We just raised a $30M Series A: Read our story
2017-03-30T06:20:00Z

What advice do you have for others considering IBM QRadar?

50

If you were talking to someone whose organization is considering IBM QRadar, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
7171 Answers

author avatar
Top 5Reseller

I rate the solution nine out of 10.

2021-10-04T15:20:38Z
author avatar
Real User

I recommend this solution because I think they provide great support from the sales and technical perspective. I rate the solution nine out of 10.

2021-09-24T02:06:16Z
author avatar
Top 5LeaderboardReal User

On QRadar, we look at the cloud-based uses as opposed to on-premise due to the cost factor. In terms of SIEM technologies, in terms of what you can get, I would rate it an eight out of ten. The QRadar platform is phenomenal in terms of what it does. If you want to get the best out of IBM, spend more time on the rules generation and the modification of the rules.

2021-09-07T12:23:57Z
author avatar
Top 10Real User

Make sure that you have the buy-in from different teams in the company because you will need help from the network teams. You will potentially need help from IT. You need to have a strategy of how you onboard logs into SIEM. Do you take a risk-based approach or do you onboard everything? You should take the time to understand the architecture and the implications of design choices. For instance, QRadar Components communicate with each other using SSH tunnels. The normal practice in security is that if I put a device in a DMZ, then communication between the device on the normal network, which is a higher security zone, and the DMZ, which is a lower security zone, will be initiated from the high-security zone. You would not expect the device in the DMZ to initiate communication back into the normal network. In the case of QRadar, if you put your processes in the DMZ, then it has to communicate with the console, which means that you have to allow the processor to communicate. This has consequences. If you have remote sites or you plan to use cloud-based processes, collectors, etc, and have an internal console, the same communication channels have to exist. So, it requires some careful planning. That's the main thing. I would rate QRadar an eight out of 10 as compared to other products.

2021-08-06T10:41:11Z
author avatar
Top 5Real User

I would recommend this solution to others. I rate IBM QRadar a seven out of ten.

2021-07-17T03:01:11Z
author avatar
Top 20Real User

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated. I would rate this solution an eight out of ten.

2021-07-15T07:35:31Z
author avatar
Top 5LeaderboardMSP

We have nearly two hundred customers making use of the solution. We have direct contact with Ingram Micro or have a service partner relationship with it, but work directly with IBM as our ISP. We are a managed security service provider and wholesale customer of IBM QRadar We buy a bulk license from IBM QRadar and host around 200 plus customers in a single integration so that all the customer events will be integrated in one solution. We are not integrators and do not resell their services. As such, we don't buy the license or sell the tools to others. We will buy a license, inclusive of the services, host it with our private cloud and provide services to the end clients. Our customer base of IBM users is limited. When it comes to a security operations center team, IBM will be looked to for providing security monitoring on an ongoing basis. We must see that it is working as it should be. I would recommend this solution to others. I rate IBM QRadar as an eight out of ten.

2021-07-13T02:01:26Z
author avatar
Top 20Real User

I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well. While 7.4 is out, we're currently working with version 7.3. Overall, I would rate the product at an eight out of ten. There's more to be done on it, however, we are mostly pleased with its capabilities.

2021-06-24T13:07:45Z
author avatar
Top 20Real User

We recommend QRadar. It is a good product, a good solution. Every customer should go with IBM QRadar. On a scale of one to ten, I would give IBM QRadar a nine.

2021-06-08T18:53:00Z
author avatar
Top 20Real User

Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship. I rate IBM QRadar as an eight out of ten.

2021-06-08T12:03:00Z
author avatar
Top 20Real User

Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services. I rate IBM QRadar a ten out of ten.

2021-06-04T12:28:39Z
author avatar
Top 5LeaderboardReal User

It has good integration with AWS. AWS has come up with a Marketplace click-in option that provides direct integration between your AWS and data centers or cloud solutions through a small VPN. It allows you to bring up small environments with 5,000 EPS or 6,000 EPS or even 3,500 EPS or 2,500 EPS very quickly. It is very flexible and not at all tough for a startup engineer to click and bring solutions inside. It is quite easy. I would rate IBM QRadar an eight out of ten.

2021-05-15T12:05:17Z
author avatar
Top 5LeaderboardMSP

I would recommend this solution to others. We have invested in it and we plan on using it in the future. I rate IBM QRadar an eight out of ten.

2021-04-16T09:36:53Z
author avatar
Top 5LeaderboardReal User

I rate IBM QRadar a nine out of ten.

2021-03-05T20:13:36Z
author avatar
Top 5LeaderboardReal User

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for. I would rate IBM QRadar a nine out of ten.

2021-03-05T17:23:52Z
author avatar
Top 20Real User

I rate IBM QRadar a ten out of ten.

2021-02-19T06:14:15Z
author avatar
Top 20Real User

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected. In summary, this is a good product but there is always room for improvement. I would rate this solution a nine out of ten.

2021-02-11T16:07:00Z
author avatar
Top 10Reseller

We are resleers of QRadar. In general, we have been quite happy with the solution. I would rate it nine out of ten. We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving. When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role. It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.

2021-02-10T18:53:33Z
author avatar
Top 20Real User

I would rate this product a nine out of ten.

2021-01-26T21:23:14Z
author avatar
Top 5LeaderboardMSP

We're using the latest version of the solution. We are a reseller. We're selling the solution to end customers. Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing information so that we can have a knowledge-based group so that we can promote the product to more customers. While I'd recommend the solution, I'd caution that, for any IBM product other than hardware, the local resources are not that great as they are not often available. I can see why some customers are afraid to add this product. It's different from, for example, Oracle, which is doing product training everywhere and is actively certifying people. Overall, aside from support issues, we've been happy with the solution. I'd rate the solution nine out of ten.

2021-01-26T10:22:50Z
author avatar
Top 5LeaderboardReal User

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option. My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs. I would rate this solution an eight out of ten.

2021-01-24T15:38:21Z
author avatar
Top 20Real User

I would recommend IBM to others who want to start using it. On a scale from one to 10, I would rate IBM QRadar a seven.

2021-01-24T11:57:00Z
author avatar
Top 10Real User

It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in doing some kind of new content packs and including data enforcement, etc. When new threats are coming in, you effectively need to adjust. The more complex use cases you have, the more complex the responses will be. You might have different systems or you might be working in different time zones. When buying, people think that 70% to 80% percent of the initial purchase is the total they are going to spend within next year at this time, and then every next year, they will spend like 20% or 25% on the technical support, maintenance, development of the system, etc. When you are talking about a huge, complex, and central cybersecurity threat management system, it is more likely that you are implementing a document management system and some complex CIP systems, etc. The cost of the license and the cost of the hardware initially can make up around 20%, 30%, or less percent of the total budget that is needed for quality management of such solutions for a longer period of time. Some people think that if they buy this for 100,000 pounds or euros, the next year, they can buy just annual subscriptions for 25,000 or 20,000. You may have some internal costs for the license, etc. If you are buying for, let's say, 100,000, you might have to make your budget for 200,000 more, because it needs to have certain people who are doing everything with the solution. You need to train them and send them to the IBM international technology academies and events such as Visor to know about its management and maintenance. You probably also need to do some certification, so you need to go for a course for implementation. A lot of internal work should be done to adjust the solution with other departments, and those other departments usually don't like such central, overseeing, and controlled solution. They, later on, learn that they can get a lot of different, useful reports out of it without doing additional work. I would rate IBM QRadar an eight out of ten. Every technology has some weaknesses and strengths. It has a lot of points to improve, but based on everything that we have seen in the market and from other customers, this is, so far, at least in Europe, the best solution.

2021-01-14T14:07:47Z
author avatar
Top 20Real User

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house. I would rate this solution an eight out of ten.

2021-01-12T16:38:34Z
author avatar
Top 5LeaderboardReal User

I would definitely recommend this solution. It is a good solution with good capabilities like integration with CMDB and CVSS score. The dashboard is also really nice. It can help with threat intelligence, and it also has artificial intelligence. It is a futuristic kind of technology because the more AI-driven a product is, the better are the results. We plan to keep using this solution. I would rate IBM QRadar a seven out of ten.

2020-12-24T16:58:24Z
author avatar
Top 20Real User

I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it. I would recommend the solution to other organizations, however, if it is right for them depends on their need. Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.

2020-12-19T07:31:11Z
author avatar
Top 5Real User

When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use. I would rate IBM QRadar a nine out of ten.

2020-12-17T01:08:54Z
author avatar
Top 20Real User

I would absolutely recommend QRadar because it has a lot of options to improve or detect some information. On a scale of one to ten, I would give QRadar a 10.

2020-12-10T17:37:00Z
author avatar
Top 5LeaderboardReal User

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining. I would rate this solution a six out of ten.

2020-12-04T14:16:02Z
author avatar
Top 20Real User

I would recommend having a third-party vendor. There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial. For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

2020-11-30T14:46:28Z
author avatar
Top 20Real User

I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate IBM QRadar a nine out of ten. It is a pretty solid product.

2020-11-27T11:20:17Z
author avatar
Top 20Real User

I'm not sure of which version of the solution we're using. I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC. Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.

2020-11-25T19:59:57Z
author avatar
Top 20Real User

Overall, I like this product and I think that the features are good enough. I would rate this solution a seven out of ten.

2020-11-16T12:57:27Z
author avatar
Top 20Real User

I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go. Overall, on a scale from one to ten, I would give this solution a rating of eight.

2020-11-13T11:30:59Z
author avatar
Top 20Reseller

I think the tool is very complete and very agile. I would rate this solution a ten out of ten.

2020-11-11T16:49:23Z
author avatar
Top 5Real User

If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.

2019-12-05T02:59:00Z
author avatar
MSP

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements. I would rate this solution a seven out of ten.

2019-06-16T07:23:00Z
author avatar
Real User

There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support. We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however. I would rate this solution an eight out of ten.

2019-06-13T12:36:00Z
author avatar
Real User

The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best. I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.

2019-06-13T12:36:00Z
author avatar
Top 10Real User

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates. I would rate this solution an eight out of ten.

2019-06-06T08:18:00Z
author avatar
Real User

This kind of solution is essential. The communication network functions very well. On a scale of one to 10, ten being the best, I would give this product a rating of nine.

2019-04-29T07:11:00Z
author avatar
Real User

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

2019-04-29T07:11:00Z
author avatar
Real User

I would rate this product eight out of ten.

2019-04-17T08:37:00Z
author avatar
Consultant

I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.

2019-04-17T08:37:00Z
author avatar
Real User

I would rate this solution eight and a half out of ten.

2019-04-17T08:37:00Z
author avatar
Top 20Real User

I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar. IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.

2019-04-11T06:16:00Z
author avatar
Reseller

QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product. In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one dashboard and about ten people would be monitoring it. The users have a specific role. The amount of staff required for deployment or maintenance depends on the type of update or patch that's being deployed. For deployment of a new patch it, it could take anything from an hour to about ten hours. It depends on the patch, how big the patch is, and if you've gone through a testing phase or not. So there are multiple dependencies on how long it would take. An average, for me, would be three hours to do certain deployments. Currently it's being used quite widely. The only downfall of this product would be its price. I wouldn't recommend it for a small company. For larger companies I know it's being widely used.

2019-03-31T09:41:00Z
author avatar
Real User

Overall, it's much better than other products. In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.

2019-03-28T08:19:00Z
author avatar
Real User

I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems. If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference. I would rate it an eight out of ten.

2019-03-28T08:19:00Z
author avatar
Top 5Real User

I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.

2019-03-10T16:43:00Z
author avatar
Real User

I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it. I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.

2019-03-06T07:41:00Z
author avatar
Real User

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need. This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters. In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers. At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years. I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.

2019-03-06T07:40:00Z
author avatar
Consultant

I would rate it an eight out of ten.

2019-02-26T08:25:00Z
author avatar
Reseller

I would rate it an eight out of ten. Not a ten because of the complex interface.

2019-02-25T08:45:00Z
author avatar
Real User

I would rate this solution a six out of ten.

2019-02-07T12:28:00Z
author avatar
Reseller

I would rate it an eight out of ten.

2019-02-03T08:35:00Z
author avatar
Real User

If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex. When deciding on a solution, we always consider: * Cost-benefit * Shelf-life of the solution * Security of the solution

2018-10-29T15:46:00Z
author avatar
Real User

There are new things that are coming up in QRadar, such as AI to IBM Watson. This is going to create a huge impact in these types of solutions, because we don't have an artificial intelligence coming in. There are other tools that have artificial intelligence, but IBM QRadar getting integrated with artificial intelligence is the next step. It should be noted that the QRadar type products are actually changing their strategy. they will move on to the next stage that is called "Threat Hunting." Instead of waiting for some attack to happen and getting an alert, the new solutions will try to find out those suspicious activities in your network or environment and resolve it before it creates havoc.

2018-10-04T17:27:00Z
author avatar
Vendor

I highly recommend this product.

2018-08-30T10:51:00Z
author avatar
Reseller

I would rate it a seven out of 10. I have had some challenges integrating this solution. Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures. People who handle only four or five security devices spread across the globe should go with this SIEM tool.

2018-07-22T08:31:00Z
author avatar
Real User

Do your research before implementing it, because it is tough to implement. Most important criteria when selecting a vendor: support. I say this to every vendor. It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me.

2018-06-30T07:18:00Z
author avatar
Real User

The most important criteria when selecting a vendor: stability. The security space is tough. Unlike a lot of other spaces, IBM will not be bought anytime soon as a 100 year-old company.

2018-06-29T07:18:00Z
author avatar
Reseller

Most important criteria when selecting a vendor: Our customers need a cross of different units which make up a better solution for them.

2018-06-28T07:18:00Z
author avatar
Real User

Research, and don’t be afraid to do a few PoCs. Also, make sure you have a team for the tool. Most solutions require a team, so if you cannot apply a team towards the tool then hopefully you can use one of the managed SIEM options.

2018-06-28T06:31:00Z
author avatar
Real User

Understand how your analysts need to use SIEM to execute use cases. This platform can collect and normalize data better than just about anything (if you want it to), but it will not be useful if it is not presented in a useful way.

2018-06-26T12:31:00Z
author avatar
Real User

Ensure you have the functional skills on BPM and the technical skills on IBM BPM. We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.

2018-06-26T12:31:00Z
author avatar
Consultant

Overall, I love this product.

2018-06-12T12:14:00Z
author avatar
Consultant

Think scalability and make sure your product can be integrate into QRadar.

2018-06-11T06:45:00Z
author avatar
Real User

IBM needs to invest more into the collaboration with other vendors. If you want to go to IBM, do not just go for QRadar. You need QRadar and all the products that surround QRadar, especially BigFix, because the product is ten times stronger with it. Most important criteria when selecting a vendor: * The technical features of the solution. * The people in my region at the vendor. * The perspective of the project manager on the customer side. * Data involved and time of the implementation. * The needs of the customer. * The cost of the project. * Training involved.

2018-06-03T09:17:00Z
author avatar
Reseller

Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product. When we only have four hours to respond, an hour can make a difference in waiting for support.

2017-04-05T06:02:00Z
author avatar
Top 20Consultant

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

2017-03-30T06:20:00Z
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,608 professionals have used our research since 2012.