I’m working with the on-prem version of IBM Security QRadar. We initially deployed it with the help of IBM’s professional services for a client, but now we handle deployments ourselves. The process is quite straightforward for us because we gained knowledge from our first implementation and used the available documentation. Deployment takes a couple of hours the first time, including configuration and integration with third-party devices. I usually work with a colleague, so two people handle the deployment. Our environment is well-suited for this, and we’re using it on a virtual appliance. The experience has been smooth and efficient.

We are promoting QRadar to various financial institutions, including banks and microfinances, as a superior option compared to other vendors like Fortinet. While some institutions are using other solutions, we are encouraging them to switch to QRadar for better security.

We monitor tweets and other activities on the IBM Security QRadar portal. Once, we noticed unusual traffic patterns, like tweets triggering alerts, and we blocked that traffic. We also detected some security issues on the APM through the portal, which was a great experience. As for integration, we’ve successfully integrated QRadar with other security products like Cisco, Fortinet, and Check Point. Initially, we worked with IBM’s professional services to guide us through the integration process, and after that, we were able to follow their steps to integrate third-party devices ourselves.

QRadar has a significant impact on operational costs for clients. For example, we’re recommending QRadar to several banks due to its effectiveness in handling high traffic and preventing scams. The banks we’ve worked with are very satisfied and are encouraging others to deploy QRadar as well.

I think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems.

In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption.

I have been using IBM Security Qradar for last one years.

As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money.

Overall, I would rate IBM QRadar as a ten.

Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.

The most valuable feature of the solution is its ability to rectify a situation involving any anomalies expeditiously.

I am dealing with the tool from an arm's length. I am not sitting right in the middle of things in my position. I work in the sales position,and as far as sales marketing is concerned, I am not qualified to speak about what needs improvements in the tool.

IBM is in there with the client, and they pretty well have them covered in a lot of different areas. If the customers are doing their job and they are running the business the way they ought to, then IBM is in a position to do a good job for most of the clients. Communication between the silos sometimes becomes an issue, making it an area where improvements are required.

I have been using IBM Security QRadar since 2015 or 2016.

The solution's stability is pretty good. The tool has been there in my company over a long period of time. It is a solid product. IBM doesn't produce junk, and if it does, then such tools are taken off the market pretty quickly.

Scalability-wise, I rate the solution an eight out of ten.

The tool is used by government contractors who are our clients.

The tool offers plug-and-play options, and it does not even involve APIs, making it pretty easy.

IBM Security QRadar's interface is useful. The product is highly competitive. Though Splunk has become a standard tool, IBM Security QRadar is still out there even though it is not number one.

I rate the technical support an eight out of ten.

The main difference between Splunk and IBM is that the former one is on the edge in terms of innovation, but the latter one is not that good. Compared to IBM Security QRadar, IBM X-Force is good.

On a scale of one to ten, if ten means easy, I rate the product's initial setup phase as an eight.

As long as you have your policies and if they all relate to security and other areas like infrastructure, then the rules are pretty easy to feed into the product.

The time needed for the product's deployment phase depends on how the entity, the client, has its policies and rules set up. I don't want to say the tool is like a plug and play product because nothing really is in today's market. The tool offers ease of use and integration. I rate the tool a seven to eight for the ease of use and integration it offers.

The tool's ability to redeploy resources, like manpower, is about the same as that of other competitors. The benefit the tool offers is the protection and the ability to act on whatever the situation might be quickly, efficiently and terminate whatever is happening. The tool is useful to the bottom and helps with the remediation part.

The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace. The marketplace right now is being set by Splunk, which offers a pretty good deal if someone wants it. As a matter of fact, I would say that out of who we are working with right now, Splunk is the major one.

Speaking of how the tool handles real-time threat management in our specific industry, I would say that for our company's services, which are used with Crows Nest Software, we face the product as per the policies and rules that are set up within an entity or a client. For instance, if we see an anomaly, like if I send you an email, and we are within the same company, or I am within this ABC company, and you are external to it. If I am sending you information that I am not allowed to send outside of the company, what happens is we can either stop it ourselves, especially if that is what the instructions are through the policy, or if the client says, then we send such information to IBM Security QRadar and as per the instructions and policy, they can terminate it or do what they will with it after it is terminated.

Speaking about how anomaly detection has impacted security operations, if I consider it from a dollars and cents point of view, I would say that if I am sending you something that is intellectual property and they stop it, it is like you can put a price tag on it after it is leaked, but prior to it, things could seem hard. For instance, if I am a nefarious individual in a company, then in most cases, I would be sending information outside of the organization to somebody who is in the government or serves as a contractor of a nation or a state. They can then take such information and build whatever they want as far as the competition is concerned and be in the competitive marketplace with my product. Such instances happen all the time with government contractors. When I say government contractors, they are those who deal in military hardware development, and, for that matter, they may be involved in a business revolving around air conditioners. In the market concerning air conditioners, there might be someone who has perfected a new way of pulling moisture out of the air and making it into ice cream, which may seem ridiculous.

In the tool, the rules are really external. The good rules are external, and when I say that, it means it goes with the development of your security policies or your policies in general as they relate to security. When sitting down with the client, to be honest, what happens is that if they are installing something like this and they are developing rules and policies to go with it, it acts as an eye-opener for a lot of folks. With some companies, we classify data according to what we are able to pull. Suppose it is data that we have been given access to. In that case, we can determine and produce how it is in a snapshot over a two-week period and sit down with a client or somebody like a consultant firm to help in the area of BPM or something that can be like a spin-off of KPMG, and they do an excellent job of working with us. To prepare policies and rules, and those can be easily, you know, migrated or installed into any product, like Splunk and IBM Security QRadar.

IBM offers Watson for machine learning and artificial intelligence. I feel IBM has done a pretty good job with it.

We have partnered with various groups and companies that enhance their products, and we are continuing to do that. Since we utilize machine learning and AI from the start, we are well-versed in both areas. Additionally, we are working on something innovative with blockchain, as well as collaborating with another company focused on classification. There are companies on the periphery that specialize in the classification of various things, and they do tasks we don't handle on the front end. They provide us with information, and we share it, enabling us to interface more effectively with platforms like Splunk, QRadar, or others.

I rate the tool an eight out of ten.

I think that the main weakness is the tool's architecture. The tool still provides a secured analytic application, although we have heard for many years that the solution is going to move to a container kind of architecture, which ArcSight, for example, made years ago. IBM Security QRadar's analysis part is sometimes a bit buggy. The interfaces sometimes could give users an inconsistent experience because different developers wrote several different GUIs at different times. Sometimes, the user experience is not so consistent. There were outdated areas of IBM Security QRadar, but you can still find some rudimentary parts that could sometimes be a weakness.

What my company misses at the moment revolves around the fact that the tool had a great feature around risk management, which the tool deprecated several years ago, and I think that it could be helpful in the present. The tool's user and entity behavior analytics application could be improved significantly because our recent experience shows that it is still kind of useless, but the customers and we also need it. More artificial intelligence and machine learning will be helpful in the tool.

I have been using IBM Security QRadar since 2012. My company is a customer, a partner, and a reseller of IBM.

The solution's technical support works, but sometimes, it can take quite a long time to get a solution from technical support. Generally, we are satisfied because we just understand how it works and that you shouldn't expect much from the technical support. It is not so bad, but sometimes it could be longer than you can expect. I rate the technical support a six to seven out of ten.

My company has not worked with any other products before IBM Security QRadar. In our organization, we used different SIEM solutions, specifically ArcSight, FortiSIEM, and Rapid7. We repeatedly returned to IBM Security QRadar and didn't continue with any of its competitors.

I think the pricing is quite flexible. As a reseller, we had chances to win bids with IBM Security QRadar against Splunk, ArcSight, and even McAfee with better pricing around six or seven years ago. We won the deals with better pricing. Pricing could be flexible. It could depend on the number of assets used by the enterprise or on the number of events per second, allowing customers to choose what fits him or her the best.

My company is looking for different products in the market since we are upset with the recent news about the deal between IBM and Palo Alto. I think the deal doesn't touch the on-premises IBM Security QRadar, and both companies have only agreed to give Palo Alto the authorization for the cloud version, making it a reason why we continue to use the on-premises version.

I am generally satisfied with the product.

Considering that there is still room for improvement and that the vendor could improve it to be made faster than it is at the moment, it is still a good product.

I rate the tool an eight out of ten.

We use the product to customize rules and detect malicious behavior.

The tool's most valuable feature is real-time detection.

The solution is not as flexible as Splunk.

I have been working with the product since 2016.

I haven't contacted technical support yet.

I worked with Splunk before IBM Security QRadar.

The solution's pricing is based on the EPS model.

I prefer Splunk since it gives a lot more freedom and flexibility. I rate the overall solution a six out of ten.

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region.

Overall, I rate the solution a seven out of ten.

The tool helps with infrastructure, application, and network monitoring.

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports.

I have been using the product for a year.

The tool's technical support is good.

Implementing IBM Security QRadar is not overly complex.

The product is expensive. We have purchased the perpetual license, but we pay for the support.

I rate the tool a seven out of ten. It is a tough product.

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected.

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints.

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

I have been working with the product for five years.

I rate the tool's scalability an eight to nine out of ten.

Troubleshooting delays have been a recurring challenge. Occasionally, responses take two to three days, leading to escalations. While their website’s knowledge base is commendable, troubleshooting scenarios demand more time. My observation is that they may be understaffed.

My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.

Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.

The number of log sources significantly impacts deployment complexity. The process becomes more complicated for environments with 50 log sources compared to those with fewer sources (e.g., 20 or 10).

Each log source requires a connection to IBM, a task that can take several days or hours, depending on its complexity.

On average, the entire deployment process spans six to eight weeks.

The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it.

I rate the overall product an eight out of ten.

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

The solution’s scalability is excellent.

25 users are using this solution.

I rate the solution’s scalability a nine out of ten.

IBM provides good support.We have paid licenses, which come with special performance enhancements.

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

I have been working with IBM Security QRadar for over two years.

We have not had any stability issues with QRadar.

IBM QRadar is scalable to meet the growing needs of our business. As our network expands with additional devices and log sources, QRadar can easily accommodate them. We can also create specific use cases tailored to the nature of each log source.

Our experience with the initial setup of QRadar was smooth because we opted for a managed security solution through our service providers. The installation itself took about one to two hours but integrating various sources, creating use cases, fine-tuning, and enabling logs could take up to two to three months. However, in our enterprise network deployment, we managed to accomplish it within six months.

Implementing IBM QRadar is similar to investing in insurance for our organization's security. While the return on investment may not be immediately tangible, it is crucial for mitigating potential disasters and ensuring our organization's resilience against security threats in the long run.

Overall, I'm satisfied with the value IBM QRadar provides for its price. However, there is room for improvement in terms of including more features with the base license instead of requiring additional licensing fees for each feature or application.

We chose to work with IBM QRadar mainly because it was widely deployed in our country, Pakistan, with no significant presence of alternatives like Splunk or LogRhythm.

IBM Security QRadar has enhanced our threat detection and management processes by providing comprehensive visibility into network traffic and events. With QRadar, we have end-to-end visibility across our network, enabling us to monitor traffic from origin to destination and analyze all relevant logs and events.

IBM Security QRadar stands out with features like advanced analytics and customizable dashboards, making it effective for our security needs. While it shares common features with other SIEM solutions, these unique capabilities have been instrumental in improving our security.

Integration capabilities play a crucial role in enhancing the overall security posture of IBM QRadar. By integrating with various tools like Active Directory, privilege access management, firewalls, and email security appliances, QRadar aggregates logs from different sources. It then utilizes machine learning, artificial intelligence, and custom rules to analyze this data, helping our security operations center make informed decisions and respond effectively to potential threats.

Overall, I would rate IBM QRadar as a seven out of ten. It is a great tool but operating IBM QRadar requires a higher level of technical expertise.

I use IBM Security QRadar in my company as it provides features like SIEM, SOAR, and QNI.

The most valuable feature of IBM Security QRadar stems from the fact that it is a product that is like a complete suite.

The price of IBM Security QRadar is an area of concern where improvements are required. IBM is never known to provide products at a cheap price.

IBM Security QRadar's UI is an area with certain shortcomings where improvements are needed.

In the future, I would like IBM Security QRadar to have a library of adapters or APIs.

The area around recovery time is an aspect of IBM's technical support where improvements are required.

I have been using IBM Security QRadar for more than a year. I use the solution's latest version. My company is in the process of being declared as a golden partner of IBM.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

My company currently deals with around four to five organizations comprising medium to large companies where IBM Security QRadar is used.

The solution's technical support is responsive. The only area where I don't agree with IBM Security QRadar's technical support stems from the lack of proper or defined recovery time, even though their response time is good.

I rate the technical support a seven out of ten.

I have experience with Splunk. My company deals with Splunk since we had no choice owing to the fact that one or two customers wanted it.

In the past, I was using open-source products, including solutions like Elastic Security and Wazuh.

My company decided to switch from Wazuh to IBM Security QRadar.

The product's deployment phase can be described as an average one.

I rate the deployment process of IBM Security QRadar a seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product. IBM Security QRadar is an expensive product. A customer gets discounts only when they ask for them from IBM.

The challenge is that if someone submits a request or proposal and finds that the prices of the products our company deals with are too high, we may not even be shortlisted for negotiations. If my company gets shortlisted for the next round, then we get questioned over the high prices.

My company takes care of the maintenance part of the solution for our clients who use IBM Security QRadar in their environments. Nine engineers and one manager take care of the maintenance process of IBM Security QRadar. My company has a lot of certified employees to take care of IBM Security QRadar's maintenance. My company can be considered a powerhouse when it comes to products from IBM.

I recommend the solution to those who plan to use it.

Splunk and IBM are leaders as per Gartner Magic Quadrant. I believe that IBM Security QRadar should be fairly priced for SMEs.

I rate the overall tool an eight out of ten.