Reviews (1-20 of 20)
- Detect advanced attacks with upgraded functionality systems when activating systems and auditing advanced logs on owers server to detect hidden infections.
- Detecting and monitoring the behavior of Active directory users to know the possibility of malicious infection.
- Analysing third-party applications, and writing parsers quickly.
- Investigate threats and write new rules for detecting new and correlated unknown attacks.
- It is easier to deploy than most SIEM's.
- Its correlation engine in my opinion is the best of any SIEM.
- The GUI when compared to most other SIEM's is easier to work with.
- It is a mature SIEM with a better than average level of support.
- As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
- As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
- The ability to customize the GUI and reporting per user needs some improvement.
The biggest issue it has is cost, for small to midsize companies looking to deploy it. It very quickly becomes cost-prohibitive. Another issue it and every SIEM that I'm aware of needs to address is east to west traffic visibility. Flows by default only give you at most sixty data points, which is not enough in today's world.
- All the databases and valuable information of the organizations are increasingly exposed to a great diversity of threats. The more and more expert attackers manage to make the brands of their actions practically inevitable, and QRadar detects in time any anomaly in order to protect companies from these actions. This is carried out through an exhaustive analysis of the information, which allows it to identify in advance those threats and suspicious actions that may affect the data and systems in general.
- In terms of ease of use, QRadar has a somewhat complex architecture that makes it a software product that is not very detailed, as it offers a user interface and a fairly systematic deployment.
- You can send a denial of service. The Linux kernel used by QRadar is vulnerable to a denial of service due to an error in functionality.
Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
IBM QRadar is being used to monitor the logs of the Cisco Firewall and several AIX Logs.
Business problems addressed include detection of security risk and automation of response to aid in taking prompt action to detect sources of security using log data and new network traffic data, making investigations possible and prompt
- Data visibility
- Only alerts when necessary. Detects threats, identifies and prioritizes potential incidents
- Automates response, contains threat
- Machines require fairly high resources
- The process of setting what is considered an offense is a bit cumbersome.
- Variable login expiration would be appreciated
1. IBM QRadar is suited for a scenario where there is limited administrative support.
2. Where there are multiple log sources
3. Where there are multiple clients accessing from several locations
4. Highly secure sites / Sites where security is very important
5. Can't think of any scenario where it is less appropriate - maybe a single home system
- Net flow dashboard provides clear and concise display of net flow data
- QRadar makes sure that the most important events are highlighted
- Better working with technology partners for QRadar plugins
- Help promoter plugins to QRadar installed base
- It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
- It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
- By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
- We are too new with the product for me to actually have good feedback on this question
- Good integration of log sources.
- Low level of false positive offenses.
- Collect logs from more than 400+ sources and millions of events per second.
- Intuitive dashboards.
- The solution is a little bit too expensive.
- Create templates for logs from SWIFT.
- Make it more user-friendly.
- Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
- DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
- Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
- Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
- Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
- SE Linux by default is disable
- Metric events can't be disabled
- Great user interface.
- Easy to use and administer.
- The most comprehensive and powerful SIEM.
- Very stable.
- Can't be integrated with TSM.
- Some searches are not very intuitive.
- It is not possible to export reports from the vulnerability manager add on.
- Ease of use for data
- Customization for custom applications
- Reporting configuration is still too convoluted
- Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
Great for correlation.
- Well suited to Banking, Financial Services, and Insurance (BFSI) industry
- End user interface is not friendly or intuitive
- Rule creation is intuitive and fast which helps during emergency situations.
- Platform maintenance is very light while the appliance has nearly flawless uptime.
- Report generation is very functional and efficient.
- There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
- There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
- May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
IBM QRadar Scorecard Summary
Feature Scorecard Summary
About IBM QRadar
IBM QRadar Technical Details