IBM Security QRadar Reviews

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely. 

The security has improved my organization. 

The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. 

Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.

If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.

We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

Stability is very good. It's better than it used to be. 

Scalability is very good. 

Everyone has used this solution for security purposes. We use it daily.

The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two. 

The initial setup is fine. The moment we send the packets for an update it's easy but then there are challenges for the users. We have actually changed the hardware, so it got updated. We have to check if the problems are due to the hardware or due to the software.

The initial setup normally will take a day. it depends on the number of users. We have 300 users on the system which took around ten days. 

We require five to ten staff members for deployment and maintenance. 

Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.

I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it.

I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast. 

The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.

The configuration steps are not easy to follow compared to NetWitness.

Scalability is good. I have plans to increase usage it just depends on the contracts. If I get more contracts I get more people. Most clients want to manage security and so they would want to outsource their expertise. If they outsource their expertise that means I have to recruit more people.

Their technical support is pretty good. 

The initial setup was easy. It usually takes around three months or so. In terms of the implementation strategy, once we get the correct events sorted, the strategy is to connect enough events sources so that they give you an efficient solution. 

We require five to ten people for setup and maintenance. 

I'm the consultant so we do the implementation ourselves. 

The licensing depends on the customer. The pricing is good.

I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.

We use it to detect security incidents.

• IBM Resilient Incident
• IBM Threat Intelligence
• IBM QRadar is easy to use.

The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects.

They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal. 

The stability is good.

The scalability is good.

I haven't contact the technical support yet.

We have a security consultant for our deployments. 

We haven't deployed yet, but our client has deployed IBM QRadar. We have been monitoring it, creating rules, and fine tuning it. These are my responsibility with respect to QRadar. 

I did not get opportunity or experience to deploy the QRadar into the client's environment.

We are recommending IBM QRadar, SolarWinds, and ArcSight to our clients.

The features make my work easier.

The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.

Customizing it is very easy and it has a user-friendly interface. 

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

The scalability is good. I'm quite satisfied with it.

Technical support is the area IBM should work on. Support is not that responsive. If I open a support ticket, it takes three to four days for them to respond. They take that much time.

I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.

The initial setup was very straightforward. I didn't have to do anything once I installed it and configured it. It was very simple. Other solutions I have worked on, such as McAfee and LogRhythm, are a bit complex. This one is very easy to install and configure.

The deployment takes one to two months, max. The implementation strategy is totally dependent on the number of EPS, the requirements, and the types of log sources. We collect this information and then create our strategy.

I have been an engineer in many firms. I have deployed it by myself. One expert can deploy it. If there are 100,000 EPS you'll need more resources. If you have 5,000 to 10,000 EPS, one person can do it.

IBM has subscriptions plans that run for one year.

Overall, it's much better than other products.

In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.

Our primary use case of this solution is to identify threats. 

We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is. 

This solution has many valuable features but I especially like the Log Manager feature.

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

IBM QRadar is stable and scalable. 

Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.

We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support. 

The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions. 

It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.

We deploy it for our clients.

Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.

I would rate it an eight out of ten. Not a ten because of the complex interface. 

I use it to analyze incidents. 

I like the API and it's easy to use. 

They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement. 

We require eight staff members for the maintenance. 

It's too expensive. 

I would rate it an eight out of ten. 

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution. 

I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution. 

It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.

The initial setup was straightforward. The deployment time depends on each customer. We have customers who have different infrastructures and their deployments are quite different. If we rack and stack it, around two, three days, maximum a week, but configuration and optimization take up to somewhere between six months and one year.

I would rate it an eight out of ten. 

Our primary use case of this solution is for our customer's operations. 

The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.

I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. 

I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions.  

We've only been using it for eight months so we haven't scaled much during this time but it seems to be very scalable. We use it a minimum of eight hours a day.

We used ArcSight.

We did the integration ourselves. It was straightforward. 

It is cheaper than ArcSight. 

I would rate this solution a six out of ten.