We just raised a $30M Series A: Read our story
2017-03-30T06:20:00Z

What do you like most about IBM QRadar?

28

Hi Everyone,

What do you like most about IBM QRadar?

Thanks for sharing your thoughts with the community!

ITCS user
Guest
7474 Answers

author avatar
Top 5LeaderboardReal User

What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.

2021-09-07T12:23:57Z
author avatar
Top 10Real User

The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.

2021-08-06T10:41:11Z
author avatar
Top 5Real User

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

2021-07-17T03:01:11Z
author avatar
Top 20Real User

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

2021-07-15T07:35:31Z
author avatar
Top 5LeaderboardMSP

No doubt about it, the solution is extremely stable.

2021-07-13T02:01:26Z
author avatar
Top 20Real User

Customer service is very good and very helpful.

2021-06-24T13:07:45Z
author avatar
Top 20Real User

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect.

2021-06-08T18:53:00Z
author avatar
Top 20Real User

The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime.

2021-06-08T12:03:00Z
author avatar
Top 20Real User

I have found visibility very helpful for analytics.

2021-06-04T12:28:39Z
author avatar
Top 5LeaderboardReal User

There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.

It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.

2021-05-15T12:05:17Z
author avatar
Top 5LeaderboardReal User

When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

2021-03-05T20:13:36Z
author avatar
Top 5LeaderboardReal User

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis.

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

2021-03-05T17:23:52Z
author avatar
Top 20Real User

This is a good tool to have because it gives you the ability to track what is currently happening in your environment.

2021-02-11T16:07:00Z
author avatar
Top 10Reseller

The most valuable aspect of the solution is the integration capabilities on offer.

2021-02-10T18:53:33Z
author avatar
Top 20Real User

The most valuable feature is user behavior analytics (UBA).

2021-01-26T21:23:14Z
author avatar
Top 5LeaderboardMSP

This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.

2021-01-26T10:22:50Z
author avatar
Top 5LeaderboardReal User

The detection rate is good and the false positive rate is low.

2021-01-24T15:38:21Z
author avatar
Top 20Real User

The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.

2021-01-24T11:57:00Z
author avatar
Top 10Real User

We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.

2021-01-14T14:07:47Z
author avatar
Top 20Real User

The most valuable feature is the searching capability and real-time operational use.

2021-01-12T16:38:34Z
author avatar
Top 5LeaderboardReal User

Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.

2020-12-24T16:58:24Z
author avatar
Top 20Real User

The solution is relatively easy to use.

2020-12-19T07:31:11Z
author avatar
Top 5Real User

The UBA feature is the most valuable because you can see everything about users' activities.

2020-12-17T01:08:54Z
author avatar
Top 20Real User

I have found its network traffic log, network bit log, and QBI most valuable.

2020-12-10T17:37:00Z
author avatar
Top 5Real User

It has very rich functionality.

2020-12-04T14:16:02Z
author avatar
Top 20Real User

The best part of this solution is having a third-party SOC.

2020-11-30T14:46:28Z
author avatar
Top 10Real User

It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly.

It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool.

2020-11-27T11:20:17Z
author avatar
Top 20Real User

The solution can scale.

2020-11-25T19:59:57Z
author avatar
Top 20Real User

We are using the platform version, which I like.

2020-11-16T12:57:27Z
author avatar
Top 20Real User

The rule engine is very easy to use — very flexible.

2020-11-13T11:30:59Z
author avatar
Top 20Reseller

The most valuable features are the versatility of this solution and the variety of things you can do with it.

2020-11-11T16:49:23Z
author avatar
Top 5Real User

The ability to transition from microscopic to macroscopic view, instantly, is very good.

2019-12-05T02:59:00Z
author avatar
Real User

This solution has allowed us to correlate logs from multiple sources.

2019-07-31T02:22:00Z
author avatar
MSP

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution.

2019-06-16T07:23:00Z
author avatar
Real User

This solution provides me with various alarms, and I have found security issues with some of my other products.

2019-06-13T12:36:00Z
author avatar
Real User

We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens.

2019-06-13T12:36:00Z
author avatar
Top 10Real User

It is a very optimized engine.

2019-06-06T08:18:00Z
author avatar
Real User

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

2019-04-29T07:11:00Z
author avatar
Real User

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

2019-04-29T07:11:00Z
author avatar
Real User

There is a single dashboard that gives us a complete overview of what is happening around the globe.

2019-04-17T08:37:00Z
author avatar
Real User

In addition to using this solution for our security operations center, we are using it for our other customers.

2019-04-17T08:37:00Z
author avatar
Consultant

The most valuable features would have to be the products' ability to customize vulnerability management settings.

2019-04-17T08:37:00Z
author avatar
Top 20Real User

IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us.

2019-04-11T06:16:00Z
author avatar
Reseller

The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.

2019-03-31T09:41:00Z
author avatar
Real User

The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding.

2019-03-28T08:19:00Z
author avatar
Real User

It helps us discover any threats with their alerts and tracking.

2019-03-28T08:19:00Z
author avatar
Consultant

The stability is good.

2019-03-19T10:11:00Z
author avatar
Top 5Real User

Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast.

2019-03-10T16:43:00Z
author avatar
Real User

The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two.

2019-03-06T07:41:00Z
author avatar
Real User

One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft.

2019-03-06T07:40:00Z
author avatar
Real User

It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.

2019-02-27T08:57:00Z
author avatar
Reseller

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

2019-02-25T08:45:00Z
author avatar
Real User

The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.

2019-02-07T12:28:00Z
author avatar
Reseller

It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.

2019-02-03T08:35:00Z
author avatar
Top 10Real User

It is very stable. We have not faced interruptions in the past four and a half years.

2018-11-15T07:11:00Z
author avatar
Real User

It is really helpful to us from the compliance point of view.

2018-10-29T15:46:00Z
author avatar
Real User

QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure.

2018-10-04T17:27:00Z
author avatar
Top 20LeaderboardConsultant

A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks.

2018-09-09T05:40:00Z
author avatar
User

Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow.

2018-09-04T02:41:00Z
author avatar
Vendor

It's a state-of-the-art product for security information and event management (SIEM).

2018-08-30T10:51:00Z
author avatar
Reseller

On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result.

2018-07-22T08:31:00Z
author avatar
Real User

It showed us where weaknesses were in our environment, so we could actively target those patches first.

2018-06-30T07:18:00Z
author avatar
Real User

It is the core of our entire SOX.

2018-06-29T07:18:00Z
author avatar
Reseller

The scalability is awesome, because QRadar includes other solutions in the same console.

2018-06-28T07:18:00Z
author avatar
Real User

It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way.

2018-06-26T12:31:00Z
author avatar
Real User

We have the abilities to monitor each instance which originates on the process along with the performance of each department.

2018-06-26T12:31:00Z
author avatar
Real User

An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.

2018-06-12T12:14:00Z
author avatar
Consultant

Senses, tracks, and links significant incidents and threats.

2018-06-12T12:14:00Z
author avatar
Real User

There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events.

2018-06-11T10:36:00Z
author avatar
Consultant

The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.

2018-06-11T06:45:00Z
author avatar
Real User

It does good correlation for events. It does good general analysis, and it has good apps as well.

2018-06-03T09:17:00Z
author avatar
Top 20Consultant

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.

2017-03-30T06:20:00Z
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.