Likelihood to Recommend IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities. If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.
Read full review Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.
Read full review Pros QRadar's ability to collect, analyze and normalize vast amount of security data from various sources is remarkable. QRadar allows us to define and automate incident response playbooks which have been amazing for streamlining the response to security incidents. It offers and extensive library of pre-built connectors and support for common security standards facilitating seamless integration with a wide range of security tools. Read full review Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts. Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures. Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc. Read full review Cons You still have to generate reports manually. Reports are very limited and practically not useful. The solution should not be SOAR class. Automations usually don't work. It's apparent that it's not designed for that. Lack of flexibility. Practically no support. The reported integration problems have not been resolved. Read full review Traps doesn't seem to function as a traditional A/V very well, so it's better as another layer to your endpoint protection Traps can cause issues with some legacy or custom programs, so exceptions may have to be made Traps falsely identifies things as malicious at times, this is not often though Read full review Likelihood to Renew It is beneficial to have a program that can run independently and be used without the supervision of a devoted employee
Read full review Usability It is very easy to navigate and run the parts that we have needed
Read full review Day to day, Cortex is easy to use when you have no alerts and when an agent upgrade doesn't go south. Alerts are far too "clicky", there's too many steps to drilling down to what actually happened to trigger an alert. Investigating alerts in Cortex takes about 5x longer than it should.
Read full review Support Rating I have never had to contact support
Read full review The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
Read full review Alternatives Considered Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by
Splunk SOAR , but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made implementation of a SOAR solution much faster.
Read full review Traps is the slickest interface, easy to use and intuitive rule making, and the rest just didn't quite stack up to the performance level of Traps.
McAfee and Kaspersky just hog processor and RAM power. I didn't like the interface and functionality of
SentinelOne as much as Traps. Palo Alto really put a lot of time into the development of this software, and had some of the founding fathers of IT Security heading the development process. Can't beat that.
Read full review Return on Investment It provides comprehensive MTTD and MTTR metrics and we are aware of how secure our systems are at any given moment. We use linux 7.7, therefore the integrations are smooth. We've been able run our online shops securely for so long. Read full review After putting Palo Alto Networks Cortex XDR on a user's system, users came back with a positive response that there are no performance issues now. We are able to track and control granular suspicious and malicious activities. Web controls are missing, which if they would have been there would have been very helpful. Read full review ScreenShots IBM Security QRadar SOAR Screenshots