IBM QRadar Valuable Features

DAX Paulino
Cybersecurity Practice Lead at a tech services company with 201-500 employees
One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly. View full review »
BALA
Program Manager at a tech services company
First, the dashboard is a valuable feature. There is a single dashboard that gives us a complete overview of what is happening around the globe. We are able to follow the devices that are connected to the network. The second thing is the customization that we have done. For example, if there is an account login made in Tokyo then we will immediately get an alert. View full review »
Vulnera08667
Vulnerability Manager at a tech services company with 51-200 employees
The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why. View full review »
Find out what your peers are saying about IBM, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: September 2019.
371,917 professionals have used our research since 2012.
Vulnera08667
Vulnerability Manager at a tech services company with 51-200 employees
The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts. View full review »
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
They do have a way to pre-configure or have pre-configurations for companies that are starting and they don't know too much about SIEM or working with SIEMs. The solution uses SIEM to get the information to the managers so I will say that they have an ongoing boarding process that is very good if you are starting because it already has what you need to start up. In addition, they have more HIPAA. It's a pre-order on QRadar, so when we go to the process of selecting our use cases, they go by building blocks. QRadar links it to building blocks so we don't have too much to cut on it. View full review »
Larbi Belmiloud
Security Engineer at a tech services company with 11-50 employees
The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area. The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans. View full review »
Dameer Siddiqui
Senior Associate Consultant at Skill Orbit (Pvt.) Ltd.
The most valuable feature of IBM QRadar is its slow control and even activation. I also like the post notifications on the screen. View full review »
SenSec321
Senior Security Architect at a tech services company with 10,001+ employees
QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure. There are multiple aspects coming in which are actually plugin and play kind of stuff, we don't have to write rules, we don't have to create dashboards and all. For example, on the dashboard we have user behavior analytics. And, it is very helpful for us to use customization and build from scratch. View full review »
QRadar677
B.T. Güvenlik Yöneticisi at a recruiting/HR firm with 10,001+ employees
The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. View full review »
D.M.Hashim-Ul- Alom
Senior Server Security Engineer
This solution has many valuable features but I especially like the Log Manager feature. View full review »
Damian Scott
Sr SIEM Consultant at a tech services company with 51-200 employees
* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms. * Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered. * QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities. * X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs. * App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration. View full review »
Nimesh Bhatia
IT Security and Business Development Manager at a tech services company with 51-200 employees
The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud. View full review »
SrSecAnalyst918
Sr. Security Analyst with 1,001-5,000 employees
Currently, the App Exchange offers over 192 applications that allow QRadar to integrate with some of the top security programs on the market, along with extension add-ons provided by QRadar. Some third-party apps include (but not limited to) Splunk, McAfee, Cisco, Carbon Black, Palo Alto, ObservIT, Exabeam, Gigamon, PhishMe. Extension add-ons by QRadar include report extensions, MS AD extensions, user behavior analytics, etc. We have a very small team and anytime I can integrate with our other tools, and save time doing so, that is a plus for my company. View full review »
Reviewer258
Managing Director at a tech services company with 1,001-5,000 employees
The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis. View full review »
FarhanAli
Security Analyst at a security firm with 11-50 employees
* Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives. * The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. * UBA 2.7: It can help you detect insider threats. View full review »
Srijan-Sivakumar
Director of Market Enabling Solutions at a tech services company with 51-200 employees
Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before. View full review »
QRadar6777
Chief Technology Officer at a tech services company with 51-200 employees
Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable. View full review »
Muhammad Adeel
Senior Security Engineer at dig8labs
The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good. Customizing it is very easy and it has a user-friendly interface. View full review »
Mathieu Dorckel
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees
The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance. View full review »
Onyegbule Uche
Technical Consultant at Activedge Technologies
The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions. View full review »
Phillip Okemwa
Senior Information Security Analyst at a financial services firm with 501-1,000 employees
QNI is the most valuable feature. View full review »
MazenHindawi
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees
* The artificial intelligence ease of integration; it has a good integration with the artificial intelligence engine of Watson. * There is good collaboration between IBM Cloud and all IBM customers. View full review »
Reviewer5570
Information Security Manager at a comms service provider with 1,001-5,000 employees
The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need. View full review »
Trust Mapoka
Managing Director at CIA Botswana
The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy. View full review »
Douglas Concepcion
Security Solutions Architect at Micro Strategies
It works well with IBM products. View full review »
Luis Yndigoyen
Partner at a tech services company with 11-50 employees
* UI capabilities * High degree of interconnection with other systems. * The business activity monitoring on the part of the solution. View full review »
Harshit Jaiswal
Security Consultant at Varutra Consulting
* IBM Resilient Incident * IBM Threat Intelligence * IBM QRadar is easy to use. View full review »
reviewer810204
Lead Security Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
* Ease of use * Time to value in implementation * Single pane of glass for analysts and SIEM administrators View full review »
Marketdir9846
Marketing Director at a aerospace/defense firm with 1-10 employees
Vulnerability detection is the most valuable feature. It's the tool that finds the threats. View full review »
Shaikh Jamal Uddin
Senior Information Security Consultant at Secure Coat
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events. View full review »
Senio9887
Senior Information Security Analyst at a tech services company with 501-1,000 employees
The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports. View full review »
Mohamed AFEILAL
Director General at New System Engineering
The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine. View full review »
Mika Suomu
Cloud Security Architect at a tech company with 201-500 employees
* It's easy to set up. * There are a lot of great out-of-the-box features included. * It's a state-of-the-art product for security information and event management (SIEM). View full review »
Rajeev MM
Senior Analyst at a tech services company with 201-500 employees
It's user-friendly when compared to other products. New users can easily understand the product. It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools. View full review »
Sebastian Osterc
Member at CIFAL Argentina
The threat protection integration with other vendors. View full review »
reviewer843297
Manager, Cybersecurity at a tech company with 11-50 employees
* It has a logical, user-friendly GUI. * Very easy to drill down in offenses and get to the bottom of raw data. View full review »
Daniel Christian
Operations Analyst at a logistics company with 51-200 employees
The "Network Activity" feature was really good. An engineer can live monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions. View full review »
GHASSAN MORKOS
Solution Architect with 201-500 employees
* X-Force feed * Watson for cyber security * App Exchange * Scalability and licensing model * Vulnerability and risk management on network topology View full review »
Yong Chen
Security Consultant at a tech services company with 11-50 employees
I like the API and it's easy to use. View full review »
Nizar Hedhili
General Manager with 11-50 employees
* DSM parsing * Log correlation * X-Force connectivity * Ease of DSM customisation * Multiple reports View full review »
Software6a29
Software Trainee at a tech services company with 1,001-5,000 employees
Almost every feature is useful. In particular: * Sense and detect fraud, both insider and advanced threats. * Sense, track, and link significant incidents and threats. View full review »
Vik Solem
President, Consultant, Trainer at MEI Security
The searching capability is good. View full review »
Find out what your peers are saying about IBM, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: September 2019.
371,917 professionals have used our research since 2012.
Sign Up with Email