Likelihood to Recommend QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Read full review XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click of a button. ●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real emails, resulting in compromise through human error. ●Security Teams aren’t able to follow set processes while responding to phishing alerts. They must coordinate across email inboxes, threat intel, NGFW, ticketing, and other tools. Each tool has different consoles, data conventions, and contexts, making it difficult for security teams to fill in the gaps while minimizing errors. XSOAR is less suited for analyzing traffic.
Read full review Pros Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action. Facilitates security incident investigation and forensic analysis. Provides a real-time view of security events, enabling immediate incident response. Can integrate with external threat intelligence sources to enrich data and improve threat detection. Enables the generation of detailed and customized reports. Read full review Automation with immediate security responses. Comprehensive phishing protection and increased email protection. Analysis and reporting feature. Intuitive and easy-to-view panels. Alerts by email and sms of incidents for the administration. Centralized monitoring. Read full review Cons Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources. While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete. IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting. Read full review The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario. The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff. Also, I would love to have search areas more interactive and easier to navigate. Read full review Likelihood to Renew With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.
Read full review Usability A very special system to use without problems, the process is very genuine and does not require complicated procedures.
Read full review Support Rating Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review Implementation Rating It was much easier than we all anticipated.
Read full review Alternatives Considered IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.
Read full review The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.
Read full review Return on Investment Offense investigation was really helped in tackling the incidents. It was accurate and brief The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database Read full review Demisto has Eased malware analysis and threat hunting With Demisto, it is simple to create playbooks and scripts This is helped automate policy configurations on our PA firewalls through Panorama Read full review ScreenShots