IBM Security QRadar SIEM vs. RackFoundry Total Security Management (discontinued)

QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.

Incentivized

RackFoundry Total Security Management (TSM) is suited for most companies that have the same challenge as my team had. If you are looking to purchase one security tool and spend most of your allocated budget then I would not recommend this for you. However, if you are looking for something close to a single pane of glass, (granted there is no such thing) this solution does come close as they have the main components built in such as their FW/IPS/IDS/SIEM. Before selecting RackFoundry we had two options which were: 1) Upgrade our current solution and spend an overbearing amount 2) Search for new vendors and maybe procure 1-3 devices and then manually integrate them. Because this was a unified console and integration between devices was simple, we were able to obtain 4-6 security functions and we even had some sense of security visibility via the SIEM. It's not as powerful as Splunk or LogRhythm, but it definitely does the job

• Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
• Facilitates security incident investigation and forensic analysis.
• Provides a real-time view of security events, enabling immediate incident response.
• Can integrate with external threat intelligence sources to enrich data and improve threat detection.
• Enables the generation of detailed and customized reports.

Incentivized

• Making promises about a service and product.
• Advertising a good price and offering great services.
• Supposedly offer 24/7 365 level 1 threat triaging.

• Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
• While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
• IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.

Incentivized

• It has been my first year with Rack Foundry and at this point I have to say everything has been smooth, from implementation to support.

With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.

Incentivized

A very special system to use without problems, the process is very genuine and does not require complicated procedures.

Incentivized

Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm

Incentivized

IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.

Incentivized

Well I have experience with the big names: SecureWorks, IBM and Splunk. Individually their logging tools are much better than RackFoundry's Total Security Management. This is great for large corporations and urban cities, however not so great for municipalities, mid size businesses and companies who fluctuate between 1-7 members on their IT staff. Why? Because it takes too much of their resources and integration with other products gets a little rough as you will need to configure your preferences to theirs. When a company has stability it is great to have a name brand product, however renewals and upgrade costs can be taxing to an organization.

• Offense investigation was really helped in tackling the incidents. It was accurate and brief
• The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes
• The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database

Incentivized

• Overall the product has had a negative impact. Not necessarily on our environment but in the amount of time it has taken to deploy.