IBM Security QRadar is primarily used for orchestration, automation, and incident response in my environment.

I use IBM Security QRadar for automation and incident response through a phishing mail playbook, where an employee sends a malicious phishing email to the SOAR inbox, and SOAR automatically generates an incident based on that email. After the incident is generated, we have created an advanced playbook that analyzes and scans the incident artifacts, extracting malicious elements in the notes. Following the identification of malicious content, another playbook sends an email notification about the findings and integrates with firewalls to automatically block the IOCs identified in the email. This is one of several playbooks we have developed.

Regarding my main use case for IBM Security QRadar, I have used most of IBM Security QRadar by integrating it with IBM Security QRadar SIEM, consolidating many IBM Security QRadar SIEM alerts in IBM Security QRadar SOAR. We have created incident types for each IBM Security QRadar alert and handle each incident carefully in IBM Security QRadar SOAR, automating incidents at an advanced level, including the use of a custom SOAR SDK to develop a custom SOAR application to meet client requirements. We have leveraged the potential of IBM Security QRadar SOAR.

The best features of IBM Security QRadar, in my experience, include multiple application integrations available through the IBM App Exchange, and I particularly appreciate the Playbook Designer feature, which allows me to design playbooks on a canvas, making it user-friendly and efficient.

The Playbook Designer in IBM Security QRadar has specifically helped my workflow by allowing the creation of advanced SOAR playbooks, with many sub-playbooks integrated into the main playbook itself. This feature enables me to create great workflows using functions, scripts, and rules tailored to client requirements, and the integration of applications enhances the feasibility of using Playbook Designer while allowing me to expand playbooks as necessary.

IBM Security QRadar has positively impacted my organization by enabling me to mitigate many incidents and reduce manual tasks by up to 40%. I have noticed a decrease in incident response time and a significant reduction in the number of manual tasks performed, leading to more efficient overall operations.

IBM Security QRadar needs to be more user-friendly; the current build is based on basic code and could benefit from updates. Making IBM Security QRadar's interface more intuitive, similar to that of Splunk, would enhance usability. Additionally, improving the installation and deployment processes to minimize setup time compared to other SIEM and SOAR tools is necessary.

I gave IBM Security QRadar a score of six or seven out of ten because it has a very basic interface; the dashboards require extension management for better usability. There should be an effort to build more effective dashboards within IBM Security QRadar itself without relying on additional applications. Additionally, maintaining good compatibility with IBM App Exchange applications is crucial, as IBM Security QRadar SIEM is an older product that would benefit from code updates.

I have been using IBM Security QRadar for more than two years.

For others looking into using IBM Security QRadar, my advice is to first learn IBM Security QRadar SOAR. Training is essential, but IBM Security QRadar SOAR is not overly complicated, and the documentation from IBM's portal is quite good. By learning IBM Security QRadar SOAR first, users can operate it more efficiently and leverage its versatile features, including rules, workflows, and various custom properties. I would rate IBM Security QRadar a score of six out of ten.

We use IBM Security QRadar to monitor, and it's our main source of information. It's our main SIEM platform for our SOC, and we've collected everything on that platform.

We don't use IBM Security QRadar's Risk Manager; mainly, it was our main tool to collect information and conduct some analytics on logs and events. That's the primary use case we've been utilizing.

The best features of IBM Security QRadar are that it's pervasive. You can have IBM Security QRadar in the dust quite easily, and almost everybody knows the platform. Almost nobody's going to say you bought the wrong SIEM if you buy IBM Security QRadar.

The integration of third-party technologies with IBM Security QRadar is one of the high points they have. They integrate with almost anybody, anywhere. There's an integrator tool for almost anything. Everybody talks with IBM Security QRadar because they were the SIEM name of the game, at least in this country. So the integration part is one of their key advantages.

Long ago, IBM Security QRadar enabled us to have some analytics pre-thought for us. When we started with our SOC, we used some log collectors and other tools, and IBM Security QRadar gave us the advantage of having some analytics pre-considered for us. However, that was long ago. It has become just a log and events collector and our main repository of security events.

As far as reliability, security, and how it operates, I think it's because they hit first on the market, and then they built upon that, our name alongside the IBM name. Those are the reasons. It's quite awkward to use the platform; it's not intuitive, the learning curve is quite deep, and I really don't understand why it was so pervasive. However, if you have to sell managed security services to some people that use a SIEM, more than half the time you end up with an IBM Security QRadar platform on the other side. The other half you end up with WSO2, at least in Latin America.

I haven't tried IBM Security QRadar's AI and machine learning capabilities for threat detection and response fully enough to evaluate them yet.

We've been building our SOAR capabilities with other tools, and we haven't used IBM Security QRadar's Analytics Engine for automating SOC tasks.

We are not using it as we used to, and I think that advantage is fading out, particularly after the selling of the product to Palo Alto. We are considering some roadmaps to get out of IBM Security QRadar right now; that's the truth.

We have been using IBM Security QRadar since pre-pandemic; I think maybe 10 to 12 years right now.

I find IBM support to be nice. However, as a former IBMer, I may have had some advantages in getting support because I had some contacts. The support information is correct; you get to the information and access the technical documents you need because the information is there, and they used to care about their product. I don't know how it's going to be once the program is fully under Palo Alto's management.

For the support team, I would rate IBM support an eight, a solid eight. With the support we used to have within IBM, it was good.

Setting up IBM Security QRadar is difficult; it has a deep learning curve for the analysts, and there are several hurdles to handle to get IBM Security QRadar running on your infrastructures. On the other hand, once you connect the dots, they keep sending the information, and you can continue getting those events.

The pricing, setup cost, or licensing with IBM Security QRadar was costly. It was costly mainly for the things we used to use it for. The customers used to pay the price, but it was one of the problems to onboard some people with IBM Security QRadar. It was costly mainly because of the value you can get right now compared to other solutions.

We are thinking about moving outside of IBM Security QRadar ecosystem due to cost and the belief that some functionalities of new SIEM platforms are surpassing IBM Security QRadar. We think they are not keeping pace with SIEM, which makes it harder for them to differentiate their product or compete against others that are cheaper and easier to deploy.

If you had asked me this question five or seven years ago, I would have given it a solid 10, maybe a nine, but today I believe they are losing track of that. The overall rating for IBM Security QRadar is seven out of ten.

We were partners when they were under IBM. We've been in an IBM program of MSSP for Latin America, so we were partners of IBM Security QRadar when it was within IBM. However, with the selling to Palo Alto this year, we lost that partnership and are now just customers of a reseller.

We operate the platform for our customers. We don't have IBM Security QRadar for our own use.

We use the product to customize rules and detect malicious behavior.

The tool's most valuable feature is real-time detection.

The solution is not as flexible as Splunk.

I have been working with the product since 2016.

I haven't contacted technical support yet.

I worked with Splunk before IBM Security QRadar.

The solution's pricing is based on the EPS model.

I prefer Splunk since it gives a lot more freedom and flexibility. I rate the overall solution a six out of ten.

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region.

Overall, I rate the solution a seven out of ten.

The tool helps with infrastructure, application, and network monitoring.

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports.

I have been using the product for a year.

The tool's technical support is good.

Implementing IBM Security QRadar is not overly complex.

The product is expensive. We have purchased the perpetual license, but we pay for the support.

I rate the tool a seven out of ten. It is a tough product.

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

I have been working with IBM Security QRadar for over two years.

We have not had any stability issues with QRadar.

IBM QRadar is scalable to meet the growing needs of our business. As our network expands with additional devices and log sources, QRadar can easily accommodate them. We can also create specific use cases tailored to the nature of each log source.

Our experience with the initial setup of QRadar was smooth because we opted for a managed security solution through our service providers. The installation itself took about one to two hours but integrating various sources, creating use cases, fine-tuning, and enabling logs could take up to two to three months. However, in our enterprise network deployment, we managed to accomplish it within six months.

Implementing IBM QRadar is similar to investing in insurance for our organization's security. While the return on investment may not be immediately tangible, it is crucial for mitigating potential disasters and ensuring our organization's resilience against security threats in the long run.

Overall, I'm satisfied with the value IBM QRadar provides for its price. However, there is room for improvement in terms of including more features with the base license instead of requiring additional licensing fees for each feature or application.

We chose to work with IBM QRadar mainly because it was widely deployed in our country, Pakistan, with no significant presence of alternatives like Splunk or LogRhythm.

IBM Security QRadar has enhanced our threat detection and management processes by providing comprehensive visibility into network traffic and events. With QRadar, we have end-to-end visibility across our network, enabling us to monitor traffic from origin to destination and analyze all relevant logs and events.

IBM Security QRadar stands out with features like advanced analytics and customizable dashboards, making it effective for our security needs. While it shares common features with other SIEM solutions, these unique capabilities have been instrumental in improving our security.

Integration capabilities play a crucial role in enhancing the overall security posture of IBM QRadar. By integrating with various tools like Active Directory, privilege access management, firewalls, and email security appliances, QRadar aggregates logs from different sources. It then utilizes machine learning, artificial intelligence, and custom rules to analyze this data, helping our security operations center make informed decisions and respond effectively to potential threats.

Overall, I would rate IBM QRadar as a seven out of ten. It is a great tool but operating IBM QRadar requires a higher level of technical expertise.

I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.

IBM Security QRadar is not hard to implement and administrate. To serve new use cases or do the tuning and allow correlation rules, you may need training since it is necessary to know the solution. With IBM solutions, you need training to know how to use the different features of the solution. IBM needs to provide training to its users to teach them how to use the case manager and how to tune rules.

I have been using IBM Security QRadar since 2020, so I have experience with it for three years. I am a customer of IBM.

It is a scalable solution.

With IBM Security QRadar, my company faced issues with the support we received for the product. Basically, my company faced problems due to the delays or mistakes made by IBM's support team.

I rate the technical support a six out of ten.

The solution is deployed on an on-premises model.

For the product's implementation, my company took two months. To implement all log sources, my company took somewhere between three to five months.

IBM Security QRadar is a very expensive tool.

In the future, my company would want the cloud version of the solution and not its on-prem version.

I rate the overall tool a seven out of ten.