IBM Security QRadar Reviews

The price is very good. It's quite reasonable.

The solution's performance is excellent. The stability is excellent.

We've found the technical support to be very good.

The pricing is very good.

The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.

I've been using the solution for approximately two years or so.

The stability of the product has been great. It's from 80% to 90% is stable. There are very few bugs or glitches. It doesn't crash or freeze. If you do run into issues, technical support is quite helpful. 

The product works well for small or medium-sized enterprises.

The technical support has been great so far. If you run into any kind of issue, their support is available. They are very helpful and extremely responsive. We're quite satisfied with their level of service. I'd give them a rating of 90% to 95%.

The pricing of the solution is quite reasonable.

We're a customer and an end-user. We don't have a direct business relationship with IBM.

Overall, I would rate the solution at a nine out of ten. We've been extremely satisfied with the product so far.

I'd recommend the solution, however, depends upon a company's budget and requirements. For small and medium enterprises, QRadar is the best solution, due to its price and performance.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

I have been working with IBM QRadar for the last four years.

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

As compared to LogRhythm, IBM QRadar's pricing is moderate.

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

The SOAR features are very good.

The product is able to handle special requests.

It can effectively search local files.

We are able to deploy in two or more different locations.

The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems. 

The initial setup is pretty straightforward.  

The solution is stable.

The product can scale.

Technical support is good overall.

Qradar has a lot of integration capabilities with different security products.

If we talk about functionality in general for SIEM systems, it's good.

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.

It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.

It would be ideal if the solution offered new connectors to other systems.

The reporting system could use some upgrading.

We've been using the solution for at least the last 12 months or so.

The stability is good. there are no bugs or glitches. It doesn't crash or freeze.

The scalability of the product is very good. Sometimes we get requests for specific functionality and usually, we can accommodate that.

Generally, we are happy with technical support. They are helpful and responsive.

The initial setup is very simple for our customers due to the fact that the first step is a demo for a customer. We need about 5 to 15 working days to make this demo. We talk about making a core system. It's not difficult to make over the Qradar SIEM. After that, if the customer needs some special function for, for example, different parts of the organization, we can propose some separate parts of SIEM. That's about two or eight weeks away. 

In general, for a SIEM project, you are looking at a deployment time of about two til eight months. 

As integrators, we can help advise clients and assist in the deployment process.

IBM Qradar has an interesting scheme for payments. They have annual payments for customers who use subscriptions for some services. I can't see any problem with the current financial scheme for this product generally. It's okay.

We are implementors. Our customers are the ones that use IBM Qradar.

We are an IBM partner.

We strongly recommend to our customers use the latest version of Qradar. It's important for security. We tend to use the latest in general.

Our customer is a government organization, including some ministries. Therefore, they use on-premise deployments only. However, they have some plans for hybrid clouds or private clouds in the next three or four years. That said, it's very hard to say exactly as the work at the ministry is about security. On-premise is deemed to be more secure.

I'd rate the solution at a nine out of ten.

Depending on the organization's needs the solution can monitor different types of security through logs.

I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.

There could be better integration with the solution.

I have been using the solution for approximately three years.

Every solution has some bugs and other issues but for the most part, this solution is stable.

The solution is scalable. The amount of users is dependant on what your needs are. You can have many users having access to the solution. For example, out of a 5,000 person network, you could have five with access to it for security. 

The solution has great support. Whenever we had an issue they were able to give us support within 15 minutes.

The installation was easy but this can depend on what appliances you want to install it on. If it is VMware, then the installation is easy, it took me 30 minutes.

We did use a consultant to do the deployment and we only needed one technician.

The solution is priced fairly, there is a license for the solution, and we pay annually.

I would recommend the solution to others and we plan to continue using it in the future.

I rate IBM QRadar a nine out of ten.

We mostly use the product for PCI compliance.

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

It is generally very stable. We've had odd little breakages, however, generally, nothing major has gone wrong. The performance is good. It's a reliable product.

The scalability aspect of the product is very good. That was one of the reasons that we bought it. If a company needs to expand it, it can do so with relative ease. It's not hard.

Currently, all the members of the tech ops team use the product, and there are five of them.

We may not increase usage; we may switch to something else. That has yet to be determined. It's not set in stone.

We've used technical support in the past and we haven't been satisfied with the level of service on offer.

Trying to get answers out of IBM is like trying to get blood out of a stone. They need to be more helpful and responsive. Right now, they aren't either of those things.

The initial setup was not difficult or complex. It was very straightforward. A company should have too much trouble with the process.

The deployment process was very, very quick as well. There is a collector deployed on our network. We spun that out. You point your log sources at it, you point it at some IP addresses that IBM gives you, and it just works.

We did not use an integrator or consultant for the deployment. We handled it ourselves, with our own staff. Everything was done in-house.

The product is not a cheap solution. it's quite expensive.

We do also pay more in order to use Watson.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

We are just a customer and end-users. We don't have a business relationship with IBM.

We are using the latest version of the solution, as we have the cloud version of the product. Whatever the latest version is, IBM upgrades it automatically. We don't need to worry about that on our end.

In general, I would rate the solution at a seven out of ten. If it were cheaper it might rate a bit higher, however, for the most part, it does what we need it to do.

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. 

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. 

Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

I have been using this solution for five years.

It is absolutely stable. It depends upon how the implementation has been done. We definitely have the skills to do this kind of implementation. We ensure that a customer's environment is absolutely protected.

It is very scalable, but it also depends upon how the implementation was done. We are providing services to one of the major brands in India. They have somewhere around 30,000 devices. We are currently managing more than 1 lakh QRadar users.

QRadar has a good technical team. They provide timely support whenever a ticket is raised.

Deployment of such solutions always takes time because these solutions are not simple. You should have the expertise and you should understand what is really needed for the business. We understand the real business need, and accordingly, we implement the policies.

We have been managing some of the security tools for the past 11 years. We have expert engineers who can help our customers with installation, configuration, planning, designing, and other things.

If you have an environment of 5,000 or 10,000 devices, three to five people should be enough to manage it.

Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for.

I would rate IBM QRadar a nine out of ten.

We are using QRadar as a managed service.

This product helps us to find security incidents before they become a problem to the business. We are able to attend to them quicker and we can put protection in place so that should they occur again, we are able to deal with them more easily.

The most valuable feature is the ease of use.

The modularity could be improved.

We have been using IBM QRadar for three years.

This is a very stable product.

We have had no issues with scalability and we have approximately 1,500 users. We are not using its full capabilities at the moment because we are still growing. In the next year or two, we will see.

I don't deal with IBM directly. Rather, I deal with our service provider and they deal with IBM.

The initial set was very easy for us because we just bought what we were looking for, and not the entire infrastructure.

The company that we subscribe to for this service takes care of the installation, maintenance, and management of it. They give us updates that concern the features we use, so the maintenance doesn't affect us much.

We use QRadar as a managed service and we pay licensing fees to the partner.

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.