2017-03-30T06:20:00Z

What needs improvement with IBM Security QRadar?

Miriam Tover - PeerSpot reviewer
  • 0
  • 307
PeerSpot user
144

144 Answers

EG
Real User
Top 5
2024-02-14T15:19:56Z
Feb 14, 2024

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports.

Search for a product comparison
Ayoub Jaaouani - PeerSpot reviewer
Real User
Top 10
2024-02-14T13:55:48Z
Feb 14, 2024

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances. Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

DL
Real User
Top 10
2023-11-01T09:03:55Z
Nov 1, 2023

The price of IBM Security QRadar is an area of concern where improvements are required. IBM is never known to provide products at a cheap price. IBM Security QRadar's UI is an area with certain shortcomings where improvements are needed. In the future, I would like IBM Security QRadar to have a library of adapters or APIs. The area around recovery time is an aspect of IBM's technical support where improvements are required.

Frank Eargle - PeerSpot reviewer
Real User
Top 5
2023-10-30T16:51:57Z
Oct 30, 2023

IBM Security QRadar’s GUI could be improved.

MG
Real User
Top 20
2023-10-24T14:16:11Z
Oct 24, 2023

IBM Security QRadar is not hard to implement and administrate. To serve new use cases or do the tuning and allow correlation rules, you may need training since it is necessary to know the solution. With IBM solutions, you need training to know how to use the different features of the solution. IBM needs to provide training to its users to teach them how to use the case manager and how to tune rules.

Anto Sebastin - PeerSpot reviewer
Real User
Top 10
2023-07-17T10:46:06Z
Jul 17, 2023

Most people handling QRadar in organizations are IT engineers. They do not have experience with the tool. They read from manual documentation. If there is an emergency to search for details about malware, we need a response team’s help. Sophos has a team called Managed Threat Response. The team conducts investigations in our network. This feature is not available in IBM Security QRadar. They only provide technical support. The product does not have a team for investigating malware.

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
YS
Reseller
Top 20
2023-04-14T10:25:00Z
Apr 14, 2023

The solution is difficult to understand in the beginning and has complex management configurations that can be improved. The stability has room for improvement. The cost has room for improvement.

CV
Real User
Top 5
2023-02-13T20:28:45Z
Feb 13, 2023

As a product, IBM QRadar User Behavior Analytics does everything mentioned on the datasheet for my company's version. Still, compatibility is a problem because my company needs to use an updated version of the tool. That version doesn't integrate with many new-generation tools, so this is an area for improvement. You can scale IBM QRadar User Behavior Analytics, but it has room for improvement.

Ashok Kumar Biswas - PeerSpot reviewer
MSP
Top 5
2023-01-13T14:39:35Z
Jan 13, 2023

Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.

Bobby Sandeep - PeerSpot reviewer
Real User
Top 10
2023-01-13T14:37:22Z
Jan 13, 2023

The dashboards are all legacy and old. Their cloud support and the content available for cloud and containers are also minimal.

Mohamed Elprince - PeerSpot reviewer
Real User
Top 10
2022-12-13T09:33:47Z
Dec 13, 2022

I would like to see the interface improved along with the tuning and any adjustments when it comes to maintenance. It is not straightforward. I would also like to see some artificial intelligence and alternative solutions.

Du Hoac Kim - PeerSpot reviewer
Real User
Top 10
2022-11-10T16:23:17Z
Nov 10, 2022

I would like to see more integration in place after the security lock.

Yaw Agyare - PeerSpot reviewer
Real User
Top 10
2022-11-09T17:18:54Z
Nov 9, 2022

The solution should include remote action capabilities.

YE
Real User
Top 20
2022-09-30T13:51:58Z
Sep 30, 2022

The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity. We deal with large data sets so need to have great visibility for detection of malicious activity and indicators for cybersecurity. For example, the dashboards for Power BI and Splunk are very efficient and it is easy to observe suspicious activity.

Farid Lalayev - PeerSpot reviewer
Real User
Top 10
2022-09-07T08:32:30Z
Sep 7, 2022

IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others. There isn't any additional feature I'd like added to IBM QRadar at this point because it's sufficient for visualizing the logs.

Jacob_Koithra - PeerSpot reviewer
Real User
Top 5
2022-08-03T13:57:00Z
Aug 3, 2022

The user behavior analysis could be better. The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help. The security playbook needs more help when it comes to QRadar. The QRadar implementation guide, especially in cluster environment, is complicated to deploy in an enterprise level. The support of SIEM of QRadar is complicated and when we encounter implementation issues it needs quick response. The skilled resources are really important for support.

EM
Real User
Top 20
2022-07-27T20:23:37Z
Jul 27, 2022

It needs a little bit perhaps more fine-tuning on the SIM aspect of it. Out of the box, it's just not one of those things that I leverage as a single source of truth regarding the user behavior analytics aspect of it. With QRadar, IBM has had ample time to innovate, make changes to the interface, and keep up with some of the competitors. Yet, IBM delays innovating QRadar, since, once people are tied into it, they stick to the SIM as that's what they're used to. Right now, you have many other players in the market, like Datadog, Sumo Logic, and Splunk. Splunk has a ton of connectors as well, which is making it more appealing for other people to look at other solutions, especially when they're trying to look at a cloud-native solution. There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies. I know that many other solutions now provide ease of use in terms of sharing rules and for identifying and tracking some of these zero-day vulnerabilities out there. Radar needs to do the same.

DS
Reseller
2022-07-21T08:07:11Z
Jul 21, 2022

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

willie.Na. - PeerSpot reviewer
Real User
Top 5
2022-06-21T05:59:23Z
Jun 21, 2022

I'd like to see improved support from the vendor. In addition there are things that are not documented on the IBM site. If you'd like to do something at a high level, the information is not available in the documentation and you have to find it elsewhere.

KM
Real User
Top 5
2022-06-07T16:25:00Z
Jun 7, 2022

Better algorithms or AI would always be appreciated, but this product does what it's supposed to do. And maybe there is something behind the scenes that could be improved, but I don't know. UBA is a plugin for QRadar SIEM. If we're talking about the SIEM solution as a whole, there is a lot I can talk about, but there isn't much to say about UBA as a standalone. I'm not in a position to criticize or comment on the underlying code.

Lokesh Puthalapattu - PeerSpot reviewer
Real User
Top 5
2022-05-01T05:38:22Z
May 1, 2022

Whenever we are upgrading or installing any type of patch, at that time we have some delays. Sometimes by mistake, AWS has migrated some other accounts to my enrollment. At that time, we receive a notification special for that. We have created one rule and a case. We receive a notification and we are informed that the Amazon AWS team, sent an email apologizing for this happening. They have confirmed that going forward we will not receive this type of account modification issue. They have sent an email to us. If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed. It is because Splunk is using Elasticsearch, while IBM QRadar User Behavior Analytics uses a normal one. For example, if Splunk takes two minutes, it will take IBM QRadar User Behavior Analytics approximately three minutes.

SD
Real User
Top 5
2022-04-25T09:35:02Z
Apr 25, 2022

IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features.

Muhammad Ali Aziz - PeerSpot reviewer
Reseller
Top 5
2022-04-04T15:29:22Z
Apr 4, 2022

IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on.

Elshaday Gelaye - PeerSpot reviewer
Real User
Top 10
2022-03-30T06:32:00Z
Mar 30, 2022

I would like to see QRadar add more integration and interoperability. For instance, we are not able to send logs from Windows servers. We can send logs to the QRadar server from network devices and other types of servers. However, we have more than a hundred Windows servers that still don't use QRadar.

LD
MSP
2022-02-24T08:07:00Z
Feb 24, 2022

I think that the search speed of this solution could be improved.

QI
Real User
2022-02-22T10:00:00Z
Feb 22, 2022

I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side. It could have pre-defined automation and integration of all those device parameters that analysts have to share manually.

KB
Real User
2022-02-15T14:03:00Z
Feb 15, 2022

When it sends the log source, QRadar generates a lot of noise and false positives. LogRhythm logs when the alarm rules are disabled, so it doesn't generate any noise when sending the log source. I think LogRhythm's one, this one too. QRadar, we have to cure it all the time. It's only this advantage with QRadar. I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less. IBM needs to integrate better with Huawei. I opened one case with IBM, and they told me to submit a request for enhancement so they could write the correct DSMs to integrate with Huawei. We were very disappointed. Customers who want to implement QRadar or LogRhythm need to consider all the other components. The environment needs to be homogenous to avoid problems due to a lack of integration.

UzairKhan - PeerSpot reviewer
Real User
2022-02-03T11:13:30Z
Feb 3, 2022

The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.

MT
Real User
2022-01-31T10:42:13Z
Jan 31, 2022

I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet. There are two types of dashboards in QRadar. One is the conventional or old one, and the other one is Pulse. The Pulse dashboard is better, but we would like to have more options in the dashboard. Additionally, if possible, there should be a single product for SIEM and SOAR. Instead of having QRadar and Resilient separately, there should be a combined solution to benefit from both. Furthermore, there should be a built-in mechanism to configure it in the cluster mode and high availability mode.

BS
Real User
2022-01-13T11:13:20Z
Jan 13, 2022

It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar. Its reporting can be improved.

MH
Real User
2022-01-12T15:07:00Z
Jan 12, 2022

I would like for Yara to be supported by all components.

GR
Real User
Top 10
2022-01-05T08:19:45Z
Jan 5, 2022

It is not easy to use. The updates are not very easy. It is very complex. I would like to see the update process simplified. When I said "it is not easy to use", I mean that QRadar is not for beginners. Needs high competence and skyll to use it in a satisfactory way to really help customers. The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

AK
Real User
2021-12-27T19:59:00Z
Dec 27, 2021

Several things need to be improved. We have been struggling with the QRadar support team for quite a long time. There are things that they can reproduce in their lab environment and can fix, yet we struggled with them trying to get this done. These issues included things like custom logs. There are many things that they need to improve upon. This product should support multiple log sources. They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules. The risk manager module needs to be improved. It's not a very user-friendly interface.

AE
Real User
2021-12-21T10:07:00Z
Dec 21, 2021

Right now, there are a lot of solutions in the market that consider themselves next-gen SIEM solutions, like AzureVM. IBM QRadar can be revised considering the competition, market segment, references, and the maintenance of the landscape. Some modules can be shared as embedded within the same solution because this would be a compelling edge versus others. When it comes to other products, like LogRhythm for example, they can consider the SOAR and the threat Intel embedded with the SIEM Solution licenses. However, when it comes to IBM, they consider each module as a separate license with a separate cost. So it doesn't make sense to compete if the customer isn't convinced with IBM, because you'd have tough competition when it comes to financials.

MI
Real User
2021-12-14T14:11:00Z
Dec 14, 2021

The GUI of QRadar should be improved.

AI
Real User
2021-11-26T16:15:00Z
Nov 26, 2021

I think the user management model is very detailed but you really have to know what you're doing just to be able to manage things. I think the solution lacks some maturity. When you put it in a large organization as a security system or a cybersecurity system and you want to enable automation, it's difficult to get that level of maturity.

MB
Real User
2021-11-24T19:38:00Z
Nov 24, 2021

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

PD
Real User
2021-11-22T10:11:22Z
Nov 22, 2021

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

Kamal Abdelrahman - PeerSpot reviewer
Real User
2021-11-17T19:36:07Z
Nov 17, 2021

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

JM
Reseller
2021-10-04T15:20:38Z
Oct 4, 2021

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

JW
Real User
2021-09-24T02:06:16Z
Sep 24, 2021

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified.

BT
Real User
2021-09-21T12:28:09Z
Sep 21, 2021

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

RR
Real User
2021-09-13T17:11:00Z
Sep 13, 2021

In terms of what could be improved, I'd say do nothing, in its current state it does quite okay for now. The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good

PP
Real User
2021-09-07T12:23:57Z
Sep 7, 2021

The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue. You do need proper training. Better training leads to better implementation. South Africa does not have the most knowledgeable technical support team. One challenge that you have in South Africa is the quality of the IBM resources. They're not up to the level companies need. I have to criticize IBM on that point - the skill level in South Africa and the South African franchise of IBM doesn't necessarily meet the quality of the product. They can improve on the architecture. It's the way you deploy it. It's your enterprise architecture team that needs to understand it well. Again, due to our unique skillset on it, we deploy it in a very different way where we reduce the consumption of events per second, which reduces the overall cost of it. However, with the architecture, you need to get better guidance from IBM in terms of the way which the architecture is done. What I will say about IBM is that if you deploy it stock standard, it can be a very expensive tool, especially with your events per second, and where the way you deploy it architecturally will determine how much it costs you to manage it, as your events per second can be reduced through proper architecture. It's critical to an IBM install that a user understands the architecture and the deployment strategy.

HG
Real User
2021-08-20T09:07:49Z
Aug 20, 2021

IBM QRadar could improve the plugins and threat detection.

DB
Vendor
2021-08-19T13:53:26Z
Aug 19, 2021

I think they could change their pricing model to be more cost effective. It currently relies on data ingestion. I'd like to see IBM extend their capability with the solution to include more than just fault finding, features such as predictive identification of threads. Having better support for things like MITRE and the ATT&CK chain, and using all of the known attacks that are out there when they're actually spotting events and correlations.

AM
Real User
2021-08-07T06:54:57Z
Aug 7, 2021

There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area.

ST
Real User
2021-08-06T10:41:11Z
Aug 6, 2021

In terms of the GUI, they need to improve the consistency. It has been written by different teams at different times. So, when you go around the interface, you'll find a lot of inconsistencies in terms of the way it works. I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that. Their support should also be improved. Their support is very slow, and it is very difficult to find knowledgeable people within IBM. Its price and licensing should be improved. It is overly expensive and overly complex in terms of licensing.

OK
Real User
2021-07-29T01:30:00Z
Jul 29, 2021

There are two ways you can pull logs: one way is where you can receive logs or send logs using the agents and previous transformation and the other way is where QRadar logs onto the servers using the admin account and then pulls the logs itself. The functionality that I would love to see with that remote pulling is to have the ability to also select what logs its pulling because when you use MSRPC now to receive loads from your log surface, it basically pulls all the events from that server. So even the noisy events that would overshoot your EPS, would also be pulled. So for particularly active or high servers that generate a whole lot of security events, let's say like your SFTP server that has a lot of devices on your network connecting to it, if you try to pull the logs remotely it would overshoot your EPS really quickly. So if they could improve the functionality of the remote pull to also be able to select the logs that it is pulling from the log sources, that would be very, very effective. The reason for the pull is because the agents are not tamper-proof and any administrator can help shut down the service and uninstall the application and a whole lot of other things. Basically, your listening agent is at the mercy of the administrators, and for a security device or security software, that is a big vulnerability, because anybody can then go into the server, stop the agent, and then run any command or make any change they want to do, which would make your monitoring null and void. It would be good if the agent itself could be tamper-proof. And back to the first point, the reason why I prefer the remote pull is if there's no agent on the server and it's the console logging onto the server, your monitoring is much more secure. Regardless of what changes are being made on the server or what's going on the server, if the server is shut down and then a newer version is brought up with the same hostname and IP address, you would not need to go back in and re-install the agent. The console would just automatically connect back to that server once the IP address and the host are back up. Additionally, I would like the rule creation interface to be much more user-friendly in the next release.

OO
Real User
2021-07-17T03:01:11Z
Jul 17, 2021

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

MK
Real User
2021-07-15T07:35:31Z
Jul 15, 2021

The technical support can be improved a little bit, and the price could be cheaper.

VK
MSP
2021-07-13T02:01:26Z
Jul 13, 2021

The implementation of the solution's technology needs to be simplified. It is overly complex. The integration also must be simplified. The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately. These are the different modules we need to buy. IBM does not provide a combined, combo suitor solution which the customer can easily look at. The multiple functionalities are segmented and do not allow for an idea which is complete. It makes it difficult for us to do a realistic comparison with other products. I hope that others follow suit.

AK
Real User
2021-07-12T17:37:21Z
Jul 12, 2021

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. The stability and product support should also be addressed. When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem.

OO
Real User
2021-07-03T05:03:58Z
Jul 3, 2021

The biggest drawback of this solution is the price. The threat detection needs improvement, they have many false positives. It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

HH
Real User
2021-06-24T13:07:45Z
Jun 24, 2021

As per Gartner, maybe the price makes it so that the customers are not going for IBM QRadar. It's a little bit pricey compared to other solutions in the market. More or less that's the area that needs to be improved. That's usually the main concern that we receive from the customers - that it's a little bit pricey. That's the only thing I can say. The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix. You need some advanced customers in order to use the custom rules or to use their rules in order to configure the IBM QRadar in a proper way. Usually, they find it very difficult, especially if they don't have the experience. Sometimes it works and catches whatever we want, however, sometimes it doesn't work. That's in rare cases, however, that's one thing that they need to maybe enhance.

RB
Reseller
2021-06-22T12:40:15Z
Jun 22, 2021

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases. It's resource-intensive. The IBM QRadar team has to be proactive and they have to be informative about the product. They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software. For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

SP
Real User
2021-06-21T07:12:19Z
Jun 21, 2021

In a future release, the solution could provide malware analysis.

MW
Real User
2021-06-18T10:07:18Z
Jun 18, 2021

The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.

JM
Real User
Top 5
2021-06-10T19:34:00Z
Jun 10, 2021

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. There are no additional features which should be added or upgraded in the next release.

SJ
Real User
Top 20
2021-06-08T18:53:00Z
Jun 8, 2021

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features.

SG
Real User
2021-06-08T12:03:00Z
Jun 8, 2021

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

KA
Real User
2021-06-04T12:28:39Z
Jun 4, 2021

This solution is on-premise and many customers are moving to the cloud base solution.

SS
Real User
2021-06-03T10:06:00Z
Jun 3, 2021

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

PK
Real User
2021-05-25T19:18:32Z
May 25, 2021

I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

Real User
2021-05-22T21:05:45Z
May 22, 2021

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive. It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone. It would be ideal if the solution offered new connectors to other systems. The reporting system could use some upgrading.

Chetankumar Savalagimath - PeerSpot reviewer
Real User
Top 5Leaderboard
2021-05-15T12:05:17Z
May 15, 2021

SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment.

RP
MSP
2021-04-16T09:36:53Z
Apr 16, 2021

IBM is going through some problems with its resources currently making its support response time slow.

CM
Real User
2021-03-19T19:57:21Z
Mar 19, 2021

Technical support really needs to be improved. Right now, they aren't where they need to be at all. The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

JB
Real User
2021-03-05T20:13:36Z
Mar 5, 2021

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

RU
Real User
2021-03-05T17:23:52Z
Mar 5, 2021

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

DS
Real User
2021-03-04T08:07:20Z
Mar 4, 2021

There could be better integration with the solution.

JR
Real User
2021-02-19T06:14:15Z
Feb 19, 2021

There needs to be better integration with other applications.

DD
Real User
2021-02-11T16:07:00Z
Feb 11, 2021

The modularity could be improved.

SW
Reseller
2021-02-10T18:53:33Z
Feb 10, 2021

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better. Technical support could be improved by a bit.

OF
Real User
2021-01-26T21:23:14Z
Jan 26, 2021

The support process needs to be improved. Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

Md Saiful Hyder - PeerSpot reviewer
MSP
Top 20
2021-01-26T10:22:50Z
Jan 26, 2021

Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want. It's very limiting for many. You need that flexibility to deploy on any Intel platform. IBM doesn't have people in every corner of the world. Oracle, for example, is actively training and certifying people so that companies will have access to local connections. IBM is lacking this, and therefore it can be difficult to get qualified support when a customer needs it. They should try to replicate the Oracle approach to training and certifications.

AC
Real User
2021-01-24T15:38:21Z
Jan 24, 2021

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required. A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

JJ
Real User
2021-01-24T11:57:00Z
Jan 24, 2021

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved. Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

AS
Real User
2021-01-14T14:07:47Z
Jan 14, 2021

There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.

JN
Real User
2021-01-12T16:38:34Z
Jan 12, 2021

Some of the cloud apps need improvement. In the next release, I would like to see improving the stability of some of the add-on applications.

Abbasi Poonawala - PeerSpot reviewer
Real User
Top 5Leaderboard
2020-12-24T16:58:24Z
Dec 24, 2020

I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.

FC
Real User
2020-12-19T07:31:11Z
Dec 19, 2020

I'm not sure if there are any features missing from the solution. It's pretty complete. The pricing of the solution is a bit high. If they could lower it, that would be ideal.

OO
Real User
2020-12-17T01:08:54Z
Dec 17, 2020

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

JT
Real User
2020-12-10T17:37:00Z
Dec 10, 2020

In terms of where it could be improved, this includes its forensics, incident response, and security operation center features. Additionally, some also struggle with the rules. We need more features in order to create rules to detect or to meet some requirements for other areas, such as catching the event from other authentication tools, like in Okta, for example. In some cases, I have issues because some tools are not integrated in QRadar, such as other tools similar to DLP (Data Loss Prevention). We need to create all the integrations manually because they are not integrated in QRadar. We have a problem, for example, because they have Symantec DLP integrated in QRadar, however, it is not working because it's not detected automatically. It is not converting all the columns, but we do have the option to create manually. This is not difficult because it's very clear in the procedures.

KJ
Real User
2020-12-04T14:16:02Z
Dec 4, 2020

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed. Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network. The GUI and reporting need to be improved. The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

Kamal Abdelrahman - PeerSpot reviewer
Real User
2022-02-15T12:37:14Z
Feb 15, 2022

The solution could improve by having more out-of-the-box use cases.

TG
Real User
2020-11-30T14:46:28Z
Nov 30, 2020

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

it_user1369023 - PeerSpot reviewer
Real User
2020-11-27T11:20:17Z
Nov 27, 2020

A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.

RO
Real User
2020-11-25T19:59:57Z
Nov 25, 2020

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly. The solution is clunky. The interface could be much better. The integration capabilities within the product are not that great.

SH
Real User
2020-11-16T12:57:27Z
Nov 16, 2020

We have had problems with networking.

Artur Marzano - PeerSpot reviewer
Real User
2020-11-13T11:30:59Z
Nov 13, 2020

One thing one has to be aware is that qRadar doesn't have a standard UI style, but older (clunkier) and newer (more modern and easy to use) screens. The QRadar UI involves a lot of clicks and pop-ups to get where you want, which is certainly not the best UX, but isn't totally a pain also. Although it's a bit difficult to navigate through screens at first, the UX is pretty good once you learn the "qRadar way", which takes about a few weeks to master.

GC
Reseller
2020-11-11T16:49:23Z
Nov 11, 2020

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

MM
Real User
2020-10-08T07:25:22Z
Oct 8, 2020

This is a good product, although it does require some fine-tuning. The dashboard is pathetic and it takes a long time to perform a search. The graphics need to be improved. Providing good support is something that they need to work on. It would be helpful if IBM published more use cases.

EK
Real User
2020-09-27T04:10:00Z
Sep 27, 2020

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

DP
Reseller
Top 5Leaderboard
2020-09-09T06:28:59Z
Sep 9, 2020

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

it_user1379427 - PeerSpot reviewer
Real User
2020-07-13T06:55:00Z
Jul 13, 2020

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere. Additionally, there should be integration with IBM Guardian. Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

BB
Real User
2020-06-28T08:51:00Z
Jun 28, 2020

The price of this solution is a little bit expensive, so if it were cheaper then it would help. While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

SO
Real User
2020-06-15T07:33:00Z
Jun 15, 2020

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

VB
Real User
2020-05-12T05:43:00Z
May 12, 2020

They have to build more quantitative monitoring, profiling, and make it more predictive.

NM
Reseller
2020-05-11T06:07:00Z
May 11, 2020

Some of the features should be more cooperative but other than that, everything is okay.

DS
Real User
2019-12-05T02:59:00Z
Dec 5, 2019

I would still like to see a better GUI. improvements have been made but there still a way to go. There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again. In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for 5 or 6 figures in hardware and software, it aught to keep up with my typing. But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

VS
Real User
2019-07-31T02:22:00Z
Jul 31, 2019

We would like to see better instrumentation for debugging changes in the log flow.

AI
Real User
2019-06-16T07:23:00Z
Jun 16, 2019

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer. The ticketing system is not fully automated and needs to be improved. There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team. The pricing needs to be such that they are more competitive with other vendors.

ÖO
Real User
2019-06-13T12:36:00Z
Jun 13, 2019

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment. The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

LB
Real User
2019-06-13T12:36:00Z
Jun 13, 2019

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on. Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement. In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

MA
Real User
2019-06-06T08:18:00Z
Jun 6, 2019

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

GO
Real User
2019-04-29T07:11:00Z
Apr 29, 2019

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

AF
Real User
2019-04-29T07:11:00Z
Apr 29, 2019

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

BK
Real User
2019-04-17T08:37:00Z
Apr 17, 2019

With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels. Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product.

it_user956985 - PeerSpot reviewer
Real User
2019-04-17T08:37:00Z
Apr 17, 2019

It needs more resilience and functionality.

OU
Consultant
2019-04-17T08:37:00Z
Apr 17, 2019

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

DS
Real User
2019-04-11T06:16:00Z
Apr 11, 2019

The quoting and the dashboard session could be improved. It should be more user-friendly. Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.

WP
Reseller
2019-03-31T09:41:00Z
Mar 31, 2019

It would be good if the program allowed certain profiles to only see certain customer information.

it_user934623 - PeerSpot reviewer
Real User
2019-03-28T08:19:00Z
Mar 28, 2019

I would like for them to lower the price.

it_user795519 - PeerSpot reviewer
Real User
2019-03-28T08:19:00Z
Mar 28, 2019

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

it_user797751 - PeerSpot reviewer
Consultant
2019-03-19T10:11:00Z
Mar 19, 2019

The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects. They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal.

TM
Real User
Top 10
2019-03-10T16:43:00Z
Mar 10, 2019

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved. The configuration steps are not easy to follow compared to NetWitness.

NB
Real User
2019-03-06T07:41:00Z
Mar 6, 2019

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them. If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers. We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

it_user970365 - PeerSpot reviewer
Real User
2019-03-06T07:40:00Z
Mar 6, 2019

The first area for improvement is the cost. It's a little bit too expensive for us. Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it. In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

it_user984276 - PeerSpot reviewer
Real User
2019-02-27T08:57:00Z
Feb 27, 2019

They should introduce some automation into the product.

YC
Consultant
2019-02-26T08:25:00Z
Feb 26, 2019

They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement.

DA
Real User
2019-02-25T08:45:00Z
Feb 25, 2019

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client. IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

AS
Real User
2019-02-07T12:28:00Z
Feb 7, 2019

I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions.

RM
Reseller
2019-02-03T08:35:00Z
Feb 3, 2019

I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution.

MA
Real User
2018-11-15T07:11:00Z
Nov 15, 2018

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

VP
Real User
2018-10-29T15:46:00Z
Oct 29, 2018

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

it_user927267 - PeerSpot reviewer
Real User
2018-10-04T17:27:00Z
Oct 4, 2018

There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well.

OS
Consultant
2018-09-09T05:40:00Z
Sep 9, 2018

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused with our requests.

NH
User
2018-09-04T02:41:00Z
Sep 4, 2018

* Data encryption * Flow encryption * Third-party compliance * Its architecture is very complicated. * Its hardware is Lenovo-based.

it_user923115 - PeerSpot reviewer
Vendor
2018-08-30T10:51:00Z
Aug 30, 2018

* Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more. * The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. * I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions.

SS
Reseller
2018-07-22T08:31:00Z
Jul 22, 2018

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

DC
MSP
2018-06-30T07:18:00Z
Jun 30, 2018

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

PL
Real User
2018-06-29T07:18:00Z
Jun 29, 2018

The overall workload automation should be built into it. Part of the efficiency side of it is the ability to take the information as it comes in and assign it into a group. Now, the team leader no longer needs to assign it manually. He manages the workflow as it comes in directly to the individuals. Then, the individuals respond on it. As it closes, it goes back to the workflow, recording the amount of time it took for them to close it. It should show: * How long did it take to get assigned? * How long did it take for the person to open it? Then, you can show that a person may have issues opening network problems.

SO
Real User
2018-06-28T07:18:00Z
Jun 28, 2018

The user interface needs improvement.

it_user398799 - PeerSpot reviewer
Real User
2018-06-28T06:31:00Z
Jun 28, 2018

Keep up with more apps. They need to continue working with other companies to develop apps for integrations. Yes, they currently have 192 apps, but that number is nowhere near the number of security products on the market. That means if your company has a product that is not in the application list then you just have to work a little harder to pull the data you need from the log source. I'm not against hard work, I'm just trying to work smarter and faster. Time is money, so saving time without compromising the end product is a win for everyone. It would reflect well for IBM because it would show they understand the customers’ needs and it would reflect well internally because we would be able to present cleaner dashboards and reports without hours or days devoted to building them.

LY
Real User
2018-06-26T12:31:00Z
Jun 26, 2018

For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.

JK
Real User
2018-06-26T12:31:00Z
Jun 26, 2018

* User/identity modeling needs improvement. However, it seems that they are already focusing on that. * Needs better visualization options beyond the time series charts and a few other options that they have.

DC
Real User
2018-06-12T12:14:00Z
Jun 12, 2018

QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold.

AT
Real User
2018-06-12T12:14:00Z
Jun 12, 2018

The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS.

FA
Real User
2018-06-11T10:36:00Z
Jun 11, 2018

QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one. Plus, it is also vulnerable because the ports used to integrate those log sources with QRadar are well-known and most of them are vulnerable ones.

MD
Consultant
2018-06-11T06:45:00Z
Jun 11, 2018

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

MH
Real User
2018-06-03T09:17:00Z
Jun 3, 2018

The implementation and configuration are not easy. We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk.

WP
Reseller
2017-04-05T06:02:00Z
Apr 5, 2017

I would like to see a more user-friendly product. I would like them to make it much more user-friendly. At this stage, you need to use a lot of widgets to do your searches. To advance searches, you must do a lot of Regex expressions.

JS
Consultant
2017-03-30T06:20:00Z
Mar 30, 2017

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas...
Download IBM Security QRadar ReportRead more

Related Q&As