Qradar - Big League SIEM Solution
April 04, 2017

Qradar - Big League SIEM Solution

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with IBM Security QRadar

Qradar is a premium SIEM solution for medium and large businesses. Used to correlate and triage security events across the entire landscape, security teams are able to quickly respond to threats. Often times, information security departments are so inundated with raw data that things certainly get lost in the shuffle. With Qradar, all of this data is combined and processed allowing a fast view into the important things.

Pros

  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.

Cons

  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
  • Faster response times
  • Global scalability
  • High cost of implementation
With IBM supplying this solution, you're inherently getting the globally recognized IBM support environment as well. As an enterprise solution, Qradar is among stiff competition but the reliability and availability make it a cut above the rest. While I also recommend AlienVault for small-medium sized businesses, there aren't many others that afford the same experience and piece of mind.
Due to the strength, robustness, and cost of a solution like this, I believe it is best suited for large businesses and enterprises. While a medium sized business would find value for sure, this system is not for the faint of heart or pocketbook. Qradar is well suited for environments with a lot of incoming data where manual analysis might not be an option.

IBM Security QRadar SIEM Feature Ratings

Centralized event and log data collection
8
Correlation
9
Event and log normalization/management
9
Deployment flexibility
5
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Host and network-based intrusion detection
9

Comments

More Reviews of IBM Security QRadar SIEM