Item: IBM Security QRadar SIEM
Rating: 8
Author: Rahul Deshmukh

Use Cases and Deployment Scope

I used IBM Security QRadar SIEM when it was integrated with IBM Watson. We had issues with the analytics of IoC and it was extremely difficult to identify attacks in our customer network. The challenge was to identify the threat actor and the actions they performed to attack our customers' data. Having evaluated IBM Security QRadar SIEM, we found it suitable for our customer environment and expectations.

Pros and Cons

Threat management
Dashboards
Reports are detailed

Mapping of compliance deviation can improve
Performance can be improved
UEBA can be more specific in anomaly detection

Return on Investment

Helped reducing effort
Increase in ROI by 20%
Improved threat visibility

Ease of Integration

I found many APIs and multiple log sources can be integrated. Leveraging the integration of the email servers, identification of malicious emails and their attachments, and which user downloaded the attachment becomes very easy and helpful in reducing MTTD and improving MTTR. Thus, we could give an in-depth defense security solution to our customers.

Support Rating

I found that skilled resources needed to be deployed in case management. Often, it was seen that simple cases were escalated from L1 to L2 and customers had faced delayed closures. When I analyzed the root cause, I was surprised to see the delay in addressing minor issues. Often, I found resources were eager to close cases to meet their internal SLAs.

Alternatives Considered

Microsoft Sentinel, DNIF HyperScale SIEM and Securonix Next-Generation SIEM

I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better than others. Dashboards are also easily customizable giving view to users as per role-based access.

Key Insights

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

Did implementation of IBM Security QRadar SIEM go as expected?

Would you buy IBM Security QRadar SIEM again?

Yes

Other Software Used

Securonix Next-Generation SIEM, DNIF HyperScale SIEM, Microsoft Sentinel

Likelihood to Recommend

If you are looking for end-to-end visibility of what actions the threat actor performed, which vulnerability he used, or phishing he triggered, you will get to know and be able to plug the loopholes. If you want quick analysis and need results within 1 or 2 minutes then IBM Security QRadar SIEM is not for you.

Good SIEM to Reduce Your MTTD

Software Version

Modules Used

Overall Satisfaction with IBM Security QRadar SIEM