IBM Security QRadar Reviews

It gives me insight and visibility, so I can detect a threat coming in and all the offenses are coming in from monitoring one spot.

We're centralizing all the logs in one location. So, if you have an incident, you can definitely discover it fairly quickly, as it's in one database. In general terms, if you have any botnets or malware, you identify and mitigate it fairly quickly.

The biggest challenge is in the upgrade, e.g., when it comes down to a new OS, you have to wipe it clean and reset everything. It takes time when you have 40-50 devices all over the place. It's impossible sometimes to go out and touch every single one of them. So, then, if it's an automatic process, you can upgrade to the new version in just point and click. However, that's not the case right now.

WinCollect is a challenge also, and I'd highly recommend that the Q1 team should build a lot of Windows-based collectors that simply work. Just like the competitor, Spunk, when you put it in, you don't have to do too much modifications. So, that's a challenge right now.

The environment is pretty stable. We just upgraded about a year ago, so it's pretty robust in the environment that we have. It's working really well for us, we've been using it for about 10+ years. We bought it before IBM purchased them.

We interact with IBM regularly, so we have a direct tie with them. We're almost like a partner, right now, and we are working very well together.

The technical support is pretty good, i.e., if you get the right person in, it moves pretty fast and issues are resolved fairly quickly. But, you just need to find the right person, which can be a little difficult sometimes.

The setup is very complex; it's not like somebody can walk in and build it. It requires many years of experience to manage and maintain it. You need to have at least an experienced and dedicated team, in order to maintain the environment that we have. It's nothing like a click-and-done type; it requires a lot of care and feeding to manage the environment.

It's a very solid product. However, there are a lot of things that can be improved.

Definitely get a team or hire a professional to install this product. Otherwise, I guarantee you're not going to be successful. There is a lot of filtering that needs to be done; otherwise, you are going to get overwhelmed with the events coming in and will have no idea, as to what is right and wrong. You definitely want to hire a trained team or some professionals.

The price is the most important criteria when selecting a vendor. Other factors such as the quality of the product, PoC, how well the team interacts and the support, are always important.

We use this solution for log correlation and alerting.

This solution has allowed us to correlate logs from multiple sources.

The searching capability is good.

We would like to see better instrumentation for debugging changes in the log flow.

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely. 

The security has improved my organization. 

The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. 

Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.

If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.

We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

Stability is very good. It's better than it used to be. 

Scalability is very good. 

Everyone has used this solution for security purposes. We use it daily.

The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two. 

The initial setup is fine. The moment we send the packets for an update it's easy but then there are challenges for the users. We have actually changed the hardware, so it got updated. We have to check if the problems are due to the hardware or due to the software.

The initial setup normally will take a day. it depends on the number of users. We have 300 users on the system which took around ten days. 

We require five to ten staff members for deployment and maintenance. 

Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.

I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it.

I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.

What is valuable is that we're using it through IBM's MSS services, and that they're doing a really good job of keeping us alerted of what events are hitting, and adapting for it.

It benefits us from a standpoint that we're very immature in our review of how security should be approached, and it's really helped us move up to modern awareness of what's going on on the internet.

I'd like to see, and they're getting there, is more integration; tighter integration with some of the other IBM Security products. They're moving a lot tighter to BigFix. BigFix has a lot of power in it, and MaaS360 also has a lot of power in it. I'd like to see those more tightly integrated.

We have not had any stability or scalability issues. We're a little concerned about the latest version and the fact that it cannot be upgraded, that it requires a clean install.

We have not really used technical support, because it's a managed service, so we call the SOC and they help us. They are very helpful.

We just really sold our CIO and CTO on the fact that we need to do better than we are, where we're at today. We had a lot of virus challenges, like most companies, and malware, so we had to figure out how to reduce that.

I was involved in the initial setup. Well, IBM did it, since it was a managed service. It was pretty straightforward.

We looked at numerous other players. We chose IBM because it has a lot of power, and you can grow it as much as and however you want it to.

When I am looking for a vendor, I don't look for a VAR, I look for a partner.

If you're going to implement it, implement it using managed services, because it's too complex of a product to try to do yourself.

The event collector, flow collector, PCAP and SOAR are valuable.

Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.

We have been using IBM QRadar for the last five years.

I rate the stability a nine out of ten.

I rate the scalability an eight out of ten. We deploy to many customers and have completed many POCs. We have a four-person team.

The technical support is good, but they are not prompt. I rate them a five out of ten.

Neutral

I rate the initial setup a ten out of ten. It is deployed on-premises and takes about two to three days to deploy the full environment readiness. But the device integration, rules screening and log onboarding take too long, about three to four months. The deployment was completed in-house.

The solution is expensive compared to other products, and I rate the pricing a five out of ten.

I rate this solution a nine out of ten.

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

I like the graphical interface. It's so good and easy.

Integration could be better. They should make it easy to integrate with other solutions. 

I have been using IBM QRadar Advisor with Watson for three or four years.

IBM QRadar Advisor with Watson is a stable solution.

I think IBM QRadar Advisor with Watson is scalable.

We didn't use technical support as the community was very helpful.

The initial setup was difficult the first time, but it got easier after that.

I think my company pays for the license yearly.

I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The solution is easy to use, manage, and review all incidents.

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

I have been using IBM QRadar for approximately four years.

The solution is very stable.

We have approximately three customers and the total users that are using it would be approximately 200.

The initial installation was straightforward, we were able to have it running in half a day.

I do the implementation and maintenance of the solution.

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10.