IBM Security QRadar Reviews

Depending on the organization's needs the solution can monitor different types of security through logs.

I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.

There could be better integration with the solution.

I have been using the solution for approximately three years.

Every solution has some bugs and other issues but for the most part, this solution is stable.

The solution is scalable. The amount of users is dependant on what your needs are. You can have many users having access to the solution. For example, out of a 5,000 person network, you could have five with access to it for security. 

The solution has great support. Whenever we had an issue they were able to give us support within 15 minutes.

The installation was easy but this can depend on what appliances you want to install it on. If it is VMware, then the installation is easy, it took me 30 minutes.

We did use a consultant to do the deployment and we only needed one technician.

The solution is priced fairly, there is a license for the solution, and we pay annually.

I would recommend the solution to others and we plan to continue using it in the future.

I rate IBM QRadar a nine out of ten.

We are a service provider and we are providing the solution as a managed service for multitenancy security.

The solution is flexible and easy to use.

IBM is going through some problems with its resources currently making its support response time slow.

I have been using the solution for a couple of months.

I find the solution reliable. 

The solution is scalable. We have 15 customers using it at the moment.

The support could be a lot better by being faster.

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

The installation was a little difficult and could be made easier.

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

The solution has a good technical team.

The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

We have compared Securonix and many other solutions to this one.

I rate IBM QRadar a nine out of ten.

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries. 

Overall a great solution.

There needs to be better integration with other applications.

We have approximately 40 users using the solution.

The technical support is good.

The installation is complex.

We do the deployment for the solution.

I rate IBM QRadar a ten out of ten.

We are using QRadar as a managed service.

This product helps us to find security incidents before they become a problem to the business. We are able to attend to them quicker and we can put protection in place so that should they occur again, we are able to deal with them more easily.

The most valuable feature is the ease of use.

The modularity could be improved.

We have been using IBM QRadar for three years.

This is a very stable product.

We have had no issues with scalability and we have approximately 1,500 users. We are not using its full capabilities at the moment because we are still growing. In the next year or two, we will see.

I don't deal with IBM directly. Rather, I deal with our service provider and they deal with IBM.

The initial set was very easy for us because we just bought what we were looking for, and not the entire infrastructure.

The company that we subscribe to for this service takes care of the installation, maintenance, and management of it. They give us updates that concern the features we use, so the maintenance doesn't affect us much.

We use QRadar as a managed service and we pay licensing fees to the partner.

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

We primarily use the solution for log collection and security incidents as well as event management.

We benefit the most from the integration on offer. IBM QRadar offers a solution to our enterprise customers, and certainly, the admin has been benefiting from it, in terms of having more visibility on what's happening on the network in terms of events, flows, et cetera, and all in real-time. 

In general, the product is awesome. It's almost perfect.

The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.

The initial setup is pretty straightforward.

The stability is good.

We've found the scalability to be excellent.

It offers all of the specifications of the hardware that we need.

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better.

Technical support could be improved by a bit.

I've been dealing with the solution for five years at this point.

The stability of the solution is very good. It's reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's been good.

There's nothing better than QRadar when it comes to scalability. You can scale it to 100,000s of events per second. It can be scaled as much as you want. It has no limitations to it.

Technical support is okay. On a scale from one to ten, I would give them an eight. They could do better, however, we are mostly happy with their level of support.

The initial setup is not complex at all. It's quite straightforward. If a company implements this solution, they shouldn't have any issues with the setup process at the outset.

How long it takes to deploy depends on the size of the environment and the company. If it's a small enterprise, it can be done basically in a week or so. It's all about not just the department, however. It's all about collecting the log sources to integrate into it. That is where the process takes time. If the log sources are put together, things become much easier to handle. It's quicker and easier to define the rules, correlations, and reporting. The most time spent at the outset is in collecting the log sources and getting the log sources to send the data to.

The deployment process doesn't need many people. It depends on the deployment structure at first. If it treats a distributed architecture, of course, you need a couple of guys to be on board. However, then it's not only about deploying the solution, it's all about integrating the solution with different products or different platforms. That is where the time goes in. It's not a one-person job. Right from the application database, metro securities, and different controls that are in place, they all need to be integrated into the center. If we're talking about an enterprise, the team in an enterprise is equally responsible for waiting for those things to integrate.

The NEMA licensing structure is very easy. It's far better than the previous licensing structure they had. They charge you based on the number of events per second and flows per second, and that's the beauty of it. The rest of the components are complimentary. That's it. It's not a complex process of licensing anymore. It's very simple and straightforward.

We are resleers of QRadar.

In general, we have been quite happy with the solution. I would rate it nine out of ten.

We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving.

When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role.

It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved.

Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

I have been using IBM QRadar for more than two years.

It is a stable product.

It takes two to three people for its management, but it purely depends on the scope of the security operations center, the SOC.

It is scalable. 

It's kind of non-direct user component. It sits under the security operations center, so it won't be visible to the user, but it will be covering devices and users. It can support 100 to 10,000 devices. So it's kind of a back instance.

In terms of plans to increase usage, I'm currently in a management level, so I'm no longer into the directly technical part. But if there is a requirement, IBM QRadar is definitely one of my preferences.

IBM technical support is good.

We were using ArcSight from Micro Focus, but we were having some challenges integrating with the systems, with the APIs, and with the connectors. That's why we moved to IBM.

The initial setup is at an intermediate, medium level. It's not that straightforward, but not that complex either. The only thing is that their licensing model is a bit complex because they charge for a couple of components like EPS and NetFlow, so that kind of licensing charging is a bit tricky. But all in all, it's a medium, not that complex.

I think it was set up within a month. But use-case finalization and other configurations took another month. It's kind of a two to three month project to move to production completely.

Our licensing is yearly. But it's based on Event Per Second, which is one of the models. Storage capacity for log management is also considered with the fees. Licensing is a bit complex in IBM, as well. Different aspects needs to be considered.

I would recommend IBM to others who want to start using it.

On a scale from one to 10, I would rate IBM QRadar a seven.

The most valuable feature is user behavior analytics (UBA).

The EPS and FPS graphs are helpful.

The collecting of logs and processes is very good.

The support process needs to be improved.

Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

I have been using IBM QRadar for about one year.

QRadar is a very stable product.

The whole process for support is something that needs to be improved. You have to create a case, export the log and attach it to the case, then an engineer will clarify what you need to export and attach it to the ticket or support case, and so on. When you're working with a system that does not have good bandwidth, it makes it even more stressful. It is a lot of work and it should be easier to do.

My colleague has worked more with support and the feedback that I have heard is that they are quite good. It's the process that I am complaining about.

The initial setup is pretty straightforward.  We had several logs to integrate so it took a week and perhaps a few days.

I would rate this product a nine out of ten.