IBM Security QRadar Suite Software: SIEM & SOAR

My main use case for IBM Security QRadar is building a SOC with IBM Security QRadar as a SIEM.

I use IBM Security QRadar in my SOC operations as an information security management, security and event management tool, to correlate events and build use cases for incident response.

My main use case helps us to deep dive into the logs and correlate events from many other products like firewalls, endpoints, and also a lot of products.

The best features IBM Security QRadar offers include vulnerability management, a powerful integration, and being a stable product. The vulnerability management feature helps to build an asset library for our organization, and with integrations, we can integrate this vulnerability with other ticketing systems to discover new vulnerabilities and build a patch management for it.

IBM Security QRadar has positively impacted my organization by allowing me to get offenses and threats into our organization, helping me to discover the real threats attacking our organization. The real threats that IBM Security QRadar helps us with are provided as offenses, real offenses with real examples that allow us to discover new offenses and assist in closing these offenses.

IBM Security QRadar can be improved; perhaps IBM support needs improvement in fast response and also the team response.

I have been using IBM Security QRadar for about nine years.

IBM Security QRadar is stable.

IBM Security QRadar's scalability is great; you can have a new collector to deploy if you have increased EPS per second.

Customer support for IBM Security QRadar needs improvement.

I have not used a different solution before IBM Security QRadar; this is my first use.

I have seen a return on investment; I can share that it includes time saved, money saved, and fewer employees needed.

My experience with pricing, setup cost, and licensing is great compared to the other vendor.

I did not evaluate other options before choosing IBM Security QRadar.

IBM Security QRadar is stable and has great support.

I advise others looking into using IBM Security QRadar that it is really helpful for building a SOC and to get a deep dive into your real threats at the earliest time. I have given this product a review rating of 10.

The use cases are daily monitoring, asset management, asset monitoring, asset health status monitoring, and alert monitoring. That is the current use case of what SIEM  is being used for.

The query search and log fetching are really helpful in IBM Security QRadar  when compared to other tools.

Compared to ArcSight, Splunk, or any other SIEM  tools where you need their processing language such as structured query language, SPL, and in Sentinel  there is KQL query languages, IBM Security QRadar  doesn't require reliance on query languages. There are filters which you can use directly and apply to get the data you want fairly easily.

It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there.

The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial.

The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.

I have been using it for almost nine months.

The solution is extremely stable because it's on cloud. On cloud, you don't see any disconnections or instability. Any solution that is on cloud works really stably.

I am both a customer and we provide service to that.

I never needed to reach out to support because most of the expertise was already available.

I have used ArcSight and parallelly we are using Sentinel . I have also used Wazuh  and Splunk.

There are analytical workspaces where we create automatic ticket creations and automatic email notifications.

I have worked on technologies including Qualys, Group-IB, and QRadar. I have experience with CrowdStrike EDR and Bitdefender. On the EDR front, I have worked on CrowdStrike and Bitdefender. For SIEMs, I work with IBM Security QRadar and Sentinel. For vulnerability assessments, I work with Qualys.

There are no observable benefits on ROI process-wise, workability-wise, or usability-wise.

We chose IBM Security QRadar because we were moving to cloud. Previously it was an on-prem solution. Compared to Splunk and Sentinel, it's much more cost-effective.

IBM Security QRadar is capable of handling much of the market requirements. It's comparable to any other SIEM tool without standing out significantly.

It's fairly open for custom integrations, but it depends on what type of logs we are receiving and what kind of parsing we are getting done. The integrations are totally based on the skill sets if third-party or custom integrations are required.

When it comes to log management, it's fairly easy to manage and the log rotate is really good compared to any standard SIEM tool. It just gets the work done.

I rate IBM Security QRadar an 8 out of 10.

We use IBM Security QRadar  to monitor, and it's our main source of information. It's our main SIEM  platform for our SOC, and we've collected everything on that platform.

We don't use IBM Security QRadar 's Risk Manager; mainly, it was our main tool to collect information and conduct some analytics on logs and events. That's the primary use case we've been utilizing.

The best features of IBM Security QRadar are that it's pervasive. You can have IBM Security QRadar in the dust quite easily, and almost everybody knows the platform. Almost nobody's going to say you bought the wrong SIEM  if you buy IBM Security QRadar.

The integration of third-party technologies with IBM Security QRadar is one of the high points they have. They integrate with almost anybody, anywhere. There's an integrator tool for almost anything. Everybody talks with IBM Security QRadar because they were the SIEM name of the game, at least in this country. So the integration part is one of their key advantages.

Long ago, IBM Security QRadar enabled us to have some analytics pre-thought for us. When we started with our SOC, we used some log collectors and other tools, and IBM Security QRadar gave us the advantage of having some analytics pre-considered for us. However, that was long ago. It has become just a log and events collector and our main repository of security events.

As far as reliability, security, and how it operates, I think it's because they hit first on the market, and then they built upon that, our name alongside the IBM name. Those are the reasons. It's quite awkward to use the platform; it's not intuitive, the learning curve is quite deep, and I really don't understand why it was so pervasive. However, if you have to sell managed security services to some people that use a SIEM, more than half the time you end up with an IBM Security QRadar platform on the other side. The other half you end up with WSO2, at least in Latin America.

I haven't tried IBM Security QRadar's AI and machine learning capabilities for threat detection and response fully enough to evaluate them yet.

We've been building our SOAR  capabilities with other tools, and we haven't used IBM Security QRadar's Analytics Engine for automating SOC tasks.

We are not using it as we used to, and I think that advantage is fading out, particularly after the selling of the product to Palo Alto. We are considering some roadmaps to get out of IBM Security QRadar right now; that's the truth.

We have been using IBM Security QRadar since pre-pandemic; I think maybe 10 to 12 years right now.

I find IBM support to be nice. However, as a former IBMer, I may have had some advantages in getting support because I had some contacts. The support information is correct; you get to the information and access the technical documents you need because the information is there, and they used to care about their product. I don't know how it's going to be once the program is fully under Palo Alto's management.

For the support team, I would rate IBM support an eight, a solid eight. With the support we used to have within IBM, it was good.

Setting up IBM Security QRadar is difficult; it has a deep learning curve for the analysts, and there are several hurdles to handle to get IBM Security QRadar running on your infrastructures. On the other hand, once you connect the dots, they keep sending the information, and you can continue getting those events.

The pricing, setup cost, or licensing with IBM Security QRadar was costly. It was costly mainly for the things we used to use it for. The customers used to pay the price, but it was one of the problems to onboard some people with IBM Security QRadar. It was costly mainly because of the value you can get right now compared to other solutions.

We are thinking about moving outside of IBM Security QRadar ecosystem due to cost and the belief that some functionalities of new SIEM platforms are surpassing IBM Security QRadar. We think they are not keeping pace with SIEM, which makes it harder for them to differentiate their product or compete against others that are cheaper and easier to deploy.

If you had asked me this question five or seven years ago, I would have given it a solid 10, maybe a nine, but today I believe they are losing track of that. The overall rating for IBM Security QRadar is seven out of ten.

We were partners when they were under IBM. We've been in an IBM program of MSSP  for Latin America, so we were partners of IBM Security QRadar when it was within IBM. However, with the selling to Palo Alto this year, we lost that partnership and are now just customers of a reseller.

We operate the platform for our customers. We don't have IBM Security QRadar for our own use.