The best SIEM solution in the market, hands down!
No photo available
November 26, 2019

The best SIEM solution in the market, hands down!

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with IBM QRadar

My current client uses QRadar in an environment with more than 6000 endpoints (averaging 40K EPS). QRadar monitors all the servers in the environment, including PCI and SOX zones. QRadar is their central security intelligence solution and is used by the SOC team for incident monitoring and daily incident investigations. The tool is also used to provide compliance information for audit teams and acts as a centralized log repository.
  • Advanced correlation rules
  • Easy to use, in just one day we can train a new SOC analyst
  • Good scalability
  • Integration with advanced data mining tools (e.g. ELK)
  • High ROI, the implementation cost is very low and in just few days you have an environment up and running
  • Security incidents are now detected in timely manner
IBM QRadar is way easier to deploy and use than the other SIEM tools. In literally hours you have a whole environment up and running. Also, QRadar comes with way more out-of-the-box parsers (called DSMs) than any other tool. Also, recently, QRadar released their app store, in which you can download extension packs for your QRadar, so you can easily deploy things such as User Behavior Analytics (UBA) and interactive dashboards.
Sometimes the support doesn't know what they are doing. You have to be lucky to get an engineer that actually knows a lot about QRadar.

Do you think IBM QRadar delivers good value for the price?

Yes

Are you happy with IBM QRadar's feature set?

Yes

Did IBM QRadar live up to sales and marketing promises?

Yes

Did implementation of IBM QRadar go as expected?

Yes

Would you buy IBM QRadar again?

Yes

Qualys Cloud Platform (formerly Qualysguard), McAfee Enterprise Security Manager, Arcsight Enterprise Security Manager (formerly HP Arcsight)
If you have a small-to-large company looking for a SIEM solution that "does the job" and is easy to deploy/use, QRadar is your tool. If you're looking for a complex solution that supports integration with data-mining solutions (e.g. ELK), then you may need a different solution. Overall, QRadar fits the needs of 99% of the companies. It is one of the easiest SIEM solutions to deploy and use.

IBM QRadar Feature Ratings

Centralized event and log data collection
10
Correlation
10
Event and log normalization
10
Deployment flexibility
8
Integration with Identity and Access Management Tools
6
Custom dashboards and views
10