For incident investigating, IBM Security QRadar is used for logs and management. We get all the traffic from there, which gets logged in our system, and then we investigate it.

There are many things I appreciate about IBM Security QRadar. I haven't used any other SIEM before IBM Security QRadar, so for me, it is perfect. Sometimes it takes time to load queries, but other than that, it performs excellently.

I would assess IBM Security QRadar's AI and machine learning capabilities as very helpful for threat detection and response. You have to fine-tune it sometimes with your own investigation, as sometimes they give false alerts about our system.

You have to put your own exceptions inside it, and then they won't give you another ticket about those false incidents.

Sometimes it takes time to load queries, but other than that, it performs excellently.

Personally, I have been using IBM Security QRadar for four months, but my company has been using it for three years.

I would rate their support an 8.5 with IBM. The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it. If there is something bad going on or something faulty with IBM Security QRadar, when you reach out to them, they reply in 10 to 20 minutes.

Positive

I haven't used any other SIEM before IBM Security QRadar.

I deal with products such as IBM or Elastic solutions. I have experience with IBM Security QRadar, but not with Elastic; however, we are trying to get into Elastic.

We use many different cloud providers as our main cloud provider. AWS is one of those. We did not purchase the IBM Security QRadar product through AWS Marketplace; that's handled by our IT team.

I work in a dealership industry, specifically in home hardware. It is easy to use; I wasn't familiar with it, but after getting one-on-one training with my senior, I was able to use it very efficiently and learned it quickly.

We use IBM Security QRadar's Risk Manager, but I don't use it directly as it's related to my senior. I investigate it, but those procedures are based on my senior's decisions. I have not used IBM Security QRadar's analytics engine for automating SOC tasks.

The integration of third-party technologies with IBM Security QRadar's open architecture is good; it integrates with other solutions efficiently. I have used it with many different platforms such as SentinelOne and ExtraHop, and it integrates effectively.

My company are customers with IBM. The overall rating for IBM Security QRadar is 9 out of 10.

Most of the use cases are based on MITRE ATT&CK, such as phishing email, DDoS attack, privilege escalation, all MITRE ATT&CKs with scanning the environments, using suspicious activity internal to our network. We have thousands of use cases covering different domains at network levels.

We have use cases covering security controls and firewalls. We also have use cases that cover Active Directory, server events, and Citrix. Because we are working in a telecom company, we are covering 5G and 4G logs.

The aggregations are valuable when creating use cases with aggregations, which is beneficial for us.

For automation, we are using multi-platform solutions. We have FortiSOAR and IBM Resilient for IBM Security QRadar orchestration. We integrate with both IBM Security QRadar and ArcSight, as we are working with customers who use both systems.

IBM Security QRadar has some areas for improvement. We have missed some DSM components. We need to customize logs where there is no DSM or connector for certain products.

We can integrate but we have missed the DSM, which is the connector to pass logs coming from different applications. For example, with a university customer, we tried onboarding Canvas service. IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.

We have been using the solution for around five years.

The deployment is straightforward and easy for both installation types: standalone console, all-in-one, or in distribution modes.

Currently, it is very stable.

For EPS license, if you increase or exceed the EPS license, you cannot receive events and IBM Security QRadar comes with this server. This issue existed previously when exceeding the limit for EPS license.

The customer service experience is mixed. For critical issues, they provide L1 support rather than expert support initially. The L1 support follows standard steps before escalating to the development team or expertise team. In critical situations, this process can be problematic. Support needs to understand the issue first, then escalate it to the engineering team. The engineering team then sends an appointment meeting about the issue. This process can result in outages lasting three to four hours.

Neutral

I have been in the cybersecurity field since 2012. I have experience with many cybersecurity products including IBM Security QRadar, Splunk, SOAR, IBM Resilient SOAR, Phantom, and various security controls and products.

ROI calculation is more applicable when using SOAR rather than SIM. In SIM, you don't have functions or enrichment to check if an IP is malicious or different reputations or websites. With SOAR, you can calculate ROI. For example, when an analyst receives alerts on IBM Security QRadar Offense, they would typically take 10 to 15 minutes to check an IP in VirusTotal, AbuseIPDB, TotalVirus, and other sources. With SOAR, the workflow takes one minute or less to complete the analysis.

When comparing with Splunk, IBM Security QRadar's cost is reasonable. Splunk is more expensive than IBM Security QRadar.

We have machine learning for User Behavior Analytics (UBA), but IBM Security QRadar does not have AI connectors or integration with ChatGPT. Some SOARs are working with AI, such as FortiSOAR, which has chatbot and AI integration with ChatGPT to create playbooks, assist analysts in exporting reports, and provide recommendations for alert responses.

This implementation process receives a rating of six. In UAE, we have strict restrictions regarding compliance, particularly NIST compliance. Most companies should have local LLM, not public. Most SIM solutions or SOAR don't have the capability to build or need custom connectors for using AI with internal LLM, rather than cloud-based solutions ChatGPT or Gemini. Overall, I would rate IBM Security QRadar an eight out of ten.

Neutral

I use it daily because it's shared as a log alert, and we have a security operations center. Every now and then, and almost every day, there are some alerts. I utilize it every day, twenty-four by seven, as you can see.

Actually, the dashboard is very good. The dashboard is easy to use and easy to understand what's going on and what the alerts mean. It's very user-friendly, I would say. So far, it's very good. Recently, I faced an incident, a cyber incident, and it was detected in real time. It correlates well with other solutions. I have EDR, vulnerability, and IPS, and it shows useful findings for root cause analysis.

There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

I have been working with the product for the last four months.

The product has been stable so far. I didn’t face any issues after deployment. I haven't encountered any software deployment issues, although I have only used it for four or five months. I might face issues after a year, two years, or with a major release or software update.

I am satisfied with the scalability. It depends on my budget. How much I spend on licensing size is up to me.

I received very good support, possibly due to a good relationship with IBM. I don't know about other companies, but I am happy with the support.

Positive

Previously, I had another SIM before IBM brought it up, but I couldn't correlate with different solutions. Now it saves me at least one hour, sometimes up to three hours. I used Micro Focus, which I think was acquired by another company, possibly OpenText. The ownership changed. I am very satisfied with Qradar compared to OpenText. It's superior. I am not sure which one is best, but so far it is. My people had good training and needed to invest time to get good results.

The initial setup was very difficult. I needed help from the local partner and expert users. Without expert users, it's challenging to deploy.

Assistance from the support system is always needed.

It's still very early, but I have saved significant damage. Investing this amount was very much worth it for my organization.

The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I know.

My advice is to understand your infrastructure first. Assess the size before sending any protocol requests or RFPs to adjust licensing costs. You may procure licenses less or more than needed, impacting finances. Analyzing your infrastructure is crucial, considering the logs and security issues you will set. Trained personnel are necessary. Without them, usage is challenging. Overall, the product rating is eight out of ten.

I have experience with Centimeters solutions, one of which is Microsoft Sentinel. I often confuse the names, but I mean Sentinel. I also have experience with QRadar. In the past, I worked with Elasticsearch. I have generally configured some integrations, for example, between QRadar and other production environments for sending custom logs, though not all of them. I have been doing this for about two to three years. Usually, devices do not send CF in syslog or CS format logs, so we often troubleshoot on a Vural collector. Sometimes a device does not send the packet to a local collector, and we troubleshoot from the local collector's side. My colleagues and I generally use this management for production. I have integrated some network and security devices to send logs. In Turkey, there are regulations by the government that require collecting Internet traffic from VDS users. We need encryption on each log on QRadar. I focus on setting up this configuration. Our customers use Cisco StealthWatch, formerly known as NDR solutions, and we integrated these logs with QRadar and StealthWatch because we prefer not using all of them on NDR solutions. We send specific logs from StealthWatch. This integration is basic, not advanced, though there are some easy API integrations for communication between devices.

I think there is room for improvement with correlations in QRadar, especially in terms of customer logs. We receive logs from different types of devices and need a way to correlate them effectively. This would help identify critical or high-priority alarms in QRadar. Perhaps we are missing parameters in QRadar and need to double-check to enhance functionality.

I have used the solution for approximately two to three years.

We sometimes experience downtime, but it depends on the version. There is some variability.

Our partners in Turkey support QRadar integration because our team does not manage all aspects. We usually rely on local partners for support. They assist with advanced issues, such as hardware or other problems, that are not part of standard operations.

Positive

All technologies are advancing towards AI integration. It is essential to integrate AI capabilities into devices to keep pace with future technologies and integrations. We should configure AI technologies in these products, though we currently lack experience and information. My overall rating for this solution is nine out of ten.

One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar.

The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.

I have been using IBM Security QRadar for three years. I use the solution's latest version.

Stability-wise, I rate the solution a seven out of ten.

It is a scalable solution. With respect to threat intelligence platform integration with locally developed software solutions, IBM works on and provides certain sorts of APIs. The tool also leads to advancement in threat intelligence, which could be beneficial during product deployment.

My company has an unlimited number of user versions. Basically, it does not depend on the number of users. It basically works on events per second. We already acquired unlimited EPS on our IBM QRadar.

I rate the scalability an eight out of ten.

We have two teams using the tool. If you talk about engineering, we have five to ten people on the engineering side who look after the administration. There are also twenty-four hours and seven weeks of managed SOC services catering to the needs of twenty people in each shift. We pursue the principle of following the sun, so you can say the managed SOC services are used in three shifts.

My company is only using IBM.

We didn't face any difficulty in the deployment process. The strategy we follow in the deployment is a phased approach. Initially, we deployed the workspace, and then we moved to routers and hardware-related things. In phase two, we start integrating the tool with business applications.

The solution is deployed on an on-premises version.

The solution can be installed for the initial configuration and settings in around three to four hours or five hours. Asset onboarding varies. Through assets, we integrate very quickly, like switches and data, with instances where no approval is required. Other typical assets like this are applications where certain views we have to create certain views in order to create our fetch logs. It all depends from application to application.

Three or four people are required to install the tool. Actually, we have a team and deployed the tool with five people. Two people did installations, and two people are supporting, and getting the required things or approvals would be done. You can say it is normally a team of five engineers. They actually take part in maintenance, too. Actually, we divided it into two phases, like team deployment and implementation. One has a team of engineers with whom we are involved with the deployment and installation. Another is the SOC team, which is responsible for monitoring logs on IBM Security QRadar.

IBM solutions are always expensive, as it offers some industry-leading solutions, which is why we have implemented them. Now, locally developed and open-source solutions like Wazuh are available. Certain organizations are deploying the solutions. We receive no cost-benefit from IBM. It is an expensive solution, and we have to incur these costs.

The tool's price is high. Our company faces pricing-related challenges with locally available products and other offerings like Splunk and Wazuh. In addition, there is a need to pay the tool's standard licensing fee. We outsource our SOC operations, so such expenses are in addition to the deployment.

After going through the different reviews over the internet, we found out that IBM is a leader, and we also did a study of the various banks in Pakistan and internationally to find what products they use. After comparing these banks, international banks, and locally made products, we decided to go for IBM.

IBM Security QRadar enhances threat detection and incident response in our specific industry. The threat intelligence is somewhat different in Pakistan. We also have to deploy other open-source solutions and integrate them with the new system. We have IBM X-Force, and the solution provides threat intelligence releases for global incidents. Basically, we have CTM360, which helps with the threat intelligence part. We are actually using both with the solution. I think IBM X-Force complements our challenges, but it is not up to the mark we require. We have to collaborate with different solutions as well with CTM360.

The tool's anomaly detection was useful with respect to application integration. We use a use case where we recently implemented the tool with respect to business applications where we define a rule set, and the system perfectly identifies and triggers an event against the rule set we define, so it is related to business applications. Our use cases are related to the event. An incident was caused a couple of days ago due to the Log4j vulnerability. For such vulnerabilities, the use case will also be helpful.

It is easy to integrate with different solutions or different databases like MySQL and Oracle. It has the edge over other solutions, like open-source solutions like Wazuh and Splunk, so IBM Security QRadar is very much refined with respect to these solutions.

Regarding the tool's ability to maintain high-security standards, I rate it ten out of ten.

So far, we haven't used any AI feature in the tool, or it may not be available in the version we use.

Overall, I recommend the tool to others. We are currently recommending it to peer banks and peer colleagues who need to make a decision to buy a product.

Maintenance is not required, but we regularly check the tool's health reports. If any event occurs monthly or quarterly, then we need to maintain it. Otherwise, no maintenance is required.

I rate the tool an eight out of ten.

Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.

The most valuable feature of the solution is its ability to rectify a situation involving any anomalies expeditiously.

I am dealing with the tool from an arm's length. I am not sitting right in the middle of things in my position. I work in the sales position,and as far as sales marketing is concerned, I am not qualified to speak about what needs improvements in the tool.

IBM is in there with the client, and they pretty well have them covered in a lot of different areas. If the customers are doing their job and they are running the business the way they ought to, then IBM is in a position to do a good job for most of the clients. Communication between the silos sometimes becomes an issue, making it an area where improvements are required.

I have been using IBM Security QRadar since 2015 or 2016.

The solution's stability is pretty good. The tool has been there in my company over a long period of time. It is a solid product. IBM doesn't produce junk, and if it does, then such tools are taken off the market pretty quickly.

Scalability-wise, I rate the solution an eight out of ten.

The tool is used by government contractors who are our clients.

The tool offers plug-and-play options, and it does not even involve APIs, making it pretty easy.

IBM Security QRadar's interface is useful. The product is highly competitive. Though Splunk has become a standard tool, IBM Security QRadar is still out there even though it is not number one.

I rate the technical support an eight out of ten.

Positive

The main difference between Splunk and IBM is that the former one is on the edge in terms of innovation, but the latter one is not that good. Compared to IBM Security QRadar, IBM X-Force is good.

On a scale of one to ten, if ten means easy, I rate the product's initial setup phase as an eight.

As long as you have your policies and if they all relate to security and other areas like infrastructure, then the rules are pretty easy to feed into the product.

The time needed for the product's deployment phase depends on how the entity, the client, has its policies and rules set up. I don't want to say the tool is like a plug and play product because nothing really is in today's market. The tool offers ease of use and integration. I rate the tool a seven to eight for the ease of use and integration it offers.

The tool's ability to redeploy resources, like manpower, is about the same as that of other competitors. The benefit the tool offers is the protection and the ability to act on whatever the situation might be quickly, efficiently and terminate whatever is happening. The tool is useful to the bottom and helps with the remediation part.

The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace. The marketplace right now is being set by Splunk, which offers a pretty good deal if someone wants it. As a matter of fact, I would say that out of who we are working with right now, Splunk is the major one.

Speaking of how the tool handles real-time threat management in our specific industry, I would say that for our company's services, which are used with Crows Nest Software, we face the product as per the policies and rules that are set up within an entity or a client. For instance, if we see an anomaly, like if I send you an email, and we are within the same company, or I am within this ABC company, and you are external to it. If I am sending you information that I am not allowed to send outside of the company, what happens is we can either stop it ourselves, especially if that is what the instructions are through the policy, or if the client says, then we send such information to IBM Security QRadar and as per the instructions and policy, they can terminate it or do what they will with it after it is terminated.

Speaking about how anomaly detection has impacted security operations, if I consider it from a dollars and cents point of view, I would say that if I am sending you something that is intellectual property and they stop it, it is like you can put a price tag on it after it is leaked, but prior to it, things could seem hard. For instance, if I am a nefarious individual in a company, then in most cases, I would be sending information outside of the organization to somebody who is in the government or serves as a contractor of a nation or a state. They can then take such information and build whatever they want as far as the competition is concerned and be in the competitive marketplace with my product. Such instances happen all the time with government contractors. When I say government contractors, they are those who deal in military hardware development, and, for that matter, they may be involved in a business revolving around air conditioners. In the market concerning air conditioners, there might be someone who has perfected a new way of pulling moisture out of the air and making it into ice cream, which may seem ridiculous.

In the tool, the rules are really external. The good rules are external, and when I say that, it means it goes with the development of your security policies or your policies in general as they relate to security. When sitting down with the client, to be honest, what happens is that if they are installing something like this and they are developing rules and policies to go with it, it acts as an eye-opener for a lot of folks. With some companies, we classify data according to what we are able to pull. Suppose it is data that we have been given access to. In that case, we can determine and produce how it is in a snapshot over a two-week period and sit down with a client or somebody like a consultant firm to help in the area of BPM or something that can be like a spin-off of KPMG, and they do an excellent job of working with us. To prepare policies and rules, and those can be easily, you know, migrated or installed into any product, like Splunk and IBM Security QRadar.

IBM offers Watson for machine learning and artificial intelligence. I feel IBM has done a pretty good job with it.

We have partnered with various groups and companies that enhance their products, and we are continuing to do that. Since we utilize machine learning and AI from the start, we are well-versed in both areas. Additionally, we are working on something innovative with blockchain, as well as collaborating with another company focused on classification. There are companies on the periphery that specialize in the classification of various things, and they do tasks we don't handle on the front end. They provide us with information, and we share it, enabling us to interface more effectively with platforms like Splunk, QRadar, or others.

I rate the tool an eight out of ten.

I think that the main weakness is the tool's architecture. The tool still provides a secured analytic application, although we have heard for many years that the solution is going to move to a container kind of architecture, which ArcSight, for example, made years ago. IBM Security QRadar's analysis part is sometimes a bit buggy. The interfaces sometimes could give users an inconsistent experience because different developers wrote several different GUIs at different times. Sometimes, the user experience is not so consistent. There were outdated areas of IBM Security QRadar, but you can still find some rudimentary parts that could sometimes be a weakness.

What my company misses at the moment revolves around the fact that the tool had a great feature around risk management, which the tool deprecated several years ago, and I think that it could be helpful in the present. The tool's user and entity behavior analytics application could be improved significantly because our recent experience shows that it is still kind of useless, but the customers and we also need it. More artificial intelligence and machine learning will be helpful in the tool.

I have been using IBM Security QRadar since 2012. My company is a customer, a partner, and a reseller of IBM.

The solution's technical support works, but sometimes, it can take quite a long time to get a solution from technical support. Generally, we are satisfied because we just understand how it works and that you shouldn't expect much from the technical support. It is not so bad, but sometimes it could be longer than you can expect. I rate the technical support a six to seven out of ten.

Neutral

My company has not worked with any other products before IBM Security QRadar. In our organization, we used different SIEM solutions, specifically ArcSight, FortiSIEM, and Rapid7. We repeatedly returned to IBM Security QRadar and didn't continue with any of its competitors.

I think the pricing is quite flexible. As a reseller, we had chances to win bids with IBM Security QRadar against Splunk, ArcSight, and even McAfee with better pricing around six or seven years ago. We won the deals with better pricing. Pricing could be flexible. It could depend on the number of assets used by the enterprise or on the number of events per second, allowing customers to choose what fits him or her the best.

My company is looking for different products in the market since we are upset with the recent news about the deal between IBM and Palo Alto. I think the deal doesn't touch the on-premises IBM Security QRadar, and both companies have only agreed to give Palo Alto the authorization for the cloud version, making it a reason why we continue to use the on-premises version.

I am generally satisfied with the product.

Considering that there is still room for improvement and that the vendor could improve it to be made faster than it is at the moment, it is still a good product.

I rate the tool an eight out of ten.

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected. 

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints. 

Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances.

Our current query language (KQL) serves its purpose, but there's room for improvement. Consider introducing a more human-friendly language to streamline analyst training. Analysts could then express queries in a manner akin to human language. This change would expedite processes, making it easier for new analysts to adapt.

I have been working with the product for five years. 

I rate the tool's scalability an eight to nine out of ten. 

Troubleshooting delays have been a recurring challenge. Occasionally, responses take two to three days, leading to escalations. While their website’s knowledge base is commendable, troubleshooting scenarios demand more time. My observation is that they may be understaffed.

Neutral

My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.

Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.

The number of log sources significantly impacts deployment complexity. The process becomes more complicated for environments with 50 log sources compared to those with fewer sources (e.g., 20 or 10).

Each log source requires a connection to IBM, a task that can take several days or hours, depending on its complexity.

On average, the entire deployment process spans six to eight weeks.

The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it. 

I rate the overall product an eight out of ten. 

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

We make use of the tool to ensure company security. We have the firewall services and switches integrated. We use the solution for attack-related loss, firewall and blacklist IP. There are multiple use cases, like, internal firewalls, internal Windows servers and Internet controllers. It protect us from multiple authentication values, unauthorized access and antivirus threats. We don't open and see the console all the time, so we need automated alert access to all Windows. There's a malware incident and wireless incident. The QRadar has antivirus which detect cache files, etc.

IBM Security QRadar is stable. The tool exhibits minimal vulnerabilities and does not encounter multiple issues. It is not easy to operate, it ensures minimal downtime. Its usability, synchronization with systems, user interface, and storage capabilities are crucial. Storage is essential for research and hunting, as it involves delving into logs. The response time of IBM QRadar is commendable, and even when processing large amounts of data, it maintains a consistently high level of performance. The tool utilise RAM efficiently.

IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP.

I have been using IBM Security QRadar for 4 years. We are using V7.5 of the solution.

The solution is stable. It's crucial for maintaining the company's security.

I rate its stability as nine out of ten.

The solution’s scalability is excellent. 

25 users are using this solution. 

I rate the solution’s scalability a nine out of ten.

IBM provides good support.We have paid licenses, which come with special performance enhancements.

Positive

The initial setup is straightforward and can be done within a day. It is based on Linux. If there is any issue, you need to bang your head to solve the issue.

IBM Security QRadar requires a specific server with a minimum of 128 GB RAM and can support up to 2,000 endpoints. The installation process involves obtaining the ISO and setting up the necessary configurations. Once installed, we must ensure the components are properly located and configured.

One person is required for maintenance and deployment each.

I rate the solution's setup as a seven out of ten.

We opted for IBM Security QRadar based on its market rating and recommendations from previous alumni who have experience with it at our company. QRadar is a software solution provided by IBM for security purposes.

QRadar supports connectivity with a 2800 vendors, including Cisco and Fortinet FortiGate. These integrations encompass various platforms such as VMs, Linux distributions like Red Hat and CentOS, and Symantec and Microsoft Windows for CRM databases and other server functionalities. Cloud technologies such as Office 365 are also supported.

The tool is flexible and I recommend it.

Overall, I rate the solution a nine out of ten.