I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.
Symantec Endpoint Security is a well-rounded product that provides a significant amount of functionality and covers many of our endpoint needs without needing to resort to multiple vendors that might clash in unpredictable ways when ultimately deployed to the endpoints in our estate. The default policies are adequate and tuning these requires some time as with all similar EDR products but the product is flexible enough to allow very granular whitelisting/blacklisting which is great. Low resource requirements are also fantastic and we've not had many complaints from developers who were getting slowed down when compiling complex code with other previous solutions.
Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
The system should have a better ability to auto repair, if an item is malfunctioning it should auto reinstall.
The cloud platform and the server do not talk well to each other and it would be great to get the same data on both platforms, this may be due to version though.
It seems the whitelisting on the cloud platform could use some work.
QRadar is an established and stable product, we have been using it for many years and want to continue to focus on it. Anyone who has used the product and knows it knows how reliable it is and how it facilitates continuous monitoring of threats from outside and inside. it is an exceptional product that is very useful for us.
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
The rating reflects Symantec Endpoint Security's ability to balance enterprise grade security with user-friendly workflows or advanced configurations require extra effort. For most organizations, the streamlined management and robust automation justify the high score. Management GUI is old fashined and need to be improve. Older devices may experience slowdowns during full scans without careful configuration.
We've used it for years and the software is easy to use. The dashboard is easy to read, and you can easily figure out where to go to troubleshoot or deploy software. Symantec is there for emergencies like backup restoration or file retrieval. It's pretty low maintenance. Symantec is there when your IT infrastructure needs it
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Support is completely awful! You can never get anyone to help if you can even find a number to call. The support web portal is a joke and their response time if you're even able to submit a ticket is ridiculously slow.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.
Symantec Endpoint Security offers very similar features to the above products, they all do the same thing in terms of protecting your endpoints against cybersecurity threats. Installation wise the products all install from a central management system and report back to this for central reporting. Ultimately we choose Symantec as the reseller was able to offer additional incentives which made their pricing very competitive.
