The use cases are daily monitoring, asset management, asset monitoring, asset health status monitoring, and alert monitoring. That is the current use case of what SIEM is being used for.
IBM Security QRadar Suite Software: SIEM & SOAR
IBM SecurityExternal reviews
48 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
What is our primary use case?
What is most valuable?
The query search and log fetching are really helpful in IBM Security QRadar when compared to other tools.
Compared to ArcSight, Splunk, or any other SIEM tools where you need their processing language such as structured query language, SPL, and in Sentinel there is KQL query languages, IBM Security QRadar doesn't require reliance on query languages. There are filters which you can use directly and apply to get the data you want fairly easily.
What needs improvement?
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there.
The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial.
The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
For how long have I used the solution?
I have been using it for almost nine months.
What do I think about the stability of the solution?
The solution is extremely stable because it's on cloud. On cloud, you don't see any disconnections or instability. Any solution that is on cloud works really stably.
What do I think about the scalability of the solution?
I am both a customer and we provide service to that.
How are customer service and support?
I never needed to reach out to support because most of the expertise was already available.
Which solution did I use previously and why did I switch?
How was the initial setup?
There are analytical workspaces where we create automatic ticket creations and automatic email notifications.
What about the implementation team?
I have worked on technologies including Qualys, Group-IB, and QRadar. I have experience with CrowdStrike EDR and Bitdefender. On the EDR front, I have worked on CrowdStrike and Bitdefender. For SIEMs, I work with IBM Security QRadar and Sentinel. For vulnerability assessments, I work with Qualys.
What was our ROI?
There are no observable benefits on ROI process-wise, workability-wise, or usability-wise.
Which other solutions did I evaluate?
We chose IBM Security QRadar because we were moving to cloud. Previously it was an on-prem solution. Compared to Splunk and Sentinel, it's much more cost-effective.
What other advice do I have?
IBM Security QRadar is capable of handling much of the market requirements. It's comparable to any other SIEM tool without standing out significantly.
It's fairly open for custom integrations, but it depends on what type of logs we are receiving and what kind of parsing we are getting done. The integrations are totally based on the skill sets if third-party or custom integrations are required.
When it comes to log management, it's fairly easy to manage and the log rotate is really good compared to any standard SIEM tool. It just gets the work done.
I rate IBM Security QRadar an 8 out of 10.
Has provided fast deployment with out-of-the-box use cases and improved threat detection through integrated AI tools
What is our primary use case?
In IBM Security QRadar, I used to work for a company that wanted to implement AI, generative AI, to help financials and banks improve their process of software development, including testing for their tools and all the releases they are doing for the improvements of the applications of software on the cloud.
What is most valuable?
IBM Security QRadar's AI and machine learning capabilities for threat detection and response are exceptional, and Q Site is used to create panels and visualizations of software development processes. It's really fast and impressive compared to QuickSight. The detector library contributes significantly to its functionality. The main importance is the releases without any kind of security breaches, and IBM Security QRadar gives the opportunity to improve the time to market of the releases with a great evaluation of cybersecurity breaches. It's currently the top solution in the industry.
What needs improvement?
I assess the integration of third-party technologies with IBM Security QRadar's open architecture as lacking compared with what is available, because there are more genesis and solutions, but nothing compares with AWS cloud solutions. The top integrations happen here. The only difficulty is when integrating with ServiceNow; solutions from Microsoft, Google, Rackspace are really complex to integrate with ServiceNow, but Amazon is easier than other solutions.
I'm talking about IT Operation Management or hardware as management, DevOps or SecOps of ServiceNow, and those are really complex use cases to integrate with third parties, but Amazon does it better.
Overall, I would rate IBM Security QRadar an 8.5, because it depends on the use case, but there should be more focus on small and medium businesses, especially given the number of FinTechs and entrepreneurs in Mexico that require easier solutions with less budget. AWS Cloud is amazing for macro projects on software development, but it needs to be more accessible for SMBs, which is why I give it an 8.5; there's room for improvement in that area.
For how long have I used the solution?
With AWS as a cloud provider, I used to work for a company that implements solutions for AWS cloud solutions.
How are customer service and support?
I would rate their customer service or technical support as the best in Mexico. The only issue is the language barrier sometimes, because customer support services are used from India, and that can be challenging. While I speak English, it's difficult to understand some accents. However, besides that, local support in Mexico has people ready to provide level one, level two, and level three support. When something complex arises, the ticket gets transferred to India or to third parties not in Mexico, but it's very difficult to scale a ticket that far. The customer support located in Mexico speaks Spanish and they help to resolve issues, depending on the agent.
How would you rate customer service and support?
Neutral
How was the initial setup?
For the initial setup of IBM Security QRadar, you need to have the right people, but if you are a newbie to these kinds of solutions and want to do out-of-the-box implementations, Amazon provides out-of-the-box use cases that you can implement immediately, and the personalization is easy to accomplish.
What was our ROI?
In terms of return on investment, I have worked on exercises where the payback occurs within three or four months, which is very good for a cloud solution because implementation cycles can be really long. AWS gives the chance to implement a solution out of the box with use cases that are already in IBM Security QRadar. Solutions such as Q Business, Q Site, QuickSight are already out of the box, so implementing and configuring a use case takes about two to three months, with the payback being almost immediate.
What's my experience with pricing, setup cost, and licensing?
The pricing for IBM Security QRadar is not the best, but it's not the worst. It depends on how much you want to spend. The last time I worked with this technology was in 2023. The pricing reflects how much you want to spend for the results you want to have. If you want the best of the best, you go to AWS Cloud.
What other advice do I have?
I rate IBM Security QRadar 8.5 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
User-friendly interface facilitates quick adaptation and effective threat response
What is our primary use case?
For incident investigating, IBM Security QRadar is used for logs and management. We get all the traffic from there, which gets logged in our system, and then we investigate it.
What is most valuable?
There are many things I appreciate about IBM Security QRadar. I haven't used any other SIEM before IBM Security QRadar, so for me, it is perfect. Sometimes it takes time to load queries, but other than that, it performs excellently.
I would assess IBM Security QRadar's AI and machine learning capabilities as very helpful for threat detection and response. You have to fine-tune it sometimes with your own investigation, as sometimes they give false alerts about our system.
You have to put your own exceptions inside it, and then they won't give you another ticket about those false incidents.
What needs improvement?
Sometimes it takes time to load queries, but other than that, it performs excellently.
For how long have I used the solution?
Personally, I have been using IBM Security QRadar for four months, but my company has been using it for three years.
How are customer service and support?
I would rate their support an 8.5 with IBM. The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it. If there is something bad going on or something faulty with IBM Security QRadar, when you reach out to them, they reply in 10 to 20 minutes.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I haven't used any other SIEM before IBM Security QRadar.
What other advice do I have?
I deal with products such as IBM or Elastic solutions. I have experience with IBM Security QRadar, but not with Elastic; however, we are trying to get into Elastic.
We use many different cloud providers as our main cloud provider. AWS is one of those. We did not purchase the IBM Security QRadar product through AWS Marketplace; that's handled by our IT team.
I work in a dealership industry, specifically in home hardware. It is easy to use; I wasn't familiar with it, but after getting one-on-one training with my senior, I was able to use it very efficiently and learned it quickly.
We use IBM Security QRadar's Risk Manager, but I don't use it directly as it's related to my senior. I investigate it, but those procedures are based on my senior's decisions. I have not used IBM Security QRadar's analytics engine for automating SOC tasks.
The integration of third-party technologies with IBM Security QRadar's open architecture is good; it integrates with other solutions efficiently. I have used it with many different platforms such as SentinelOne and ExtraHop, and it integrates effectively.
My company are customers with IBM. The overall rating for IBM Security QRadar is 9 out of 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
A scalable and easy-to-deploy incident management tool that provides good support
What is our primary use case?
The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.
What is most valuable?
We had enabled federated search. It allows us to search data both on-premises and on the cloud. We can check the functional insights. We use keywords for threat investigation. We use the product mostly for AWS delivery models.
What needs improvement?
Most people handling QRadar in organizations are IT engineers. They do not have experience with the tool. They read from manual documentation. If there is an emergency to search for details about malware, we need a response team’s help. Sophos has a team called Managed Threat Response. The team conducts investigations in our network. This feature is not available in IBM Security QRadar. They only provide technical support. The product does not have a team for investigating malware.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
The tool is stable. SIEM is important for every company. It is needed if any attack occurs.
What do I think about the scalability of the solution?
We deployed the solution for an enterprise business. I rate the scalability of the tool an eight out of ten.
How was the initial setup?
I rate the ease of setup an eight out of ten.
What about the implementation team?
The deployment takes almost half a day. If the environment is good, we can deploy the solution in 25 to 30 minutes. It will be helpful to have people who have knowledge of malware analysis and know specific languages that are relevant to the domain to deploy the tool.
What's my experience with pricing, setup cost, and licensing?
In India, the solution is expensive. Only enterprise businesses can afford the tool. We need more than 3000 people in the organization to use it. We might have to pay for technical support separately.
Which other solutions did I evaluate?
We use Sophos now. Sophos provides us with a team called MTR. The team analyzes the vulnerabilities in our network. We need to pay separately for it. However, compared to us, they have better product knowledge. This kind of support is not available in QRadar. It will be great if IBM adds these features.
What other advice do I have?
I am using the current version of the solution. We do not have a team to analyze malware. Overall, I rate the product a nine out of ten.
showing 1 - 4