Efficient in SOC
May 11, 2021
Efficient in SOC
Score 9 out of 10
Overall Satisfaction with IBM QRadar
IBM QRadar is mainly used for security and network monitoring in our organization. IBM QRadar is mainly used by the SOC. It has multiple dashboards available which make day-to-day security monitoring easy and efficient. It also makes the process of investigation and data gathering fast, easy and reliable.
- QRadar is best used in large networks - one of the best features is you're able to do a query for a particular subnet range.
- AQL - advanced search queries are easy to understand. This allows you to perform specific searches that really speeds up the investigation process.
- Graphical representation of the volume of events [at] a specific time in relation to an offense/alarm
- I think it would be better in the offense tab to have a right-click filter for the offense description. It's kind of time-consuming to edit the searches as it opens to another page.
- Highly efficient in SOC
- Capable of Network monitoring and providing logs up to 90 days.
I previously used AlienVault OSSIM in my former job and I can really tell that QRadar is a much more powerful SIEM as compared to AlienVault OSSIM. In QRadar, you can perform advanced queries that make use of AQL. This makes my investigation a lot easier. One of the things I truly adore in QRadar is that you can perform queries to see all the events for an offense or multiple offenses. You can also see which of the events were seen on an offense in the Log activity view. I think the only thing I liked in AlienVault is their UI, QRadar may need to up its game on that but overall a really great SIEM solution.
Do you think IBM Security QRadar delivers good value for the price?
Are you happy with IBM Security QRadar's feature set?
Did IBM Security QRadar live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of IBM Security QRadar go as expected?
I wasn't involved with the implementation phase
Would you buy IBM Security QRadar again?
IBM QRadar is suited for large networks as it has the capability to minimize the work of the analysts in locating particular traffic from a host. Comparing it to other SEIM solutions I've used, QRadar has one of the best functionalities both for security and network monitoring. As a security analyst, QRadar is easy to understand and has the capability to display all the needed information for the investigations I'm performing.