IBM Security QRadar Reviews

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

The solution has a good technical team.

The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

We have compared Securonix and many other solutions to this one.

I rate IBM QRadar a nine out of ten.

We primarily use the solution for log collection and security incidents as well as event management.

We benefit the most from the integration on offer. IBM QRadar offers a solution to our enterprise customers, and certainly, the admin has been benefiting from it, in terms of having more visibility on what's happening on the network in terms of events, flows, et cetera, and all in real-time. 

In general, the product is awesome. It's almost perfect.

The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.

The initial setup is pretty straightforward.

The stability is good.

We've found the scalability to be excellent.

It offers all of the specifications of the hardware that we need.

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better.

Technical support could be improved by a bit.

I've been dealing with the solution for five years at this point.

The stability of the solution is very good. It's reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's been good.

There's nothing better than QRadar when it comes to scalability. You can scale it to 100,000s of events per second. It can be scaled as much as you want. It has no limitations to it.

Technical support is okay. On a scale from one to ten, I would give them an eight. They could do better, however, we are mostly happy with their level of support.

The initial setup is not complex at all. It's quite straightforward. If a company implements this solution, they shouldn't have any issues with the setup process at the outset.

How long it takes to deploy depends on the size of the environment and the company. If it's a small enterprise, it can be done basically in a week or so. It's all about not just the department, however. It's all about collecting the log sources to integrate into it. That is where the process takes time. If the log sources are put together, things become much easier to handle. It's quicker and easier to define the rules, correlations, and reporting. The most time spent at the outset is in collecting the log sources and getting the log sources to send the data to.

The deployment process doesn't need many people. It depends on the deployment structure at first. If it treats a distributed architecture, of course, you need a couple of guys to be on board. However, then it's not only about deploying the solution, it's all about integrating the solution with different products or different platforms. That is where the time goes in. It's not a one-person job. Right from the application database, metro securities, and different controls that are in place, they all need to be integrated into the center. If we're talking about an enterprise, the team in an enterprise is equally responsible for waiting for those things to integrate.

The NEMA licensing structure is very easy. It's far better than the previous licensing structure they had. They charge you based on the number of events per second and flows per second, and that's the beauty of it. The rest of the components are complimentary. That's it. It's not a complex process of licensing anymore. It's very simple and straightforward.

We are resleers of QRadar.

In general, we have been quite happy with the solution. I would rate it nine out of ten.

We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving.

When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role.

It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.

It's quite stable. 

It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users. 

The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.

The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.

It's free of charge.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

I have been working with IBM QRadar User Behavior Analytics for two years.

I have not seen any issues with the stability of the solution either.

I have not seen any issues with the scalability of the solution

The technical support is fine now. I was not happy with the support when we started with this solution in 2017. If you look at that first year, 2017 to 2018, they had lots of support issues. We logged the cases and they would only call us back depending on their resources. There were no options to call them on a landline or a hotline number. They needed improvement there. They should have had a dedicated support response. Over the last year I have seen an improvement. I used to wait for a week to get a call back from them, but now, when you have critical tickets they will respond in two or three hours, depending on the criticality of your support case. They have improved.

The initial setup was neither straightforward nor too complex. It did take some effort to implement, but it was manageable. We did not see any issues implementing it. We actually completed it in three to six months. When we initially implemented it we used some fresh use cases and observed the performance but these were all completed in three to six months. The initial deployment took hardly one week.

Regarding the price, it is a bit high for normal customers. It is better for enterprise-class customers where they get a licensing model for MSSP for enterprises.

We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.

Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product.

On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.

Most of the features are good. It is an excellent solution. 

Some of the features should be more cooperative but other than that, everything is okay.

I have been using IBM QRadar User Behavior Analytics for a year. 

It is very stable. 

It is also scalable. 

Our team handles its own support. We are capable of doing our own technical support but we also have IBM to get their help as well.

The initial setup is not straightforward but of medium complexity. It's not simple but not so complex. It usually takes two to three weeks to deploy. 

The price is very high. Some of our customers cannot afford it. 

IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer.

I would rate it an eight out of ten. They should reduce the pricing. 

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

It's very stable.

The solution is very scalable.

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

I've used Alien Vault, McAfee, and Splunk.

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

It saves a lot of time. We integrate the customer's firewall with all their networking devices. If there is an issue, it helps us do the proactive work before it becomes a bigger issue. We are able to pinpoint issues and solve them.

Additionally, it is very easy to figure out. In one dashboard, we can see all the issues. There is no need to login to every device. In one single pane of glass, we can see everything.

Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

The stability is good.

It is a combination of multiple factors. The issues is from the customer side, not from QRadar. If you are able to get the right details from the customer, this solution is scalable.

I am not involved with technical support because I am in pre-sales.

Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.

I do not have control over pricing, though I do help customers with their sizing.

I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.

My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared. 

We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.

I would rate it a seven out of 10. I have had some challenges integrating this solution.

Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures.

People who handle only four or five security devices spread across the globe should go with this SIEM tool.

We used QRadar SIEM over Juniper Secure Analytics platform. 

The company profile is telecom. The infrastructure has a large geographical spread.

IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot.

• It has a logical, user-friendly GUI. 
• Very easy to drill down in offenses and get to the bottom of raw data.

Dashboards and reports could provide better visualization of SIEM activity. 

An executive or CISO dashboard would be nice to have by default.

The tool gets better value in the hands of an experienced security analyst.