IBM QRadar Reviews

87 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.0 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Filtered By:

Reviews (1-20 of 20)

Douglas Concepcion | TrustRadius Reviewer
November 13, 2019

IBM QRadar Review

Score 7 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • It is easier to deploy than most SIEM's.
  • Its correlation engine in my opinion is the best of any SIEM.
  • The GUI when compared to most other SIEM's is easier to work with.
  • It is a mature SIEM with a better than average level of support.
  • As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
  • As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
  • The ability to customize the GUI and reporting per user needs some improvement.
Read Douglas Concepcion's full review
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Good integration of log sources.
  • Low level of false positive offenses.
  • Collect logs from more than 400+ sources and millions of events per second.
  • Intuitive dashboards.
  • The solution is a little bit too expensive.
  • Create templates for logs from SWIFT.
  • Make it more user-friendly.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
  • DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
  • Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
  • Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
  • Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
  • SE Linux by default is disable
  • Metric events can't be disabled
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Great user interface.
  • Easy to use and administer.
  • The most comprehensive and powerful SIEM.
  • Very stable.
  • Can't be integrated with TSM.
  • Some searches are not very intuitive.
  • It is not possible to export reports from the vulnerability manager add on.
Read this authenticated review
Ruben Albornoz | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • All the databases and valuable information of the organizations are increasingly exposed to a great diversity of threats. The more and more expert attackers manage to make the brands of their actions practically inevitable, and QRadar detects in time any anomaly in order to protect companies from these actions. This is carried out through an exhaustive analysis of the information, which allows it to identify in advance those threats and suspicious actions that may affect the data and systems in general.
  • In terms of ease of use, QRadar has a somewhat complex architecture that makes it a software product that is not very detailed, as it offers a user interface and a fairly systematic deployment.
  • You can send a denial of service. The Linux kernel used by QRadar is vulnerable to a denial of service due to an error in functionality.
Read Ruben Albornoz's full review
David Bories | TrustRadius Reviewer
February 14, 2019

Simply the best - QRadar

Score 10 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • Data visibility
  • Only alerts when necessary. Detects threats, identifies and prioritizes potential incidents
  • Automates response, contains threat
  • Machines require fairly high resources
  • The process of setting what is considered an offense is a bit cumbersome.
  • Variable login expiration would be appreciated
Read David Bories's full review
Bruce Perlmutter | TrustRadius Reviewer
February 15, 2019

Need Netflow for ??

Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Net flow dashboard provides clear and concise display of net flow data
  • QRadar makes sure that the most important events are highlighted
  • Better working with technology partners for QRadar plugins
  • Help promoter plugins to QRadar installed base
Read Bruce Perlmutter's full review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
  • It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
  • By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
  • We are too new with the product for me to actually have good feedback on this question
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • Interface usability is very intuitive
  • The depth and wide coverage of the technical analysis
  • The integration with 3rd party platforms
  • Seamless integration with some of the cloud platforms
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 14, 2019

Get to the head of the Q

Score 8 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • Correlation
  • Ease of use for data
  • Customization for custom applications
  • Reporting configuration is still too convoluted
  • Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 14, 2019

QRadar

Score 10 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • Correlation
  • Vendor support
  • Complex data searching
  • Customizable UI
  • Advanced Reporting
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 13, 2019

Qradar-SPine of Any SOC

Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Custom parser with excellent DSM editor
  • Nice dashboard
  • Customizable reports
  • In the dashboard, the widget size cannot be modified by stretching it in or out.
  • AQL decoder
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.
  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Simple, flexible architecture
  • Easy deployment
  • Out of the box content good enough to have quick wins
  • Event log parsing
  • Correlation engine needs more dynamism and flexibility
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (20)
9.5
Correlation (20)
9.9
Event and log normalization (20)
9.5
Deployment flexibility (20)
9.0
Integration with Identity and Access Management Tools (19)
8.7
Custom dashboards and views (20)
9.1
Host and network-based intrusion detection (18)
8.8

About IBM QRadar

IBM Security QRadar is security information and event management (SIEM) Software.

IBM QRadar Technical Details

Operating Systems: Unspecified
Mobile Application:No