IBM Security QRadar Reviews

We have very large, distributed implementations. The best case that we get out of the solution is the rapid insight into security events and offenses in our environment.

The benefit of the solution is a combined view into all of our network events and flows from many log sources across our enterprise. This provides a single pane of glass in order to review what's going on in our environment.

I would like to see more APIs available in order to provide tighter integrations between other IBM products and third-party solutions. I would like to see new cognitive advisors, cognitive capabilities, and more integration capabilities.

I find it to be highly stable. It's one of those situations where you need to have high availability. We have a high availability implementation, so we never lose an environment.

Scalability has been very good. If you need to add to the environment at any given time, based on a merger or acquisition, a new office, or a new data center, you can simply forward events from those centers or add additional hardware. You can include it right into your implementation.

I would definitely recommend QRadar to anyone looking for an SIEM solution in their organization. This is especially the case for mid- to large-scale enterprise solutions, compared with the competitors.

The most valuable feature is user behavior analytics (UBA).

The EPS and FPS graphs are helpful.

The collecting of logs and processes is very good.

The support process needs to be improved.

Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

I have been using IBM QRadar for about one year.

QRadar is a very stable product.

The whole process for support is something that needs to be improved. You have to create a case, export the log and attach it to the case, then an engineer will clarify what you need to export and attach it to the ticket or support case, and so on. When you're working with a system that does not have good bandwidth, it makes it even more stressful. It is a lot of work and it should be easier to do.

My colleague has worked more with support and the feedback that I have heard is that they are quite good. It's the process that I am complaining about.

The initial setup is pretty straightforward.  We had several logs to integrate so it took a week and perhaps a few days.

I would rate this product a nine out of ten.

Almost every feature is useful. In particular:

• Sense and detect fraud, both insider and advanced threats.
• Sense, track, and link significant incidents and threats.

The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS.

Overall, I love this product.

• Users' behavior analytics
• Monitor leakage for data
• Payment card industry compliance
• Integration with end points management system
• Integration with Incident Response and Ticketing System

• Easy to deploy
• Time to value
• Total cost of ownership (TCO)
• Deployment options for on-premise
• SaaS
• Hybrid

• X-Force feed
• Watson for cyber security
• App Exchange
• Scalability and licensing model
• Vulnerability and risk management on network topology

Needs to be improved:

• Graphical User Interface (GUI) 
• Multi-tenancy and domain(s) segregation.

It's very helpful in meeting compliance monitoring and reporting (PCI DSS, PA DSS, ISO, SOX) requirements.

It captures and processes large volumes of event data, and scales to support hundreds of thousands of events in one unified database. 

It also offers high-availability and disaster-recovery options. 

There's very high quality in reporting suitable to all most all compliance requirements.

We use it mostly for purchases and regulatory requirements of that process. It would be good, therefore, if there was a standard configuration by default that was offered or proposed during install or configuration to meet PCI requirements, e.g. log archive duration set by default to one year for each device added. 

The event Information display might prioritize event ID, user, destination, source, and date/time as the first info gathered in the report.

We're only using the Log Manager.

We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).

We are using the platform version, which I like.

We have had problems with networking.

I have been using QRadar for about half a year.

We have not tried to scale because it is installed all in one machine.

The initial setup was easy and it took one day to install it.

Overall, I like this product and I think that the features are good enough.

I would rate this solution a seven out of ten.