IBM Security QRadar Reviews

We use IBM QRadar for user behavior analytics and incident handling.

The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

I have been using IBM QRadar for four years.

We have three customers using it and these customers have 100 to 300 users.

Getting support sometimes takes time.

The initial setup was quite straightforward.

We had the complete deployment and it was up and running in half a day.

You can implement it by yourself.

I would recommend IBM QRadar to other people who want to start using it.

On a scale of one to ten, I would give QRadar a nine.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The solution is easy to use, manage, and review all incidents.

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

I have been using IBM QRadar for approximately four years.

The solution is very stable.

We have approximately three customers and the total users that are using it would be approximately 200.

The initial installation was straightforward, we were able to have it running in half a day.

I do the implementation and maintenance of the solution.

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

Technical support has room for improvement.

The initial setup is easy.

Licensing costs are reasonable.

I rate the solution nine out of 10. 

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

I use QRadar for cybersecurity defense, operation, and to improve performances.

I like that it's easy to use and the performance is good.

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

I have been using IBM QRadar for four years.

IBM QRadar is a stable solution, but it could be more stable.

IBM QRadar is a scalable solution. We have about 100 users at the moment.

I remember that I opened ten or 20 cases to receive support from IBM over three years.

The initial setup and deployment are very easy. I think it took us about a month to implement this solution. We have a team of two, one manager and one technical, to deploy, manage, and maintain this solution.

We installed this solution with the help of a consultant.

The price could be better. I bought a subscription for three years. 

On a scale from one to ten, I would give IBM QRadar a seven.

Our primary use case is for monitoring global infrastructure.

The feature that I have found most valuable is how it monitors the real network. That is its leading security feature.

In terms of what could be improved, I'd say do nothing, in its current state it does quite okay for now.

The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good

I have been using IBM QRadar for more than five years.

I'm using the latest version of QRadar.

The stability is very good. Its operation is very good.

We have less than five people using it.

For us, as a small security company, it is covering our needs and our growth.

Customer support is good. When an incident gets raised there is a 10 day response.

The initial setup was complex.

We use the vendor for everything. That is the style of the corporation. For these jobs the responsibility and knowledge is on the vendor's side.

Implementation is over time and the maintenance price for QRadar is competitive.

On a scale of one to ten, I would give IBM QRadar a seven.

Overall, I would of course recommend this product to others because of all its functionalities.

We are using IBM QRadar for threat protection and management.

IBM QRadar could improve the plugins and threat detection.

I have been using IBM QRadar for approximately seven years.

The solution is stable.

I have found IBM QRadar to be scalable.

The price of this solution is reasonable.

I rate IBM QRadar a seven out of ten.

We use IBM QRadar to monitor security logs across the network.

One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like ForeScout, Carbon Black, and the rest. Additionally, the ability of the agents to filter using XPath query to filter out the specific events you want to pick from, especially Windows log sources, is also very useful. That goes a long way in managing the EPS of the solution.

There are two ways you can pull logs: one way is where you can receive logs or send logs using the agents and previous transformation and the other way is where QRadar logs onto the servers using the admin account and then pulls the logs itself. The functionality that I would love to see with that remote pulling is to have the ability to also select what logs its pulling because when you use MSRPC now to receive loads from your log surface, it basically pulls all the events from that server. So even the noisy events that would overshoot your EPS, would also be pulled. So for particularly active or high servers that generate a whole lot of security events, let's say like your SFTP server that has a lot of devices on your network connecting to it, if you try to pull the logs remotely it would overshoot your EPS really quickly.

So if they could improve the functionality of the remote pull to also be able to select the logs that it is pulling from the log sources, that would be very, very effective. The reason for the pull is because the agents are not tamper-proof and any administrator can help shut down the service and uninstall the application and a whole lot of other things. Basically, your listening agent is at the mercy of the administrators, and for a security device or security software, that is a big vulnerability, because anybody can then go into the server, stop the agent, and then run any command or make any change they want to do, which would make your monitoring null and void. It would be good if the agent itself could be tamper-proof. And back to the first point, the reason why I prefer the remote pull is if there's no agent on the server and it's the console logging onto the server, your monitoring is much more secure. Regardless of what changes are being made on the server or what's going on the server, if the server is shut down and then a newer version is brought up with the same hostname and IP address, you would not need to go back in and re-install the agent. The console would just automatically connect back to that server once the IP address and the host are back up.

Additionally, I would like the rule creation interface to be much more user-friendly in the next release.

I have been using IBM QRadar every day for the last 12 months.

In terms of stability, it is very stable. In the almost two years in the environment, there has been only one issue. It was a disc failure and that was replaced within a week by the OEM.

Scalability might be an issue, but maybe it's because in our environment we do not use the application host. Since we use on-premise appliances we did notice that performance degraded a little when we added some plugins. So the recommendation was that we should have a separate application server that would host the application and then interface with the plugins and interface with the management console. But we do not have that within our environment so I can't speak to whether that would improve performance.

IBM tech support has been responsive.

I believe the initial setup was straightforward but I was not here for the setup, although I did not get any complaints.

The license is a yearly one.

I would recommend IBM QRadar. The user interface is really great and it simplifies the task of monitoring your environment.

On a scale of one to ten, I would give IBM QRadar an eight.