QRADAR for Brazil.

Overall Satisfaction with IBM QRadar

We use QRADAR in the business area and the IT area. We were looking to solve questions about logs systems that we weren’t monitoring. Now, we have information in real time and we can identify when an irregular operation happens. QRADAR sends information to our analyst and opens incidents.


Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
  • Simple to use
  • Fast
  • Simple infrastructure
  • System is stable
  • Uses Linux as system operation
  • Has a lot of connectors (log sources)
  • Doesn't work well in Nutanix virtualization (Acropolis)
  • The visibility that we have with QRADAR is amazing.
  • For us, in Brazil, the price is expensive.
We chose QRADAR, because Splunk needed more time for creating parsings and creating correlations between different systems.
It is very appropriate for using collection logs from infrastructure, security systems and S.O.

IBM QRadar Feature Ratings

Centralized event and log data collection
9
Correlation
10
Event and log normalization
8
Deployment flexibility
9
Integration with Identity and Access Management Tools
7
Custom dashboards and views
9
Host and network-based intrusion detection
9