Item: IBM Security QRadar SIEM
Rating: 9
Author: Serkan Merd

Use Cases and Deployment Scope

We are a consulting company and support locally to other companies. Most of the criticits are about offense management, uncertain notifications. For instance, CPU High Utilization offense is generated but the root cause of that situation is uncertain. Which process or extension result in this alert we don't know. there are same issues for notifications. Another point is old fashioned dashboard.

Pros and Cons

Correlation rule capabilities
Search capabilities
UBA

Offenses page is sometimes incomprehensible. Offense timeline is unclear for some of rules. Graphical explanation will be better
Old-fashined web UI
Manual parser is not very hard but it needs be made automatic

Return on Investment

All in one is supporting 30K EPS
Different integrations are covering like WEF, agent, agentless configurations
Correlation capabilities
Parser is a negative side. It needs a bit manuel operation
Old-fashioned designed but it is improving SLOWLY

Ease of Integration

First installation is a bit long but it is very easy. You need to mount ISO, wait for 2 hours(just network settings are manuel) and QRadar is installed. Integrations are easy, many fields are pre defined. Log source management is very easy and enjoyable to work. Syslog devices are generally automatically added as a new log source. If you prepare pre-requisites, QRadar can be prepared in 1 day.

Support Rating

IBM is generally good at response time. However, some of the analysts write a response just to respond. I see some analysts not reading the case, not investigating the uploaded logs, and wanting the case status to remain IBM pending. Fortunately, this kind of analysts are only less than 1%

Alternatives Considered

Arcsight Enterprise Security Manager

Correlation competency are very high. Log seach capabilities are very high. Support is better than many other solutions. Local support is widely. Enterprise solution and leader at Gartner and Forrester

Key Insights

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

Did IBM Security QRadar SIEM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

Yes

Other Software Used

Cybereason Defense Platform, Vectra Threat Detection & Response Platform, SentinelOne Singularity, Proofpoint Email Protection

Likelihood to Recommend

QRadar is a security tool and despite its old-fashioned design it is one of the most successful SIEM tool. The focus must be on correlation side and QRadar is very good at this point and ROI. Searching capabilities are very high level and it is improving on new UI. Also, IBM doesn't say we are one of the leader we don't do any improvement. They are trying to improve many negative sides of the solution like new UI components like Log Source Management, New Offense page, Use case manager... QRadar is good at price-performance.

Good correlation and slow improvements

Software Version

Modules Used

Overall Satisfaction with IBM Security QRadar SIEM