IBM QRadar Review
Overall Satisfaction with IBM QRadar
QRadar is primarily being used by companies to increase the visibility of their operational environment. It is used as the central correlation engine for relevant event sources. It is almost always the central piece of their SOC, assisting the analysts in quickly determining risks to the organization. The deployment footprint varies from client to client driven by required coverage area and cost.
- It is easier to deploy than most SIEM's.
- Its correlation engine in my opinion is the best of any SIEM.
- The GUI when compared to most other SIEM's is easier to work with.
- It is a mature SIEM with a better than average level of support.
- As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
- As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
- The ability to customize the GUI and reporting per user needs some improvement.
- ROI is a very tough calculation to achieve when it comes to cyber events. The reason is that how do you rate damage to the brand e.g. Target. Loss of confidence in a brand can easily lead to a company going bankrupt - how, do you measure that?
- QRadar is in line with most other SIEM's in its category in TCO.
- QRadar will lower the TCO and ROI of a security team's cost, due to the ability to perform most of the investigation and remediation recommendation.
Splunk Enterprise Security I've found is the easiest of all major SIEM's to deploy due to its event normalization capabilities. It lags behind QRadar in event correlation but is better in user GUI customization. One issue where QRadar beats it is in cost. Splunk starts off cheap, but as you expand (due to it's licensing model), it quickly becomes very expensive. It is the monster that keeps on feeding.
Do you think IBM Security QRadar SIEM delivers good value for the price?
Not sure
Are you happy with IBM Security QRadar SIEM's feature set?
Yes
Did IBM Security QRadar SIEM live up to sales and marketing promises?
Yes
Did implementation of IBM Security QRadar SIEM go as expected?
Yes
Would you buy IBM Security QRadar SIEM again?
Yes