Item: IBM Security QRadar SIEM
Rating: 8
Author: Mohit Bhateja

Use Cases and Deployment Scope

We are using Qradar as a soc service as Managed service partner managing soc with 500 eps even count, Major problem with the system is disconnection of device from Qradar console with having network issues as switch usually generating few logs and in the interval of 7-8 days, some of the devices removed automatically from the console and no alert triggered in this case. We have manually re-configure the Syslog configuration to map this device. Integration with DLP is quite difficult and does fine any significant impact for integration with DLP. Overall product is good for medium enterprise organizations as firewall level Threats & fast positive alert detection rates ate very high in terms of another tool. Scope: Real-time monitoring 24*7 related to network threat protection, any kind of unauthorized access, abnormal behavior detection, etc…

Pros and Cons

Automative of Threat protection
advanced search queries are easy to understand. This allows you to perform specific searches that really speed up the investigation process.

Device must be connected once configuration completed to integrate with console,
Licensing model: the EPS (events per second) cap limits the number of logs that can be ingested in Qradar Can produce a lot of false positives
Pricing structure should be cheeper and enhancement could be faster