IBM Security QRadar Reviews

I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant. 

A valuable feature is the detection capability. I like that the solution can use data other than log data which means that things like vulnerability data, network data and the like, are part of the correlation and detection.

I think they could change their pricing model to be more cost effective. It currently relies on data ingestion. I'd like to see IBM extend their capability with the solution to include more than just fault finding, features such as predictive identification of threads. Having better support for things like MITRE and the ATT&CK chain, and using all of the known attacks that are out there when they're actually spotting events and correlations. 

I've used this solution for 10 years. 

The solution is very scalable. 

Technical support is pretty good, but sometimes when the problems are complex they can be slow to respond. 

The initial setup is very easy. I think it's one of the easiest SIMs to use. 

IBM has recently come out with a new version called Cloud Pak for Security but I haven't used it yet. It contains not just QRadar, but also IBM's resilience incident response products. 

I recommend the solution but because of the issues with pricing and technical support, I rate the solution seven out of 10. 

It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important. They need to know that other energy players are also using it.

There should be easier and wider integration opportunities. There should be more 
opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area. 

I have been using this solution for three years.

We have five to ten customers of this solution. My impression is that it can cost a lot to scale upwards. It didn't bother us in most cases, but that could be a problem for SMEs at times.

Their support during the operation seems fine. I'm a consultant, and very often, I am offsite. I am not there when clients get into operating QRadar in the long run. So, I know more about implementation than the operation itself.

It requires expertise. If you have the right personnel, you can manage. It wouldn't be easy for a client and admins to set it up without proper support or support from QRadar itself.

Setting it up requires an assistant like us. QRadar plays a role there, but that's not enough. There is also the language barrier. Not every Hungarian company is good in English, and IBM naturally doesn't have full Hungarian support.

It requires cooperation between clients and us. Typically, we send a team of five people that includes tech guys, a project manager, and maybe one process guy, if needed. Generally, you don't have 360-degree professionals, so you have someone good in networking, someone good in log management or log analysis, and so on. Because of that, we need this kind of team. 

The client also has a few people. Typically, we send in more people than the client. These are not full-time people on our side and client-side. 

It could be cheaper, but the value itself is far more important for us than the price. Typically, our clients have yearly subscriptions.

I don't know what I would recommend for SMEs because we never worked with SMEs, but I would be very careful in recommending QRadar for SMEs. 

I would rate IBM QRadar a nine out of 10.

We are using the current version.

The solution supports MSSP models, which most service providers have. This means that a single system can be onboarded for all 200 existing customers for monitoring purposes. 

The implementation of the solution's technology needs to be simplified. It is overly complex. 

The integration also must be simplified. 

The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately. These are the different modules we need to buy. 

IBM does not provide a combined, combo suitor solution which the customer can easily look at. The multiple functionalities are segmented and do not allow for an idea which is complete. It makes it difficult for us to do a realistic comparison with other products. I hope that others follow suit. 

We have been using IBM QRadar for almost eight-and-a-half years. 

No doubt about it, the solution is extremely stable. 

The solution needs to be redesigned to allow for scalability or for extending it to the existing one. There is a need to do long-term planning and migration from an existing to a new one and this cannot be easily accomplished. Storage cannot be added to the installation. One must completely migrate to the new storage to add additional terabytes. 

As such, the solution is not quite scalable. The scalability exists, but it requires migration. 

We are very happy with the technical support. 

The initial setup was extremely complex. 

We made use of an integrator. 

We have nearly two hundred customers making use of the solution.

We have direct contact with Ingram Micro or have a service partner relationship with it, but work directly with IBM as our ISP. 

We are a managed security service provider and wholesale customer of IBM QRadar

We buy a bulk license from IBM QRadar and host around 200 plus customers in a single integration so that all the customer events will be integrated in one solution. We are not integrators and do not resell their services.

As such, we don't buy the license or sell the tools to others. We will buy a license, inclusive of the services, host it with our private cloud and provide services to the end clients.

Our customer base of IBM users is limited. When it comes to a security operations center team, IBM will be looked to for providing security monitoring on an ongoing basis. We must see that it is working as it should be. 

I would recommend this solution to others. 

I rate IBM QRadar as an eight out of ten. 

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.

There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.

The flexibility is good in terms of pulling log files.

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.

It's resource-intensive.

The IBM QRadar team has to be proactive and they have to be informative about the product.

They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.

For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

I have been working with IBM QRadar for approximately four years.

I moved into consulting, at the architectural level. I'm not working at the core level but I know the basics of QRadar and how exactly it functions. 

Technical support is good. 

My personal experience was fantastic. They are always good and we have never had any problems.

There are a lot of online resources available.

When compared with other SIEM solutions, QRadar is considerably less expensive. I would like to compare it with Elasticsearch because they have different pricing strategies.

QRadar is events per second, EPS-based, whereas Elasticsearch is resource-based. You have to estimate based on how many resources will be used in the infrastructure, irrespective of log resources and log volumes. 

They are charging based on the resources. 

I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.

There are many competitive tools that are emerging regarding XDR solutions or SO solutions, which are capabilities that QRadar offers.

The competition is very different from the geographical locations.

For the Indian market, locally, they are still working on the old SIEM structure. It is a very generic SIEM model. Western countries, especially North American clients, are advanced in terms of moving the infrastructure to the cloud. Some have OT security and they're also doing some Office 365 advancements and several advanced search engines for endpoint detection.

They are expecting that nothing is left behind without using any licenses. Microsoft provides part of the security services if you go with the EFI license.

As vendors, we need to counter with the important visibility areas, and the critical access, which needs to be monitored as part of security. 

I would rate IBM QRadar a seven out of ten.

This a Security Information and Event Management (SIEM) solution and we use it for many purposes.

One of the most valuable features of this solution is it has very good data correlation.

In a future release, the solution could provide malware analysis.

I have been using this solution for approximately three years.

The solution is stable.

The scalability is good and we have approximately 200 users using this solution.

The technical support has been very good in my experience.

The initial setup was straightforward.

There is a license required for this solution. There are some limitations depending on what license you purchase.

I would recommend this solution.

I rate IBM QRadar an eight out of ten.

The product provides a very defined solution. It provides a complete platform for ingesting the log, doing the correlations and handling the runtime.

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

I have been using IBM QRadar for approximately four years.

IBM QRadar is a very stable product.

The product is very scalable and this can be done to a number of endpoints and towers. However, this is not very feasible, as it depends on the available in-house infrastructure. 

Technical support is very helpful. They are very knowledgeable. While the geographic location can sometimes pose a challenge, my overall experience with the technical support team has been very positive.

The complexity of the initial setup is intermediate. It is neither straightforward nor complex but somewhere in the middle. A person with experience working in a security operation center and who is experienced with correlation rules and use cases can directly configure into the solution. 

Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship.

I rate IBM QRadar as an eight out of ten. 

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

I have been working with IBM QRadar for the last four years.

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

As compared to LogRhythm, IBM QRadar's pricing is moderate.

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

The SOAR features are very good.

The product is able to handle special requests.

It can effectively search local files.

We are able to deploy in two or more different locations.

The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems. 

The initial setup is pretty straightforward.  

The solution is stable.

The product can scale.

Technical support is good overall.

Qradar has a lot of integration capabilities with different security products.

If we talk about functionality in general for SIEM systems, it's good.

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.

It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.

It would be ideal if the solution offered new connectors to other systems.

The reporting system could use some upgrading.

We've been using the solution for at least the last 12 months or so.

The stability is good. there are no bugs or glitches. It doesn't crash or freeze.

The scalability of the product is very good. Sometimes we get requests for specific functionality and usually, we can accommodate that.

Generally, we are happy with technical support. They are helpful and responsive.

The initial setup is very simple for our customers due to the fact that the first step is a demo for a customer. We need about 5 to 15 working days to make this demo. We talk about making a core system. It's not difficult to make over the Qradar SIEM. After that, if the customer needs some special function for, for example, different parts of the organization, we can propose some separate parts of SIEM. That's about two or eight weeks away. 

In general, for a SIEM project, you are looking at a deployment time of about two til eight months. 

As integrators, we can help advise clients and assist in the deployment process.

IBM Qradar has an interesting scheme for payments. They have annual payments for customers who use subscriptions for some services. I can't see any problem with the current financial scheme for this product generally. It's okay.

We are implementors. Our customers are the ones that use IBM Qradar.

We are an IBM partner.

We strongly recommend to our customers use the latest version of Qradar. It's important for security. We tend to use the latest in general.

Our customer is a government organization, including some ministries. Therefore, they use on-premise deployments only. However, they have some plans for hybrid clouds or private clouds in the next three or four years. That said, it's very hard to say exactly as the work at the ministry is about security. On-premise is deemed to be more secure.

I'd rate the solution at a nine out of ten.