Qradar - Big League SIEM Solution
April 04, 2017
Qradar - Big League SIEM Solution
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with IBM Security QRadar
Qradar is a premium SIEM solution for medium and large businesses. Used to correlate and triage security events across the entire landscape, security teams are able to quickly respond to threats. Often times, information security departments are so inundated with raw data that things certainly get lost in the shuffle. With Qradar, all of this data is combined and processed allowing a fast view into the important things.
- Rule creation is intuitive and fast which helps during emergency situations.
- Platform maintenance is very light while the appliance has nearly flawless uptime.
- Report generation is very functional and efficient.
- There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
- There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
- May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
- Faster response times
- Global scalability
- High cost of implementation
- AlienVault USM and Splunk
With IBM supplying this solution, you're inherently getting the globally recognized IBM support environment as well. As an enterprise solution, Qradar is among stiff competition but the reliability and availability make it a cut above the rest. While I also recommend AlienVault for small-medium sized businesses, there aren't many others that afford the same experience and piece of mind.