IBM Security QRadar Reviews

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

I have been working with IBM QRadar for the last four years.

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

As compared to LogRhythm, IBM QRadar's pricing is moderate.

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

I have been using this solution for approximately four years.

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

I am evaluating Splunk.

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

The SOAR features are very good.

The product is able to handle special requests.

It can effectively search local files.

We are able to deploy in two or more different locations.

The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems. 

The initial setup is pretty straightforward.  

The solution is stable.

The product can scale.

Technical support is good overall.

Qradar has a lot of integration capabilities with different security products.

If we talk about functionality in general for SIEM systems, it's good.

In terms of the government sector, sometimes they do not have enough money to buy a full SIEM. That's why they ask about some parts of the SIEM system or core. It can be expensive.

It would be ideal if they offered a barebone setup alongside an appliance. It's very interesting for different kinds of customers. Most of them prefer the core appliance, yet some of them prefer barebone.

It would be ideal if the solution offered new connectors to other systems.

The reporting system could use some upgrading.

We've been using the solution for at least the last 12 months or so.

The stability is good. there are no bugs or glitches. It doesn't crash or freeze.

The scalability of the product is very good. Sometimes we get requests for specific functionality and usually, we can accommodate that.

Generally, we are happy with technical support. They are helpful and responsive.

The initial setup is very simple for our customers due to the fact that the first step is a demo for a customer. We need about 5 to 15 working days to make this demo. We talk about making a core system. It's not difficult to make over the Qradar SIEM. After that, if the customer needs some special function for, for example, different parts of the organization, we can propose some separate parts of SIEM. That's about two or eight weeks away. 

In general, for a SIEM project, you are looking at a deployment time of about two til eight months. 

As integrators, we can help advise clients and assist in the deployment process.

IBM Qradar has an interesting scheme for payments. They have annual payments for customers who use subscriptions for some services. I can't see any problem with the current financial scheme for this product generally. It's okay.

We are implementors. Our customers are the ones that use IBM Qradar.

We are an IBM partner.

We strongly recommend to our customers use the latest version of Qradar. It's important for security. We tend to use the latest in general.

Our customer is a government organization, including some ministries. Therefore, they use on-premise deployments only. However, they have some plans for hybrid clouds or private clouds in the next three or four years. That said, it's very hard to say exactly as the work at the ministry is about security. On-premise is deemed to be more secure.

I'd rate the solution at a nine out of ten.

We mostly use the product for PCI compliance.

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

It is generally very stable. We've had odd little breakages, however, generally, nothing major has gone wrong. The performance is good. It's a reliable product.

The scalability aspect of the product is very good. That was one of the reasons that we bought it. If a company needs to expand it, it can do so with relative ease. It's not hard.

Currently, all the members of the tech ops team use the product, and there are five of them.

We may not increase usage; we may switch to something else. That has yet to be determined. It's not set in stone.

We've used technical support in the past and we haven't been satisfied with the level of service on offer.

Trying to get answers out of IBM is like trying to get blood out of a stone. They need to be more helpful and responsive. Right now, they aren't either of those things.

The initial setup was not difficult or complex. It was very straightforward. A company should have too much trouble with the process.

The deployment process was very, very quick as well. There is a collector deployed on our network. We spun that out. You point your log sources at it, you point it at some IP addresses that IBM gives you, and it just works.

We did not use an integrator or consultant for the deployment. We handled it ourselves, with our own staff. Everything was done in-house.

The product is not a cheap solution. it's quite expensive.

We do also pay more in order to use Watson.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

We are just a customer and end-users. We don't have a business relationship with IBM.

We are using the latest version of the solution, as we have the cloud version of the product. Whatever the latest version is, IBM upgrades it automatically. We don't need to worry about that on our end.

In general, I would rate the solution at a seven out of ten. If it were cheaper it might rate a bit higher, however, for the most part, it does what we need it to do.

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. 

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. 

Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

I have been using this solution for five years.

It is absolutely stable. It depends upon how the implementation has been done. We definitely have the skills to do this kind of implementation. We ensure that a customer's environment is absolutely protected.

It is very scalable, but it also depends upon how the implementation was done. We are providing services to one of the major brands in India. They have somewhere around 30,000 devices. We are currently managing more than 1 lakh QRadar users.

QRadar has a good technical team. They provide timely support whenever a ticket is raised.

Deployment of such solutions always takes time because these solutions are not simple. You should have the expertise and you should understand what is really needed for the business. We understand the real business need, and accordingly, we implement the policies.

We have been managing some of the security tools for the past 11 years. We have expert engineers who can help our customers with installation, configuration, planning, designing, and other things.

If you have an environment of 5,000 or 10,000 devices, three to five people should be enough to manage it.

Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for.

I would rate IBM QRadar a nine out of ten.

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.

There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this.

It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors.

There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.

I have been using this solution since 2011.

If the engineers are missing some technical knowledge from IBM documentation, then it might get interesting, but you can always rollback. Usually, when you are implementing innovations, as a system integrator, you usually do less on the test environment, and then you check if this works. If bigger organizations and customers want to do it by themselves, they should really stick to this approach and use a lot of material, community pages, and channels.

There is absolutely no problem with scalability. It works very fine, especially when you are running just clients. It doesn't matter how many variants you have all across the culture. You can practically have different continents. It doesn't matter how many collectors are running. You can easily distribute the current license to multiple users, and all the collectors can upload it without any restrictions.

We have worked with other solutions. Splunk is a long-term trap because it is very expensive, and it gets more and more expensive. It has different times, and it is integrated with different products. When you combine that together with licensing, it obviously fails. You are paying a lot more than QRadar.

LogRhythm has some problems with stability. We were the first partner to do some integrations with LogRhythm, but we had some problems. ArcSight was smaller at the time but not anymore. It is now a competitor. Fortinet is very good for those who are already using some software products from them.

It usually happens within two or three hours, but it also depends on the preparation. If good homework is done, then the initial setup is totally flawless. It is ready very soon. We then try it and wait for maybe a couple of days more. After that, we start fine-tuning, and then we do advanced installations.

For us, such projects usually don't start without any experience with technology and the concepts. When you are buying it, you need to know all the information systems, create a list of tasks and priorities, and understand the use case better. 

A lot of such innovations or implementations initially can be done by one person, two persons, or maybe a team of five dedicated administrators who later on will be using this technology or solution. You need to understand that there are different roles of people who are working with cybersecurity and threat management, such as an analyst, a simple technical maintenance performer, an administrator, a user behavior analyst, etc.

It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. 

The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in doing some kind of new content packs and including data enforcement, etc. When new threats are coming in, you effectively need to adjust. The more complex use cases you have, the more complex the responses will be. You might have different systems or you might be working in different time zones.

When buying, people think that 70% to 80% percent of the initial purchase is the total they are going to spend within next year at this time, and then every next year, they will spend like 20% or 25% on the technical support, maintenance, development of the system, etc. When you are talking about a huge, complex, and central cybersecurity threat management system, it is more likely that you are implementing a document management system and some complex CIP systems, etc. The cost of the license and the cost of the hardware initially can make up around 20%, 30%, or less percent of the total budget that is needed for quality management of such solutions for a longer period of time. 

Some people think that if they buy this for 100,000 pounds or euros, the next year, they can buy just annual subscriptions for 25,000 or 20,000. You may have some internal costs for the license, etc. If you are buying for, let's say, 100,000, you might have to make your budget for 200,000 more, because it needs to have certain people who are doing everything with the solution. You need to train them and send them to the IBM international technology academies and events such as Visor to know about its management and maintenance. You probably also need to do some certification, so you need to go for a course for implementation. A lot of internal work should be done to adjust the solution with other departments, and those other departments usually don't like such central, overseeing, and controlled solution. They, later on, learn that they can get a lot of different, useful reports out of it without doing additional work. 

I would rate IBM QRadar an eight out of ten. Every technology has some weaknesses and strengths. It has a lot of points to improve, but based on everything that we have seen in the market and from other customers, this is, so far, at least in Europe, the best solution.

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

It has improved the way that the organization functions.

The most valuable feature is the searching capability and real-time operational use.

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

I have been using IBM QRadar for two years.

We are using the current version.

Stability is moderate.

We have 15 people using this solution in our organization. Their positions vary from Network Engineers, Security Engineers, and Security Analysts.

It's very scalable.

Technical support is good.

I would rate them a nine out of ten. Their response time is good.

Previously, I did not use another solution.

The initial setup is complex. It's just the nature of the CM tool.

I think that the price is fair, but we can always say that the price could be cheaper.

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house.

I would rate this solution an eight out of ten.