Agent Mode
English

IBM Security QRadar Suite Software: SIEM & SOAR

IBM Security

Reviews from AWS customer

6 AWS reviews

External reviews

48 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Aparecido A.

Analyze Soar Qradar

  • June 28, 2024
  • Review provided by G2

What do you like best about the product?
ease of use and easy interface and easy implementation
What do you dislike about the product?
the layout seems a bit old compared to others
What problems is the product solving and how is that benefiting you?
we are automating the alerts and taking less time to act, thus our incident response becomes faster and more accurate

    Prashanth K.

IBM Security QRadar SOAR

  • May 24, 2024
  • Review provided by G2

What do you like best about the product?
Seamless integration with security and ticketing tools, makes routine work easy

Very flexible customization options
What do you dislike about the product?
Sometimes, workflows end up in errors and have to restart the workflows

Also experiences lagging/slowness sometimes
What problems is the product solving and how is that benefiting you?
QRadar SOAR is helping us deal with daily routine work of raising incidents based on SIEM tool alerts.

With SOAR workflows, it has become very easy to gather required data and provide this data in very structured format to our clients via tickets, all automated to be simple workflows

    Vivek R.

Platform is so Good

  • May 23, 2024
  • Review provided by G2

What do you like best about the product?
Secruity and Platform from IBM is important thing I like about QRadar SOAR
What do you dislike about the product?
sofar nothing, I have been using partially on the Platform
What problems is the product solving and how is that benefiting you?
Providing real-time insights that enhance the detection and remediation of threats.

    Computer & Network Security

IBM SOAR Review

  • May 09, 2024
  • Review provided by G2

What do you like best about the product?
IBM Soar console is very easy to use,we can create any playbook in a very fast approach and if in case we need oem support just raised a ticket and you find almost in the day we have resolution.
What do you dislike about the product?
Some time all playbooks not going in the same direction for which we have configured to acheive the goal.
What problems is the product solving and how is that benefiting you?
Identify the attacks and doing automation base analysis and then blocking the same iocs.

    Retail

Very expensive for what little it offers

  • March 28, 2024
  • Review provided by G2

What do you like best about the product?
Best integration with QRADAR and some other IBM tools
What do you dislike about the product?
Have some bugs our lack the integrations with Trend Micro solutions
What problems is the product solving and how is that benefiting you?
Enrich events

    Information Technology and Services

Qradar soar

  • March 26, 2024
  • Review provided by G2

What do you like best about the product?
This is the great tool to automate and respond on the alerts using playbook which help to identify real incidents and triage alerts.
What do you dislike about the product?
Proper knowledge and guidance needed to setup and maintaining playbook
What problems is the product solving and how is that benefiting you?
Major issue that this is solving is reducing mean time response for alert i.e., saving time .

    Consulting

Great automation and response tool

  • February 24, 2024
  • Review provided by G2

What do you like best about the product?
It is a great security tool to streamline security processes and workflows. It has great automation capabilites which reduces manual work for security operations. It also allows to create custome playbooks and also easily integrates with different security platforms.
What do you dislike about the product?
It is bit complex to work on initially and takes time to get used to with all the feautues.
What problems is the product solving and how is that benefiting you?
It helps to streamline security processes and workflows in our organization. It helps to automate security incdents and reduces manual work for security operations. It helps to create custom playbooks which helps to configure as per our security environment.

    reviewer2284569

Useful for infrastructure, application, and network monitoring

  • February 14, 2024
  • Review provided by PeerSpot

What is our primary use case?

The tool helps with infrastructure, application, and network monitoring.

What needs improvement?

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports.

For how long have I used the solution?

I have been using the product for a year.

How are customer service and support?

The tool's technical support is good.

How was the initial setup?

Implementing IBM Security QRadar is not overly complex.

What's my experience with pricing, setup cost, and licensing?

The product is expensive. We have purchased the perpetual license, but we pay for the support.

What other advice do I have?

I rate the tool a seven out of ten. It is a tough product.

    Ayoub Jaaouani

Useful for threat hunting, investigation, and triage analysis

  • February 14, 2024
  • Review provided by PeerSpot

What is our primary use case?

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

What is most valuable?

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected.

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints.

What needs improvement?

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

For how long have I used the solution?

I have been working with the product for five years.

What do I think about the scalability of the solution?

I rate the tool's scalability an eight to nine out of ten.

How are customer service and support?

Troubleshooting delays have been a recurring challenge. Occasionally, responses take two to three days, leading to escalations. While their website’s knowledge base is commendable, troubleshooting scenarios demand more time. My observation is that they may be understaffed.

Which solution did I use previously and why did I switch?

My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.

Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.

How was the initial setup?

The number of log sources significantly impacts deployment complexity. The process becomes more complicated for environments with 50 log sources compared to those with fewer sources (e.g., 20 or 10).

Each log source requires a connection to IBM, a task that can take several days or hours, depending on its complexity.

On average, the entire deployment process spans six to eight weeks.

What's my experience with pricing, setup cost, and licensing?

The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it.

What other advice do I have?

I rate the overall product an eight out of ten.

    SaiKrishna2

A security solution to manage logs from multiple devices

  • February 12, 2024
  • Review provided by PeerSpot

What is our primary use case?

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

How has it helped my organization?

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

What is most valuable?

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

What needs improvement?

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

For how long have I used the solution?

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

What do I think about the stability of the solution?

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

What do I think about the scalability of the solution?

The solution’s scalability is excellent.

25 users are using this solution.

I rate the solution’s scalability a nine out of ten.

How are customer service and support?

IBM provides good support.We have paid licenses, which come with special performance enhancements.

Which solution did I use previously and why did I switch?


How was the initial setup?

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

Which other solutions did I evaluate?

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

What other advice do I have?

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.

showing 21 - 30