IBM Security QRadar Reviews

Depending on the organization's needs the solution can monitor different types of security through logs.

I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.

There could be better integration with the solution.

I have been using the solution for approximately three years.

Every solution has some bugs and other issues but for the most part, this solution is stable.

The solution is scalable. The amount of users is dependant on what your needs are. You can have many users having access to the solution. For example, out of a 5,000 person network, you could have five with access to it for security. 

The solution has great support. Whenever we had an issue they were able to give us support within 15 minutes.

The installation was easy but this can depend on what appliances you want to install it on. If it is VMware, then the installation is easy, it took me 30 minutes.

We did use a consultant to do the deployment and we only needed one technician.

The solution is priced fairly, there is a license for the solution, and we pay annually.

I would recommend the solution to others and we plan to continue using it in the future.

I rate IBM QRadar a nine out of ten.

We mostly use the product for PCI compliance.

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

It is generally very stable. We've had odd little breakages, however, generally, nothing major has gone wrong. The performance is good. It's a reliable product.

The scalability aspect of the product is very good. That was one of the reasons that we bought it. If a company needs to expand it, it can do so with relative ease. It's not hard.

Currently, all the members of the tech ops team use the product, and there are five of them.

We may not increase usage; we may switch to something else. That has yet to be determined. It's not set in stone.

We've used technical support in the past and we haven't been satisfied with the level of service on offer.

Trying to get answers out of IBM is like trying to get blood out of a stone. They need to be more helpful and responsive. Right now, they aren't either of those things.

The initial setup was not difficult or complex. It was very straightforward. A company should have too much trouble with the process.

The deployment process was very, very quick as well. There is a collector deployed on our network. We spun that out. You point your log sources at it, you point it at some IP addresses that IBM gives you, and it just works.

We did not use an integrator or consultant for the deployment. We handled it ourselves, with our own staff. Everything was done in-house.

The product is not a cheap solution. it's quite expensive.

We do also pay more in order to use Watson.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

We are just a customer and end-users. We don't have a business relationship with IBM.

We are using the latest version of the solution, as we have the cloud version of the product. Whatever the latest version is, IBM upgrades it automatically. We don't need to worry about that on our end.

In general, I would rate the solution at a seven out of ten. If it were cheaper it might rate a bit higher, however, for the most part, it does what we need it to do.

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. 

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. 

Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

I have been using this solution for five years.

It is absolutely stable. It depends upon how the implementation has been done. We definitely have the skills to do this kind of implementation. We ensure that a customer's environment is absolutely protected.

It is very scalable, but it also depends upon how the implementation was done. We are providing services to one of the major brands in India. They have somewhere around 30,000 devices. We are currently managing more than 1 lakh QRadar users.

QRadar has a good technical team. They provide timely support whenever a ticket is raised.

Deployment of such solutions always takes time because these solutions are not simple. You should have the expertise and you should understand what is really needed for the business. We understand the real business need, and accordingly, we implement the policies.

We have been managing some of the security tools for the past 11 years. We have expert engineers who can help our customers with installation, configuration, planning, designing, and other things.

If you have an environment of 5,000 or 10,000 devices, three to five people should be enough to manage it.

Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for.

I would rate IBM QRadar a nine out of ten.

We are using QRadar as a managed service.

This product helps us to find security incidents before they become a problem to the business. We are able to attend to them quicker and we can put protection in place so that should they occur again, we are able to deal with them more easily.

The most valuable feature is the ease of use.

The modularity could be improved.

We have been using IBM QRadar for three years.

This is a very stable product.

We have had no issues with scalability and we have approximately 1,500 users. We are not using its full capabilities at the moment because we are still growing. In the next year or two, we will see.

I don't deal with IBM directly. Rather, I deal with our service provider and they deal with IBM.

The initial set was very easy for us because we just bought what we were looking for, and not the entire infrastructure.

The company that we subscribe to for this service takes care of the installation, maintenance, and management of it. They give us updates that concern the features we use, so the maintenance doesn't affect us much.

We use QRadar as a managed service and we pay licensing fees to the partner.

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved.

Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

I have been using IBM QRadar for more than two years.

It is a stable product.

It takes two to three people for its management, but it purely depends on the scope of the security operations center, the SOC.

It is scalable. 

It's kind of non-direct user component. It sits under the security operations center, so it won't be visible to the user, but it will be covering devices and users. It can support 100 to 10,000 devices. So it's kind of a back instance.

In terms of plans to increase usage, I'm currently in a management level, so I'm no longer into the directly technical part. But if there is a requirement, IBM QRadar is definitely one of my preferences.

IBM technical support is good.

We were using ArcSight from Micro Focus, but we were having some challenges integrating with the systems, with the APIs, and with the connectors. That's why we moved to IBM.

The initial setup is at an intermediate, medium level. It's not that straightforward, but not that complex either. The only thing is that their licensing model is a bit complex because they charge for a couple of components like EPS and NetFlow, so that kind of licensing charging is a bit tricky. But all in all, it's a medium, not that complex.

I think it was set up within a month. But use-case finalization and other configurations took another month. It's kind of a two to three month project to move to production completely.

Our licensing is yearly. But it's based on Event Per Second, which is one of the models. Storage capacity for log management is also considered with the fees. Licensing is a bit complex in IBM, as well. Different aspects needs to be considered.

I would recommend IBM to others who want to start using it.

On a scale from one to 10, I would rate IBM QRadar a seven.

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

The solution has very good Watson Analyzer integration. It's one of the key differentiators if you compare it to other solutions. 

The solution offers very good BSM support. There's 400 BSM support out of the box. That's a huge advantage. with it, you are actually adding almost all the devices that are available in an IT environment.

This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise. 

You can deploy the solution and leave it. It's very unfussy.

When it comes to deployment, it's very flexible.

Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want. It's very limiting for many. You need that flexibility to deploy on any Intel platform.

IBM doesn't have people in every corner of the world. Oracle, for example, is actively training and certifying people so that companies will have access to local connections. IBM is lacking this, and therefore it can be difficult to get qualified support when a customer needs it. They should try to replicate the Oracle approach to training and certifications.

I've been using the solution for the last three years or so. It's been a while.

The solution is very stable. It's reliable. You don't need to worry about bugs or glitches. It doesn't crash or freeze. It's pretty much a set and forget kind of setup.

The solution scales well. It's stackable, which means you can start small if you want and then just stack more and more. It's perfect for any size of organization, from small to large.

We have sold this solution to six organizations, however, as a whole, we have around 10 customers in Bangladesh. Their sizes vary.

In terms of some of the IBM support we recently have received, we've had some issues. While it should be 24/7 support, sometimes we have to wait an extended period. Our customers have had to wait an extended amount of time - in some case like two or three months. Some support we used to get was from the US team and they were good. However, support from elsewhere isn't really that great, and certainly not up to their level of service.

The initial setup is not complex at all. It's very straightforward.

Since it is coming with a predefined image, anybody can actually deploy this on a VM or ia physical appliance. The deployment is flexible.

A control installation takes four to five hours to initialize the console. After that, deployment is dependant on the customer requirements. However, simply initializing the appliance takes two to four hours depending on the allocated resources, therefore, it's quite quick.

From a product perspective, we have three persons in the product team. However, in the deployment and support team, we have five people. We tend to sell and help implement this product to our customers.

We're using the latest version of the solution.

We are a reseller. We're selling the solution to end customers.

Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing information so that we can have a knowledge-based group so that we can promote the product to more customers.

While I'd recommend the solution, I'd caution that, for any IBM product other than hardware, the local resources are not that great as they are not often available. I can see why some customers are afraid to add this product. It's different from, for example, Oracle, which is doing product training everywhere and is actively certifying people. 

Overall, aside from support issues, we've been happy with the solution. I'd rate the solution nine out of ten.

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

It has improved the way that the organization functions.

The most valuable feature is the searching capability and real-time operational use.

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

I have been using IBM QRadar for two years.

We are using the current version.

Stability is moderate.

We have 15 people using this solution in our organization. Their positions vary from Network Engineers, Security Engineers, and Security Analysts.

It's very scalable.

Technical support is good.

I would rate them a nine out of ten. Their response time is good.

Previously, I did not use another solution.

The initial setup is complex. It's just the nature of the CM tool.

I think that the price is fair, but we can always say that the price could be cheaper.

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house.

I would rate this solution an eight out of ten.

It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases. 

Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.

I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. 

It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.

I have been using this solution for five years. 

You can scale it easily in the cloud with a given deployment topology. We have somewhere around 50 plus users.

IBM is very strong on the technical support side. They have proper support available across different regions. After the implementation is done, the admin within the organization is in touch with IBM technical support for any day-to-day support requirements.

We have been switching for some time between Micro Focus ArcSight and IBM QRadar.

For cloud deployment, you need to go for IBM Bluemix Cloud, and you can deploy easily on a private cloud. You create the stack and use the Bluemix Cloud formation template. If you have the IBM Bluemix Cloud subscription, you can deploy it easily within maybe half a day or one day. You can create all the resources by using the Bluemix Cloud formation template.

For deployment, you need a small team of two or three because it just needs the team to provision the resources on the IBM Bluemix Cloud. For support, we need a bigger team of around 10 plus people.

It is costlier as compared to the other alternatives available in the market.

I would definitely recommend this solution. It is a good solution with good capabilities like integration with CMDB and CVSS score. The dashboard is also really nice. It can help with threat intelligence, and it also has artificial intelligence. It is a futuristic kind of technology because the more AI-driven a product is, the better are the results. We plan to keep using this solution.

I would rate IBM QRadar a seven out of ten.