1. Home
  2. Security Information and Event Management (SIEM) Software
  3. IBM Security QRadar SIEM Reviews
  4. User Review of IBM Security QRadar SIEM
Efficient in SOC
May 11, 2021

Efficient in SOC

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with IBM QRadar

IBM QRadar is mainly used for security and network monitoring in our organization. IBM QRadar is mainly used by the SOC. It has multiple dashboards available which make day-to-day security monitoring easy and efficient. It also makes the process of investigation and data gathering fast, easy and reliable.
  • QRadar is best used in large networks - one of the best features is you're able to do a query for a particular subnet range.
  • AQL - advanced search queries are easy to understand. This allows you to perform specific searches that really speeds up the investigation process.
  • Graphical representation of the volume of events [at] a specific time in relation to an offense/alarm
  • I think it would be better in the offense tab to have a right-click filter for the offense description. It's kind of time-consuming to edit the searches as it opens to another page.
  • Highly efficient in SOC
  • Capable of Network monitoring and providing logs up to 90 days.
I previously used AlienVault OSSIM in my former job and I can really tell that QRadar is a much more powerful SIEM as compared to AlienVault OSSIM. In QRadar, you can perform advanced queries that make use of AQL. This makes my investigation a lot easier. One of the things I truly adore in QRadar is that you can perform queries to see all the events for an offense or multiple offenses. You can also see which of the events were seen on an offense in the Log activity view. I think the only thing I liked in AlienVault is their UI, QRadar may need to up its game on that but overall a really great SIEM solution.

Do you think IBM Security QRadar SIEM delivers good value for the price?

Not sure

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security QRadar SIEM go as expected?

I wasn't involved with the implementation phase

Would you buy IBM Security QRadar SIEM again?

Yes

Trend Micro Apex One (formerly OfficeScan), FireEye Endpoint Security, FireEye Email Security
IBM QRadar is suited for large networks as it has the capability to minimize the work of the analysts in locating particular traffic from a host. Comparing it to other SEIM solutions I've used, QRadar has one of the best functionalities both for security and network monitoring. As a security analyst, QRadar is easy to understand and has the capability to display all the needed information for the investigations I'm performing.

IBM Security QRadar SIEM Feature Ratings

Security Information and Event Management (SIEM)
8.1
Centralized event and log data collection
9
Correlation
7
Event and log normalization/management
10
Deployment flexibility
7
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
7
Host and network-based intrusion detection
9
Log retention
7
Data integration/API management
9
Behavioral analytics and baselining
5
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
Not Rated
Reporting and compliance management
Not Rated
Incident indexing/searching
9