I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region. 

Overall, I rate the solution a seven out of ten.

The tool helps with infrastructure, application, and network monitoring. 

There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports. 

I have been using the product for a year. 

The tool's technical support is good. 

Neutral

Implementing IBM Security QRadar is not overly complex. 

The product is expensive. We have purchased the perpetual license, but we pay for the support. 

I rate the tool a seven out of ten. It is a tough product. 

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected. 

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints. 

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

I have been working with the product for five years. 

I rate the tool's scalability an eight to nine out of ten. 

Troubleshooting delays have been a recurring challenge. Occasionally, responses take two to three days, leading to escalations. While their website’s knowledge base is commendable, troubleshooting scenarios demand more time. My observation is that they may be understaffed.

Neutral

My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.

Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.

The number of log sources significantly impacts deployment complexity. The process becomes more complicated for environments with 50 log sources compared to those with fewer sources (e.g., 20 or 10).

Each log source requires a connection to IBM, a task that can take several days or hours, depending on its complexity.

On average, the entire deployment process spans six to eight weeks.

The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it. 

I rate the overall product an eight out of ten. 

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

The solution’s scalability is excellent. 

25 users are using this solution. 

I rate the solution’s scalability a nine out of ten.

IBM provides good support.We have paid licenses, which come with special performance enhancements.

Positive

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar. That would enhance its effectiveness. Additionally, incorporating features for assessing and improving SOC maturity within QRadar itself would be beneficial, eliminating the need to rely on separate tools for this purpose.

I have been working with IBM Security QRadar for over two years.

We have not had any stability issues with QRadar.

IBM QRadar is scalable to meet the growing needs of our business. As our network expands with additional devices and log sources, QRadar can easily accommodate them. We can also create specific use cases tailored to the nature of each log source.

Our experience with the initial setup of QRadar was smooth because we opted for a managed security solution through our service providers. The installation itself took about one to two hours but integrating various sources, creating use cases, fine-tuning, and enabling logs could take up to two to three months. However, in our enterprise network deployment, we managed to accomplish it within six months.

Implementing IBM QRadar is similar to investing in insurance for our organization's security. While the return on investment may not be immediately tangible, it is crucial for mitigating potential disasters and ensuring our organization's resilience against security threats in the long run.

Overall, I'm satisfied with the value IBM QRadar provides for its price. However, there is room for improvement in terms of including more features with the base license instead of requiring additional licensing fees for each feature or application.

We chose to work with IBM QRadar mainly because it was widely deployed in our country, Pakistan, with no significant presence of alternatives like Splunk or LogRhythm.

IBM Security QRadar has enhanced our threat detection and management processes by providing comprehensive visibility into network traffic and events. With QRadar, we have end-to-end visibility across our network, enabling us to monitor traffic from origin to destination and analyze all relevant logs and events.

IBM Security QRadar stands out with features like advanced analytics and customizable dashboards, making it effective for our security needs. While it shares common features with other SIEM solutions, these unique capabilities have been instrumental in improving our security.

Integration capabilities play a crucial role in enhancing the overall security posture of IBM QRadar. By integrating with various tools like Active Directory, privilege access management, firewalls, and email security appliances, QRadar aggregates logs from different sources. It then utilizes machine learning, artificial intelligence, and custom rules to analyze this data, helping our security operations center make informed decisions and respond effectively to potential threats.

Overall, I would rate IBM QRadar as a seven out of ten. It is a great tool but operating IBM QRadar requires a higher level of technical expertise.

I use IBM Security QRadar in my company as it provides features like SIEM, SOAR, and QNI.

The most valuable feature of IBM Security QRadar stems from the fact that it is a product that is like a complete suite.

The price of IBM Security QRadar is an area of concern where improvements are required. IBM is never known to provide products at a cheap price.

IBM Security QRadar's UI is an area with certain shortcomings where improvements are needed.

In the future, I would like IBM Security QRadar to have a library of adapters or APIs.

The area around recovery time is an aspect of IBM's technical support where improvements are required.

I have been using IBM Security QRadar for more than a year. I use the solution's latest version. My company is in the process of being declared as a golden partner of IBM.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

My company currently deals with around four to five organizations comprising medium to large companies where IBM Security QRadar is used.

The solution's technical support is responsive. The only area where I don't agree with IBM Security QRadar's technical support stems from the lack of proper or defined recovery time, even though their response time is good.

I rate the technical support a seven out of ten.

Neutral

I have experience with Splunk. My company deals with Splunk since we had no choice owing to the fact that one or two customers wanted it.

In the past, I was using open-source products, including solutions like Elastic Security and Wazuh.

My company decided to switch from Wazuh to IBM Security QRadar.

The product's deployment phase can be described as an average one.

I rate the deployment process of IBM Security QRadar a seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product. IBM Security QRadar is an expensive product. A customer gets discounts only when they ask for them from IBM.

The challenge is that if someone submits a request or proposal and finds that the prices of the products our company deals with are too high, we may not even be shortlisted for negotiations. If my company gets shortlisted for the next round, then we get questioned over the high prices.

My company takes care of the maintenance part of the solution for our clients who use IBM Security QRadar in their environments. Nine engineers and one manager take care of the maintenance process of IBM Security QRadar. My company has a lot of certified employees to take care of IBM Security QRadar's maintenance. My company can be considered a powerhouse when it comes to products from IBM.

I recommend the solution to those who plan to use it.

Splunk and IBM are leaders as per Gartner Magic Quadrant. I believe that IBM Security QRadar should be fairly priced for SMEs.

I rate the overall tool an eight out of ten.

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.

The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability.

IBM Security QRadar’s GUI could be improved.

I have been using IBM Security QRadar for 12 years.

I rate IBM Security QRadar ten out of ten for stability.

Around five to ten users are using the solution in our organization.

I rate IBM Security QRadar ten out of ten for scalability.

The solution's initial setup is pretty difficult. I rate IBM Security QRadar a four or five out of ten for the ease of its initial setup.

Based on the size and the number of use cases, the solution's deployment can take three or four days to a few months.

IBM Security QRadar is about 50% less expensive than Splunk. SIEM solutions charge by the amount of data, whether EPS or gigabytes. They directly incentivize you not to put things in it, which doesn't make sense since the goal is to put everything in it. They'd make it where you can't afford to do it.

On a scale from one to ten, where one is cheap and ten is expensive, I rate IBM Security QRadar's pricing a five out of ten.

Overall, I rate IBM Security QRadar a nine out of ten.

I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.

IBM Security QRadar is not hard to implement and administrate. To serve new use cases or do the tuning and allow correlation rules, you may need training since it is necessary to know the solution. With IBM solutions, you need training to know how to use the different features of the solution. IBM needs to provide training to its users to teach them how to use the case manager and how to tune rules.

I have been using IBM Security QRadar since 2020, so I have experience with it for three years. I am a customer of IBM.

It is a scalable solution.

With IBM Security QRadar, my company faced issues with the support we received for the product. Basically, my company faced problems due to the delays or mistakes made by IBM's support team.

I rate the technical support a six out of ten.

Neutral

The solution is deployed on an on-premises model.

For the product's implementation, my company took two months. To implement all log sources, my company took somewhere between three to five months.

IBM Security QRadar is a very expensive tool.

In the future, my company would want the cloud version of the solution and not its on-prem version.

I rate the overall tool a seven out of ten.

The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.

We had enabled federated search. It allows us to search data both on-premises and on the cloud. We can check the functional insights. We use keywords for threat investigation. We use the product mostly for AWS delivery models.

Most people handling QRadar in organizations are IT engineers. They do not have experience with the tool. They read from manual documentation. If there is an emergency to search for details about malware, we need a response team’s help. Sophos has a team called Managed Threat Response. The team conducts investigations in our network. This feature is not available in IBM Security QRadar. They only provide technical support. The product does not have a team for investigating malware.

I have been using the solution for one year.

The tool is stable. SIEM is important for every company. It is needed if any attack occurs.

We deployed the solution for an enterprise business. I rate the scalability of the tool an eight out of ten.

I rate the ease of setup an eight out of ten.

The deployment takes almost half a day. If the environment is good, we can deploy the solution in 25 to 30 minutes. It will be helpful to have people who have knowledge of malware analysis and know specific languages that are relevant to the domain to deploy the tool.

In India, the solution is expensive. Only enterprise businesses can afford the tool. We need more than 3000 people in the organization to use it. We might have to pay for technical support separately.

We use Sophos now. Sophos provides us with a team called MTR. The team analyzes the vulnerabilities in our network. We need to pay separately for it. However, compared to us, they have better product knowledge. This kind of support is not available in QRadar. It will be great if IBM adds these features.

I am using the current version of the solution. We do not have a team to analyze malware. Overall, I rate the product a nine out of ten.