IBM Security QRadar SIEM vs. IBM Security QRadar SOAR

QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.

Incentivized

IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities. If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.

Incentivized

• Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
• Facilitates security incident investigation and forensic analysis.
• Provides a real-time view of security events, enabling immediate incident response.
• Can integrate with external threat intelligence sources to enrich data and improve threat detection.
• Enables the generation of detailed and customized reports.

Incentivized

• QRadar's ability to collect, analyze and normalize vast amount of security data from various sources is remarkable.
• QRadar allows us to define and automate incident response playbooks which have been amazing for streamlining the response to security incidents.
• It offers and extensive library of pre-built connectors and support for common security standards facilitating seamless integration with a wide range of security tools.

Incentivized

• Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
• While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
• IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.

Incentivized

• You still have to generate reports manually. Reports are very limited and practically not useful.
• The solution should not be SOAR class. Automations usually don't work. It's apparent that it's not designed for that.
• Lack of flexibility.
• Practically no support. The reported integration problems have not been resolved.

Incentivized

With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.

Incentivized

It is beneficial to have a program that can run independently and be used without the supervision of a devoted employee

Incentivized

A very special system to use without problems, the process is very genuine and does not require complicated procedures.

Incentivized

It is very easy to navigate and run the parts that we have needed

Incentivized

Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm

Incentivized

I have never had to contact support

Incentivized

IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.

Incentivized

Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by Splunk SOAR, but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made implementation of a SOAR solution much faster.

Incentivized

• Offense investigation was really helped in tackling the incidents. It was accurate and brief
• The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes
• The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database

Incentivized

• It provides comprehensive MTTD and MTTR metrics and we are aware of how secure our systems are at any given moment.
• We use linux 7.7, therefore the integrations are smooth.
• We've been able run our online shops securely for so long.

Incentivized