TrustRadius Insights for IBM Security QRadar SIEM are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Efficient Integration with Technologies: Users have consistently praised the tool for its seamless integration with various technologies, allowing for the efficient monitoring of attack patterns and correlation of events. Reviewers indicate that this capability provides a comprehensive view across different systems.
User-Friendly Interface: Many reviewers have highlighted the clean, complete, and user-friendly interface that facilitates easy management and contributes to reducing downtime during outages. The intuitive design has been commended for enhancing the overall user experience.
Customizability and Flexibility: Users highly value the tool's ability to create custom dashboards. Reviewers also like the customization options for rules, reports, parsed fields, and DSM settings. This flexibility empowers users to tailor the tool according to their specific needs.
We monitor the organization's various assets (firewall, EDR, WAF, cloud) to maintain a safe and integral environment. The tool correlates events from various existing sources to find anomalies and, if an offense is found, respond to that incident.
Pros
Rules based on market framework.
User Analytics.
Threat Intelligence.
Cons
Better executive indicators.
Classification of offenses.
Likelihood to Recommend
Medium and large companies are protected. I do not recommend it for small companies.
We use IBM Security QRadar SIEM as a SIEM in a few of our internal customer environments. This helps us provide security monitoring to those environments once we onboard the relevant logs. In each environment we onboard 20+ different hosts and log types and write detections for threat cases that we've identified.
Pros
Easy to onboard generic sources
Easy to normalize generic sources
Easy to write basic detections
Maintenance and updates are user friendly
Cons
The UI is not pleasant to look at and can be a pain to navigate
It's hard to write DSM's for custom log sources
Complicated detections (RBA alerting and chaining detections together)
Likelihood to Recommend
I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.
With the increasing number of cybersecurity threats, our company needed software to help us correlate logs sent from our infrastructure for the purpose of detecting and preventing threats. We chose the IBM Security QRadar SIEM solution as it is the best solution on the market. We send all application and operating system logs from our machines to IBM Security QRadar SIEM, IBM Security QRadar SIEM analyzes them and correlates them to see if there are, for example, incorrect login attempts or other issues. Obviously, the software has to be managed by a team of people to function at its best. But once it's set up properly, you can set alerts that go off in certain situations to alert you via e-mail of problems that are occurring at that time. Really a very good SIEM!
Pros
Log correlation to find possible problems
Creation and visualization of custom dashboards
Handles almost any kind of log source
User management
Cons
High initial learning curve
High product costs for small businesses
Managing the product requires a high number of people working on it
Likelihood to Recommend
An example scenario is the detection of ddos attacks. The product immediately notices if there are high ping requests or abnormal access requests on a machine. Another scenario is repeated attempts within a short period of time to access a machine by entering incorrect credentials. IBM Security QRadar SIEM in this case signals a possible bruteforce attack.
VU
Verified User
Administrator in Information Technology (10,001+ employees)
The business needed an all in one solution which can collect logs from all the devices across the organization as well as it should be user friendly enough for analysts to use (considering finding resources). IBM Security QRadar SIEM fits in the sweet spot to get both resolved. The all in one deployment to distributed, both were good according to the regions we deployed it onto.
Pros
User Behaviour Analytics
Easy log source onboarding
Easy reference set management for IOCs
Cons
Aerial searches are a little complicated
The UI for the event analysis looks a little dated
Widgets on the dashboard can be more automated
Likelihood to Recommend
IBM Secuirty QRadar SIEM has proven to be an industry leader time and again for multiple years. It’s user friendly historical searches, reference set management and other key features makes it easy for new SOC analysts .Its well suited for medium to large size organizations. However, it’s not an ideal solution for smaller organizations as the solution incurs a decent license cost. Small organization can manage at free SIEM solutions.
We use IBM Security QRadar SIEM in our organization to centralize all the security and compliance events to monitor and detect a possible security breach in our environment. The scope of our use cases is related to our infrastructure, security products that protect our company and use cases to detect scammers exploiting vulnerabilities in our business rules.
Pros
Simplicity in creating new use cases and rules
Simplicity in making filters using properties
Simplicity in have IBM support
Cons
Pulse app can be improved to implement easily new charts using properties and not only by using AQL
The Asset menu is difficult to configure and brings a lot of false positives
The UBA is difficult to configure well to bring relevant finds
Likelihood to Recommend
Creating new use cases and making filters to find some specific events is easy. But when you need to make a filter with a long date it takes time.
VU
Verified User
Analyst in Information Technology (1001-5000 employees)
IBM Security QRadar SIEM is one of the company's main security tools and today we meet several regulatory requirements through this IBM solution. We have several use cases both aimed at business and for controlling and identifying an attack or malicious actor... IBM Security QRadar SIEM has internally become a tool of great value and offers us enormous visibility through the events that we correlate in our environment.
Pros
Several possibilities to correlate events
Many connectors for various log sources
Easy and intuitive to administer
Cons
Reports
Dashboards
Graphic interface
Likelihood to Recommend
Despite being a tool with an old and limited graphical interface, it is a product that does what it sets out to do well...
IBM Security QRadar SIEM is user-friendly. It is not a burden to manage offensives because of excellent correlation and the ability to observe any earlier offense from the same attacker. IBM Security QRadar SIEM is versatile. This integrates popular solutions effortlessly. IBM Security QRadar SIEM takes on the management, correlation, and investigation of network and application events. Any harm can be mended without letting go of the profit with this technology. Everything about the network activity is visualized in IBM Security QRadar SIEM.
Pros
Visualizes all network activity.
Manages, correlates, and investigates network and application events.
Observes previous offenses from the same attacker.
Cons
Additional features often require more licensing.
Overly many filters may not always work together.
Difficulty in understanding compared to other SIEMs.
Likelihood to Recommend
I am very much likely to recommend IBM Security QRadar SIEM because it is a very well suited and trusted security monitoring system. It also gives very fast response and I have fantastic experience with IBM Security QRadar SIEM.
We use IBM Security QRadar SIEM to collect and analyze log data from our IT systems, helping us detect and respond to security threats in real-time. It also assists in meeting compliance requirements by automating data collection and reporting. This tool improves our security team's efficiency by centralizing and automating incident management. IBM Security QRadar SIEM helps prevent data breaches and ensures our IT infrastructure is secure.
Pros
Threat Detection and Response
Compliance Reporting
Log Collection
Cons
The user interface can be complex and hard to navigate for beginners
Customizing and creating new rules can be time-consuming
Integration with certain third-party tools could be better
Likelihood to Recommend
Excellent for security operations centers that require continuous, real-time monitoring and fast response and could be challenging for organizations with small IT teams due to its complexity.
VU
Verified User
Consultant in Information Technology (10,001+ employees)
At ADV-IC we provide cybersecurity services to multiple clients, QRadar SIEM is one of the tools that stands out the most for its practicality, which is why I interact a lot with it
Pros
Use Cases
Integrations
Dashboard
Cons
datagateway deployment
more functionality to the aql language
opportunity area for integration with cloud-to-cloud platforms
Likelihood to Recommend
It is very easy to search for incidents and follow them up since it has very simple filters to make queries.
It is used to monitor all the organization's security tools and infrastructure centrally and in this way detect incidents quickly, it also helps us comply with regulations.
Pros
Group the different events that generated it in the name of the offense
Receive email alerts
Always report errors on the main page
Have an easy to understand interface for creating rules
Cons
Have the parsing of all sources
Frequent updating of log source parsing
Better breadth in the editing of reports
Likelihood to Recommend
Appropriate for well-known log sources, but inappropriate for obscure log sources or applications.
