1. Home
  2. Security Information and Event Management (SIEM) Software
  3. IBM Security QRadar SIEM Reviews
  4. User Review of IBM Security QRadar SIEM
IBM Security QRadar SIEM for Cybersecurity
January 24, 2024

IBM Security QRadar SIEM for Cybersecurity

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

QRadar Advisor with Watson (legacy branding)

Modules Used

  • SIEM
  • SOAR

Overall Satisfaction with IBM Security QRadar SIEM

The main goal of IBM Security QRadar SIEM is cybersecurity. We provide perimeter monitoring and active defense by blocking "bad" IPs. We monitor unusual user activity, password compromises, etc. We monitor malware activity in our organization using different IOCs from threat intelligence services and feeds. QRadar SIEM provides log storage for a definite period of time.
  • We are monitoring connections from/to the TOR Nodes to detect hidden malware.
  • We are monitoring users' password compromises by typing their password in the login box. Also, we send users notifications to change their passwords immediately.
  • We are monitoring bad HTTP(S) queries to our www sites from external agents and we are blocking bad IP addresses on our perimeter IPS Devices in real-time.
  • Improve the assets management tab as it has poor functionality.
  • Add more options and tests for creating rules and building blocks.
  • Add more options in the rules response tab to use multiple scripts and alerts.
  • Increased time for detection and reaction to cyber threats
  • Ensured regulatory requirements for saving different system logs
  • Very expensive QRadar technical support
Very nice integration for custom log sources using Regex expressions. Very well-organized IBM Security QRadar SIEM API interface to use in other systems. Good capabilities for IBM Security QRadar SIEM scaling. However, there are some problems with working and normalizing large payload events, multiline, and JSON events. Not all Python versions and frameworks are allowed to be used in IBM Security QRadar SIEM.
IBM Support works very well on critical and high levels of cases - levels 1 or 2 but is not so good for minor cases with levels 4 or 3. It would be good to have a structured base of typical cases and how to fix them and access them.
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar SIEM has a very user-friendly interface.

Do you think IBM Security QRadar SIEM delivers good value for the price?

Not sure

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

Yes

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

Yes

All the Built-in Rules coming out of the box are not good. Need to write their own correlation rules for each organization using their specifics. IBM Security QRadar SIEM is good as a base of SOC.

IBM Security QRadar SIEM Feature Ratings

Security Information and Event Management (SIEM)
7.8
Correlation
9
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Rules-based and algorithmic detection thresholds
8
Reporting and compliance management
6