Efficient Alert Management: Users have praised the intuitive UI that simplifies alert configuration and streamlines investigations efficiently. The detailed documents generated with timestamps and IP addresses aid in thorough analysis, enhancing overall incident response accuracy and speed.
Regular Updates, Automation, and Quick Responses: Reviewers value the solution's hourly updates for real-time protection, automated incident response through predefined rules, and swift defense against malicious entities like emails, applications, and websites. This automation not only reduces manual intervention but also ensures rapid threat mitigation to protect critical assets effectively.
Seamless Integration and Customization Options: Customers appreciate the platform's seamless integration capabilities with other technologies, empowering users to customize settings using programming skills. The user-friendly interface requires minimal training while offering flexibility for tailored configurations based on specific organizational security requirements.
The Python-based extensions for Orchestration & Automation are really important for me within IBM Security QRadar SOAR.
In our organization, we utilize IBM Security QRadar SOAR primarily for automating repetitive tasks to reduce the workload on analysts. It serves as a central hub for managing and orchestrating all security incidents. By enforcing predefined tasks and workflows, it streamlines incident response processes, ultimately enhancing our overall security posture.
it would suit environments where limited, reliable customization is needed, if you need insanely advanced customization you shouldn't go with it
We use IBM Security QRadar SOAR to automate and improve security operations.
IBM Security QRadar SOAR Is appropriate to agile incident responses and efficient threat hunting.
We tried IBM suite for all threat detection and resolvece.
- It is well suited for large organisation having multiple teams and complex need of security environments.
- We use it at our organisation(...) because we are in financial domain which is higly regulated.
- If an organization’s security environment is relatively simple and does not require the orchestration of multiple tools or automated workflows, IBM Security QRadar SOAR’s full capabilities might not be necessary.
Event security detection and response are quicker with IBM Security QRadar SOAR. It also reduces the amount of manual security labor due to repetitive task automation. Furthermore, it reduces MTTR, meaning real time security and investigations also become better. The thing I like about IBM Security QRadar SOAR is the way it has brought simplification and speed to the process of installation. It serves big companies with its connection libraries to jira and gsuite. We can also save our time by having people from different teams and projects involved, and lots of the operations are done automatically, so we don't have to redo it. And the vulnerabilities can be evaluated when Jira ticket filtering and addition, as well as event payload analysis, are added.
IBM Security Qradar SOAR is both powerful and versatile. As it can automate most of the manual tasks and you can easily customize it to yours need. Also the installation process is very straightforward so there shouldn't be any major problem installing it at your organization.
Our whole organization's security is managed by IBM Security QRadar SOAR, we have defined alerts within the application so whenever an alert is triggered, it automatically investigates the problem and provides us with a document containing the time and location where it happened and ip address and url if available and some few other data. And ever since we started using IBM Security QRadar SOAR, our organisation had a better ROI as unlike IBM SEIM, it not only raises an alert but also automatically starts the investigation process.
If your you're already using IBM products then I would suggest you to start using IBM Security QRadar SOAR as your primary security solution as it integrates well with other IBM products and if you're using IBM SEIM, then I would strongly suggest to switch to IBM Security QRadar SOAR as unlike IBM SEIM, it also automatically starts the investigation process and provides you with the result.
IBM Security QRadar SOAR lets us enhance and manage our network security and it also requires less manual effort as most of the things are predefined and automated. It automatically checks for updates every hour and updates their virus and malware database frequently and makes sure that you're getting the latest protection. It also constantly scans your devices for any malicious emails, application or website that may inject malicious code on your device and automatically quarantines it or deletes it depending on your predefined rules.
It is a very powerful security solution that updates very frequently and has very few false positives. Though the license for the software is expensive but for such powerful security solution, the cost is justified.
We are using the solution for network & security needs. For SOC side, we use the power of IBM Security QRadar SOAR to enrich alerts, prioritize alerts and correlate incidents. This helps us present related alerts in a unified dashboard thus reduces noise and saves us time.
Other than presenting alerts, the automated playbooks approach to trigger actions regarding the output of the playbook, such as blocking an IP address on your DDoS device, quarantining a file hash on your firewall or your ips device, blocking spam/malicious domains on your email security device and automating many of the daily tasks to ensure and enhance security has never been easier.
The most important issue at anywhere is manpower at the moment and with IBM Security QRadar SOAR, while we reduce MTTR to alerts, we also reduced the required manpower and manual labor which is a win-win on the long run.
IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities.
If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.
We use IBM Security QRadar SOAR to automate our process the incident response, so when the incident is generated on our SIEM IBM QRADAR, the SOAR collect the informations from offense and populate in an incident case, allow us to attach many artifacts to enrich our investigations and provide better visibility.
I'd rate IBM Security QRadar SOAR around 8 out of 10. It offers robust automation capabilities, comprehensive case management, and easy integration with other security tools, which makes it a solid choice for streamlining incident response workflows. However, the platform can have a steep learning curve for beginners, and some advanced configurations might require more effort, which prevents it from reaching a perfect score.
QRadar SOAR is mainly used for incident response and rapid threat detection. When an alert is triggered by any of our security systems, the data is integrated and aggregated and then sent to Qradar SOAR. It then initiates predefined actions, such as notifying our security team of the threat. Unfortunately, the automation mechanisms lack maturity and are not stable. Therefore, the solution is only suitable for collaboration and security event management.
IBM QRadar SOAR is a very good solution for collaborating on security events. Quite a few companies will be happy with such a tool. Good default settings. Clear interface. Great granularity of user permissions. Unfortunately, it is not suitable as a SOAR-class solution. As an incident management system, it meets most of the requirements.