user-friendly interface.

View full review »

I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

View full review »

The solution is difficult to understand in the beginning and has complex management configurations that can be improved.

The stability has room for improvement.

The cost has room for improvement.

View full review »

IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.

There isn't any additional feature I'd like added to IBM QRadar at this point because it's sufficient for visualizing the logs.

View full review »

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

View full review »

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

View full review »

There could be better integration with the solution.

View full review »

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

View full review »

I would still  like to see a better GUI. improvements have been made but there still a way to go.

There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again.  In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered  carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for  5 or 6 figures in hardware  and software, it aught to keep up with my typing. 

But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

View full review »

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

View full review »

Right now, there are a lot of solutions in the market that consider themselves next-gen SIEM solutions, like AzureVM. IBM QRadar can be revised considering the competition, market segment, references, and the maintenance of the landscape.

Some modules can be shared as embedded within the same solution because this would be a compelling edge versus others. When it comes to other products, like LogRhythm for example, they can consider the SOAR and the threat Intel embedded with the SIEM Solution licenses. However, when it comes to IBM, they consider each module as a separate license with a separate cost. So it doesn't make sense to compete if the customer isn't convinced with IBM, because you'd have tough competition when it comes to financials.

View full review »

I think the user management model is very detailed but you really have to know what you're doing just to be able to manage things. I think the solution lacks some maturity. When you put it in a large organization as a security system or a cybersecurity system and you want to enable automation, it's difficult to get that level of maturity. 

View full review »

There should be easier and wider integration opportunities. There should be more 
opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area. 

View full review »

As per Gartner, maybe the price makes it so that the customers are not going for IBM QRadar. It's a little bit pricey compared to other solutions in the market. More or less that's the area that needs to be improved. That's usually the main concern that we receive from the customers - that it's a little bit pricey. That's the only thing I can say.

The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix. You need some advanced customers in order to use the custom rules or to use their rules in order to configure the IBM QRadar in a proper way. Usually, they find it very difficult, especially if they don't have the experience.

Sometimes it works and catches whatever we want, however, sometimes it doesn't work. That's in rare cases, however, that's one thing that they need to maybe enhance.

View full review »

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

View full review »

This is a good product, although it does require some fine-tuning.

The dashboard is pathetic and it takes a long time to perform a search.

The graphics need to be improved.

Providing good support is something that they need to work on.

It would be helpful if IBM published more use cases.

View full review »

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment.

The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

View full review »

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

View full review »

I'm anxious to see the Watson integration. We just finished an upgrade of our appliance so that we can be eligible to do the Watson integration. I'm anxious to see how that works.

View full review »

Reporting should be very good, and a proper integration with cloud, not only the IBM cloud, but with other clouds also.

View full review »

I don't have any particular suggestions at the moment, but giving the ability to their business users to leverage the functionality well is important. Right now, the way we use it internally is mainly just for our security team, but other products, like Splunk, for instance, do monitoring on not only the network but also monitoring of system performance.

Server performance is important, whether or not the application is up or down or things of that nature.

View full review »

Dashboards!!! Dashboards are one of the most frequent complaints I receive from customers. Customers are complaining about the limited set of graphs and the inability to change colors. Although this might seem trivial, a large number of the same complaints probably mean something.

A lot of bugs are reported for dashboard items. Also, I personally have found that it does not work as indicated by the documentation. The same methodology is used to produce different results for similar searches. Also, customers would like to see near real-time data on the dashboard, which is very hard to achieve according to the mentioned problems.

View full review »

It is hard to tell which areas have room from improvement because we always think of new features and inform them to IBM, which they include in the next patch.

We recently went to an IBM conference to look into the Watson feature and see what they could do for us.

I would like to see better support. Their support is good, but I would say, they could do better.

View full review »

I'd like to see improved support from the vendor. In addition there are things that are not documented on the IBM site. If you'd like to do something at a high level, the information is not available in the documentation and you have to find it elsewhere. 

View full review »

There needs to be better integration with other applications.

View full review »

The modularity could be improved.

View full review »

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.

The solution is clunky. 

The interface could be much better.

The integration capabilities within the product are not that great.

View full review »

Keep up with more apps. They need to continue working with other companies to develop apps for integrations. Yes, they currently have 192 apps, but that number is nowhere near the number of security products on the market. That means if your company has a product that is not in the application list then you just have to work a little harder to pull the data you need from the log source.

I'm not against hard work, I'm just trying to work smarter and faster. Time is money, so saving time without compromising the end product is a win for everyone. It would reflect well for IBM because it would show they understand the customers’ needs and it would reflect well internally because we would be able to present cleaner dashboards and reports without hours or days devoted to building them.

View full review »

We are still two versions behind, so I don't know specifically what could be improved. I've told all the executives and staff we met at a recent IBM conference that integration with other solutions is important so that we don't have to do a bunch of different things to consider.

View full review »

Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning.

The search capabilities in QRadar are decent in their ability to be granular but the methodology of search prevents the rapid and easy modification of search parameters as an analyst works through the hunting process.

There are several examples of this. Let’s say you add two or three parameters to your search using various filter methods.

You can quickly change items like the scope of time for your search or the presentation of data, but you cannot quickly change the other parameters such as the IP address you are looking for. So you have a search of 10.0.1.1, the system processes that search, but then you realize you need to search for 10.1.1.2 instead.

You have to delete the old IP and recreate. At that point the search starts over from the beginning. In a system like Splunk if when using the filters the query string is written for you and can be easily modified/edited on the fly. While that may still result in a search restarting the manipulation of that search is faster and more efficient. This is just a single example.

View full review »

I want to see a three-dimensional perspective of the data. I don't want to see just an event perspective of the data. I want to be able to identify a user, and within clicks, know all the activity of that user. I don't want to see it in events. I want to see it in relevant information.

There needs a little bit more investment into enhancing the user interface. That is the main thing; making it represent an actual incident response state-of-mind, similar to how you would troubleshoot an incident. That is the main issue. It was a major position by IBM when they bought it. But we see a lot of things being done around the Cognitive side, around the Watson side. But what we're not seeing the growth in, is the actual tools interface and usability. And that's what we wanted to see. We wanted to be able to see seamless identification of log sources, seamless categorization and normalizing of log sources, seamless alerts. In all those things, for the solution to mature, it has to be able to take data and make sense of it by itself, without a lot of input. And those are the areas that they can really improve it.

View full review »

The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.

View full review »

The implementation of the solution's technology needs to be simplified. It is overly complex. 

The integration also must be simplified. 

The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately. These are the different modules we need to buy. 

IBM does not provide a combined, combo suitor solution which the customer can easily look at. The multiple functionalities are segmented and do not allow for an idea which is complete. It makes it difficult for us to do a realistic comparison with other products. I hope that others follow suit. 

View full review »

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

View full review »

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

View full review »

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer.

The ticketing system is not fully automated and needs to be improved.

There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team.  

The pricing needs to be such that they are more competitive with other vendors.

View full review »

This product has room for improvement in a lot of areas including the default emailing template that it uses to alert on offenses.

It also needs a lot of work in terms of the flows and the log source parsing. A lot of the times, it is very difficult to add a new/uncommon log source to this tool, as we need to map a lot of fields, rather than simply extracting these from the payload.

QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.

IBM QRadar is a wonderful product, until they release some patches and that breaks something else. There are many advancements that need to be done in terms of DSMs, when it comes to parsing.

View full review »

The GUI of QRadar should be improved. 

View full review »

In terms of where it could be improved, this includes its forensics, incident response, and security operation center features. Additionally, some also struggle with the rules. We need more features in order to create rules to detect or to meet some requirements for other areas, such as catching the event from other authentication tools, like in Okta, for example.

In some cases, I have issues because some tools are not integrated in QRadar, such as other tools similar to DLP (Data Loss Prevention). We need to create all the integrations manually because they are not integrated in QRadar. We have a problem, for example, because they have Symantec DLP integrated in QRadar, however, it is not working because it's not detected automatically. It is not converting all the columns, but we do have the option to create manually. This is not difficult because it's very clear in the procedures.

View full review »

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

View full review »

The overall workload automation should be built into it. Part of the efficiency side of it is the ability to take the information as it comes in and assign it into a group. Now, the team leader no longer needs to assign it manually. He manages the workflow as it comes in directly to the individuals. Then, the individuals respond on it. As it closes, it goes back to the workflow, recording the amount of time it took for them to close it. It should show: 

• How long did it take to get assigned?
• How long did it take for the person to open it?

Then, you can show that a person may have issues opening network problems.

View full review »

Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.

View full review »

The AI engine could be smarter. 

It is a bit expensive. 

View full review »

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

View full review »

There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well.

View full review »

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. 

In addition, the management services team needs some improvement. They are, at times, confused with our requests.

View full review »

I would like to see a more user-friendly product. I would like them to make it much more user-friendly. At this stage, you need to use a lot of widgets to do your searches.

To advance searches, you must do a lot of Regex expressions.

View full review »

I think Risk Manager (one of the optional QRadar modules) is something that needs improvement.

View full review »

This tool is more suited for the technical industries or it's more specific for technical security. However, now since new laws are coming out such as the GDP in Europe and the biometric laws, in order to secure patient data, IBM may have to innovate more and incorporate certain legislation / regulations into their tool. It should be readily available to the pharma companies, so that they don't need to struggle to make more templates and thus don't have to tailor it to our needs. It should be a custom off-the-shelf solution, i.e., COTS. So, they're looking for more innovations in that area.

View full review »

It is not easy to use.

The updates are not very easy. It is very complex. I would like to see the update process simplified.

When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

View full review »

The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue.

You do need proper training. Better training leads to better implementation. South Africa does not have the most knowledgeable technical support team. One challenge that you have in South Africa is the quality of the IBM resources. They're not up to the level companies need. I have to criticize IBM on that point - the skill level in South Africa and the South African franchise of IBM doesn't necessarily meet the quality of the product.

They can improve on the architecture. It's the way you deploy it. It's your enterprise architecture team that needs to understand it well. Again, due to our unique skillset on it, we deploy it in a very different way where we reduce the consumption of events per second, which reduces the overall cost of it. However, with the architecture, you need to get better guidance from IBM in terms of the way which the architecture is done. 

What I will say about IBM is that if you deploy it stock standard, it can be a very expensive tool, especially with your events per second, and where the way you deploy it architecturally will determine how much it costs you to manage it, as your events per second can be reduced through proper architecture. It's critical to an IBM install that a user understands the architecture and the deployment strategy. 

View full review »

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.

It's resource-intensive.

The IBM QRadar team has to be proactive and they have to be informative about the product.

They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.

For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

View full review »

In a future release, the solution could provide malware analysis.

View full review »

Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want. It's very limiting for many. You need that flexibility to deploy on any Intel platform.

IBM doesn't have people in every corner of the world. Oracle, for example, is actively training and certifying people so that companies will have access to local connections. IBM is lacking this, and therefore it can be difficult to get qualified support when a customer needs it. They should try to replicate the Oracle approach to training and certifications.

View full review »

There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this.

It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors.

There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.

View full review »

I'm not sure if there are any features missing from the solution. It's pretty complete.

The pricing of the solution is a bit high. If they could lower it, that would be ideal.

View full review »

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere.

Additionally, there should be integration with IBM Guardian. 

Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

View full review »

• User/identity modeling needs improvement. However, it seems that they are already focusing on that. 
• Needs better visualization options beyond the time series charts and a few other options that they have.

View full review »

I would like to see a more user-friendly product. I would like them to make it more user-friendly. At this stage, you need to use a lot of regular expressions to do your searches.

View full review »

We thought about what was missing and it was the analysis of the user behavior. However, with the User Behavior Analytics (UBA), it's much less complicated.

I recently attended a conference presentation on machine learning, and it is a great plug-in to UBA. It will help us a lot because a lot of customers want to analyze their user behavior patterns.

Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that. It will be better.

I would like to see improvement in the technical support. Sometimes, when we do patching or something like that, it creates some problems. Maybe they could test the patches and the OEM product better.

View full review »

From my point of view, they should improve the backup procedures. QRadar does not allow sending backups by FTP or SFTP, limiting the tool. I had to make a script but it is a manual process. It would be great to have it automated.

View full review »

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved.

Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

View full review »

With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels.

Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product.

View full review »

It would be good if the program allowed certain profiles to only see certain customer information.

View full review »

The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects.

They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal. 

View full review »

• Data encryption
• Flow encryption
• Third-party compliance
• Its architecture is very complicated.
• Its hardware is Lenovo-based.
  

View full review »

I'd like to see it being able to be integrated with more security products. I'm a big Guardian user; it's nice for the bidirectional. I can do some stuff, like a SQL injection, or if something is happening.

But if there were other security tools that it could better integrate with, like to go both ways; say it knows that a user is having heavy traffic, maybe it integrates with DOP to look at different sessions that they're doing. Something like that; like backwards compared to DOP, like reporting to it.

It's really good, but there's room for improvement; some more bidirectional integration with different security applications, especially some of the IBM Security ones like BigFix or something like that.

View full review »

The biggest challenge is in the upgrade, e.g., when it comes down to a new OS, you have to wipe it clean and reset everything. It takes time when you have 40-50 devices all over the place. It's impossible sometimes to go out and touch every single one of them. So, then, if it's an automatic process, you can upgrade to the new version in just point and click. However, that's not the case right now.

WinCollect is a challenge also, and I'd highly recommend that the Q1 team should build a lot of Windows-based collectors that simply work. Just like the competitor, Spunk, when you put it in, you don't have to do too much modifications. So, that's a challenge right now.

View full review »

We would like to see better instrumentation for debugging changes in the log flow.

View full review »

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. 

Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.

If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.

We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

View full review »

I'd like to see, and they're getting there, is more integration; tighter integration with some of the other IBM Security products. They're moving a lot tighter to BigFix. BigFix has a lot of power in it, and MaaS360 also has a lot of power in it. I'd like to see those more tightly integrated.

View full review »

Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.

View full review »

Integration could be better. They should make it easy to integrate with other solutions. 

View full review »

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

View full review »

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

View full review »

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

View full review »

The implementation and configuration are not easy.

We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk. 

View full review »

The IBM support can be better. It's an aspect that needs improvement. 

In future iterations, I'd like to see an advance in office management, the out-of-the-box use cases that are provided. That needs to be part of the requirement.

View full review »

IBM is going through some problems with its resources currently making its support response time slow.

View full review »

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

View full review »

Room for improvement - IBM Qradar:

• Graphing on the system is a tad course. Analytics now requires really high quality graphing to assist in pinpointing anomalies.
• Need for multiple Java versions for deployment setup is a pain.
• There are areas you need to have Java 7 to be able to use.(Primary need for this is to access the Deployment area)
• We need to be able to handle multiple overlapping ip address areas. That is coming we know. But slowly.
• When you are building this in a virtualised environment you do have a bit of difficulty accessing the GUI.

View full review »

IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on. 

View full review »

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

View full review »

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better.

Technical support could be improved by a bit.

View full review »

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

View full review »

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

View full review »

Some of the features should be more cooperative but other than that, everything is okay.

View full review »

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

View full review »

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

View full review »

Dashboards and reports could provide better visualization of SIEM activity. 

An executive or CISO dashboard would be nice to have by default.

View full review »

The solution could improve by having more out-of-the-box use cases.

View full review »

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

View full review »

The price of this solution is a little bit expensive, so if it were cheaper then it would help.

While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

View full review »

The first area for improvement is the cost. It's a little bit too expensive for us. 

Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.

In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

View full review »

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.

The configuration steps are not easy to follow compared to NetWitness.

View full review »

I don't have any problems with the solution right now. As I play with the tools, then I will actually come up with different ideas.

I was able to help out with IBM Guardium version 10. I was helping out with a couple of developers who actually developed the application itself.

I want to see more integration between QRadar and other applications like BigFix and a couple of other tools and applications out there. There are a lot of applications out there. QRadar security intelligence might be one of the best right now.

View full review »

It is very expensive; very expensive.

View full review »

In the next release, I obviously would want to see more integration to the cloud-based services such as Microsoft Azure and the other line of business applications, so that we have a comprehensive view on a hybrid cloud stack.

View full review »

The dashboards and reports may need to improve. We need to export the CSV results to create a report by Excel.

View full review »

Although QRadar provides incident management of the alerts it produces, this area could use a little improvement to allow more restrictions on who can close alerts and easily updating alerts with and reading text templates. View full review »

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

View full review »

QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one. Plus, it is also vulnerable because the ports used to integrate those log sources with QRadar are well-known and most of them are vulnerable ones. 

View full review »

In terms of what could be improved, I'd say do nothing, in its current state it does quite okay for now.

The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good

View full review »

There are two ways you can pull logs: one way is where you can receive logs or send logs using the agents and previous transformation and the other way is where QRadar logs onto the servers using the admin account and then pulls the logs itself. The functionality that I would love to see with that remote pulling is to have the ability to also select what logs its pulling because when you use MSRPC now to receive loads from your log surface, it basically pulls all the events from that server. So even the noisy events that would overshoot your EPS, would also be pulled. So for particularly active or high servers that generate a whole lot of security events, let's say like your SFTP server that has a lot of devices on your network connecting to it, if you try to pull the logs remotely it would overshoot your EPS really quickly.

So if they could improve the functionality of the remote pull to also be able to select the logs that it is pulling from the log sources, that would be very, very effective. The reason for the pull is because the agents are not tamper-proof and any administrator can help shut down the service and uninstall the application and a whole lot of other things. Basically, your listening agent is at the mercy of the administrators, and for a security device or security software, that is a big vulnerability, because anybody can then go into the server, stop the agent, and then run any command or make any change they want to do, which would make your monitoring null and void. It would be good if the agent itself could be tamper-proof. And back to the first point, the reason why I prefer the remote pull is if there's no agent on the server and it's the console logging onto the server, your monitoring is much more secure. Regardless of what changes are being made on the server or what's going on the server, if the server is shut down and then a newer version is brought up with the same hostname and IP address, you would not need to go back in and re-install the agent. The console would just automatically connect back to that server once the IP address and the host are back up.

Additionally, I would like the rule creation interface to be much more user-friendly in the next release.

View full review »

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

View full review »

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

View full review »

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

View full review »

The user interface needs improvement.

View full review »

In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.

There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.

View full review »

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

View full review »

IBM QRadar could improve the plugins and threat detection.

View full review »

This solution is on-premise and many customers are moving to the cloud base solution.

View full review »

For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.

View full review »

QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold.

View full review »

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

View full review »

The technical support can be improved a little bit, and the price could be cheaper.

View full review »

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on.

Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement.

In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

View full review »

• There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.
• The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.

View full review »

I would like for Yara to be supported by all components. 

View full review »

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

View full review »

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

View full review »

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

View full review »

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

View full review »

They should introduce some automation into the product.

View full review »

I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution. 

View full review »

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

View full review »

I would like to see SOC.

View full review »

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

View full review »

They have to build more quantitative monitoring, profiling, and make it more predictive.

View full review »

The quoting and the dashboard session could be improved. It should be more user-friendly.

Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.

View full review »

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

View full review »

It should have built-in blocking capability.

View full review »

They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement. 

View full review »

The biggest drawback of this solution is the price.

The threat detection needs improvement, they have many false positives.

It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

View full review »

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

View full review »

• The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.
• We urgently need to add more report templates.

Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.

View full review »

I think that the search speed of this solution could be improved.

View full review »

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

View full review »

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

View full review »

I would like for them to lower the price. 

View full review »

• Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more.
  
• The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. 
• I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions.

View full review »

They should provide more integration with more devices.

View full review »

It needs more resilience and functionality. 

View full review »

I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. 

I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions.  

View full review »

I would like to see more APIs available in order to provide tighter integrations between other IBM products and third-party solutions. I would like to see new cognitive advisors, cognitive capabilities, and more integration capabilities.

View full review »

The support process needs to be improved.

Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

View full review »

The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS.

View full review »

Needs to be improved:

• Graphical User Interface (GUI) 
• Multi-tenancy and domain(s) segregation.

View full review »

We use it mostly for purchases and regulatory requirements of that process. It would be good, therefore, if there was a standard configuration by default that was offered or proposed during install or configuration to meet PCI requirements, e.g. log archive duration set by default to one year for each device added. 

The event Information display might prioritize event ID, user, destination, source, and date/time as the first info gathered in the report.

View full review »

We have had problems with networking.

View full review »