IBM Security QRadar Reviews

It's easy for us to see what's happening in the environment. It's very good to see the logs and the analytic stuff.

We can see the vulnerabilities much easier with the product. You see a popup on the screen. We do not have to look for it. It is pushed to us.

It is very expensive; very expensive.

The solution is very stable.

I think it is scalable.

We have used technical support. They are very good and very nice.

We didn't evaluate any alternatives. We have yearly talks with the IBM consulting team. We look at the trends.

When choosing a vendor, we look for a stable and trustworthy company. I think QRadar is the best solution you can get.

We are using it for monitoring different systems, and we are monitoring the logs with QRadar. This is one of the good tools which we have identified, and we are using it for monitoring the application.

Any issues regarding monitoring, if we feel that there is anything going on in the application, QRadar collects the logs, we monitor those logs, and we get alerts for those logs.

Reporting should be very good, and a proper integration with cloud, not only the IBM cloud, but with other clouds also.

The stability is good. I never got a complaint, but sometimes we have difficulty in configuring new applications. Since it is going into the cloud, we have a big challenge how we are going to monitor those applications which are sitting in Bluemix.

The scalability is good. We have been using and increasing the applications most of the time.

I think my team has used technical support. They are responsive, I can say it is 8-9/10.

We were using a different solution, and we moved to QRadar. It has some more benefits than our previous solution. We have totally transferred to QRadar now.

I was not involved in the initial setup.

We have evaluated only the large vendors. As we have a long-standing relationship with IBM, that's why we moved to QRadar. I don't know which other vendors were on the shortlist for evaluation.

If you have the budget, go for QRadar. It depends on the company size. It's expensive.

Most of the time, a well-defined rule helps us to detect and investigate different threat scenarios, especially with the QRadar Vulnerability Manager (QVM) and the asset model. It also gives us a historical correlation of who has been using the box, over that time period.

The pre-canned rules and reports in this product are a huge plus. Along with this, they have new apps to integrate different tools into QRadar’s dashboard. These features are most important, since it provides a single pane for viewing and researching the offenses, thus, saving a lot of time and resolving the complexity of the issues.

This product has room for improvement in a lot of areas including the default emailing template that it uses to alert on offenses.

It also needs a lot of work in terms of the flows and the log source parsing. A lot of the times, it is very difficult to add a new/uncommon log source to this tool, as we need to map a lot of fields, rather than simply extracting these from the payload.

QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.

IBM QRadar is a wonderful product, until they release some patches and that breaks something else. There are many advancements that need to be done in terms of DSMs, when it comes to parsing.

We did encounter stability issues as IBM’s patches are not stable at all. Every time they release a new patch, it breaks certain components immediately and the worst part is, it breaks certain components over a period of 90 days.

Apart from the pricing issues, scaling of the product with the infrastructure is pretty easy and convenient.

Most of the technical support is provided by their L2 support level technicians and I would give them a 7/10 rating.

We have only been using this solution. We have not used any other solutions.

Setting up the equipment and installing it across the network is pretty easy. It is similar to installing a Linux server.

Most of the time, it is easier and cheaper to buy a new product or the QRadar box. For example, with the QRadar Event Collector 1605, as and when you need to expand your EPS and the number of log sources; it’s much cheaper and the boxes usually ship with the default 1000 EPS and 750 log source limit. They have another advantage, i.e., the storage.

We chose this product based on the Gartner Magic Quadrant review. I had gone through a few PoCs and chose this tool, as it is full-proof.

Evaluate your network first. Determine the target audience that you will be monitoring and working on this tool.

It is important to note whether your organization is looking for a compliance-based check mark practice (defensive security), or active threat monitoring and out-of-the-box security posture.

SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.

You have the visibility of different events, thus we can resolve the issue.

They should provide more integration with more devices.

I have been using this solution for three years.

I would give the technical support a 8/10 rating. They are excellent.

The setup was straightforward.

The pricing policy is good.

We looked at another solution, NitroSecurity Inc.

If you have a good budget, then go for IBM QRadar.

Its technology is quite new and it has a predefined set of templates that can be readily used for our business, so we don't have to innovate much. These are some unique features about this tool.

Security: We do have cloud services. It's very difficult to control cloud vendors, when it is for security. But this tool conducts an independent audit and makes sure that security, identity and governance are in check every time.

This tool is more suited for the technical industries or it's more specific for technical security. However, now since new laws are coming out such as the GDP in Europe and the biometric laws, in order to secure patient data, IBM may have to innovate more and incorporate certain legislation / regulations into their tool. It should be readily available to the pharma companies, so that they don't need to struggle to make more templates and thus don't have to tailor it to our needs. It should be a custom off-the-shelf solution, i.e., COTS. So, they're looking for more innovations in that area.

We're just the earlier adoptors of this tool for now. We are in the pharma industry, so we have started doing pilots across different functions in the organization. It will take us around one or two years to come to a conclusion in regards to the stability of this solution.

It is a little bit too premature for me to comment on scalability but it is quite good, because they have already identified 10-11 projects that we we'll be using with this tool. So, we don't think scalability is going to be an issue.

We do use technical support. We are IBM customers and IBM controls our infrastructure for the company. We do use their technical and business analysts. They were very helpful and knowledgeable. They are prepared for the pharma industry. That is very important for us.

We were not previously using a different solution. IBM approached us with best practices and they conducted a survey. They control our infrastructure and security; they advised us in regards to the product. After a series of discussions, our management decided to go ahead with certain pilots, so as to see the efficiency and then finally decided on this solution.

We are a grounded manufacturing and pharma organization, thus we are looking for vendors with proven skill sets in that arena. We are bound by more regulations than any other industry, so we look for certain certifications that the vendor should have. They should be compliant with the USFDA guidelines, before we select a vendor. After we start evaluating vendors, it does depend on the versatility and the scalability of the solutions.

Currently, there are a couple of vendors in the shortlist. After we complete our pilot, we will be choosing one single vendor. We are a SAP shop for ERP, so we did have some discussions about the interoperability within IBM and SAP. I think both of them are good partners in that area. At this point, we are not looking for any other vendors.

The solution seems to be very promising on paper, i.e., in theory, some things look good but practically, after we apply the solution in the next one or two years, we'll come to know more.

You should first conduct an assessment from IBM and the system should follow the selection of the tool. You should not just go by what you want, but instead by what you need. Most of the companies don't know what they need in terms of the security.

It gives us more visibility in terms of the threat surface and to proactively look at mitigation measurements, in terms of managing our risks. As our side business is increasing, it gives us a better way to handle of things.

We are using this SIEM solution, which is pretty good in terms of detecting threats and managing the intelligence for us.

In the next release, I obviously would want to see more integration to the cloud-based services such as Microsoft Azure and the other line of business applications, so that we have a comprehensive view on a hybrid cloud stack.

The stability of this product is pretty good. It's helping us a lot and they keep on adding new features. Thus, as a platform, it's quite stable.

Scalability is good because it is a cloud-based offering and a managed services offering solution. The scalability is left for IBM to manage, so it's not a headache for us to manage.

We have used the technical support on and off. Since it's on a 24/7 SLA, it gets managed well. It is pretty good. On a scale of 1-10, I would give it an eight.

The setup was a bit complex. But as a project team, we pulled it through. It was complex because you need to understand the product and they need to understand our business requirements, as all of this is in the setup. So, it's not a straightforward payoff by just putting us off way there.

The SIEM solutions list we looked from included IBM, Cisco and Check Point.

The most important criteria while selecting a vendor are that it is a future-proof and tabulating solution. Also, the other factors involved are being a global leader and getting us up there as well.

The primary reason as to why we chose IBM is because we had a significant local presence. Also, QRadar's portfolio and its features on the Gartner's website were pretty much at the top end, i.e., as a leader in the leadership aspect.

This is quite an established solution so, I will have no hesitations in recommending it.

The most valuable features are its ease of use and that it provides good return on investments. It's the best solution out there, in my opinion.

It brings down the time for our incident handlers to find incidents within our environment, to track down new threats and to keep them gainfully employed, by finding the new problems that we see.

I'm not really sure in regards to any additional features, because everything I've seen on the roadmap looks good. So, I'm pretty happy with that.

There is always scope for improvement. The QRadar WinCollect feature needs to be improved. The Windows Log collection is sort of problematic and needs to work better.

A little bit more improvement needs to be brought about in the Watson integration and I still need to see how that works. A little more improvement can be brought about in the User Behavior Analytics and Network Analytics. That would be great.

We've had no issues with its stability or scalability.

The technical support is very good. After the Q1 Labs integration into IBM, they kept the same people. I'm a long-time user and I keep talking to the same people year after year.

It's worth the cost. There are a lot of other options out there that are way more expensive, and that may be better in certain areas, but in my opinion, the overall best solution is QRadar.

First, make sure that it's sized right and read all the manuals, before you do it.

Interoperability with other products is what I look for in a vendor. An open API is the big thing. I want be able to make sure that if I buy something, it will be able to talk with other products. I won't need to keep going down the same path, i.e., if I buy company X, I have to buy company X products all the way; otherwise, they won't talk to each other. Being able to talk with other products really makes a difference.

• User behavior analytics.
• Alert features on any suspicious activities.
• It contributes a lot of knowledge towards your network environment.

You can add value once you connect a lot of syslogs of a lot of applications to the actual SIEM product. It pretty much does the monitoring of our network, so just having the tool secures the environment itself.

I don't have any particular suggestions at the moment, but giving the ability to their business users to leverage the functionality well is important. Right now, the way we use it internally is mainly just for our security team, but other products, like Splunk, for instance, do monitoring on not only the network but also monitoring of system performance.

Server performance is important, whether or not the application is up or down or things of that nature.

The product is very stable.

The product is very scalable.

Technical support is good. It's not great, it's good. When you leverage the tier 1 folks just to do some troubleshooting, it takes a bit of time to transition a case over. They could improve that turnaround time, especially when the first level guy doesn't know exactly what's going on or doesn't know the answers to the questions.

I wasn't directly involved in the initial implementation. I wouldn't say it's complex, but I mean just by enabling different data sources, you can go crazy with it and enabling them all in one shot is just too much.

Taking your time is probably a better approach so, that way, things operate smoothly and you can fine-tune things as you start seeing the network activity.

Ensure that it's scalable and that you have good customer support. Also, take your time doing the implementation.