Overall Satisfaction with IBM Security QRadar SIEM
I use the IBM QRadar SIEM since 2014 and I have had a good experience since then. We have a large number of security assets and QRadar SIEM helps us collect and correlate alerts, events, flows and incidents from multiple vendors. I am part of a SOC team at a financial institution with more than 90k employees, thousands of security devices, thousands of endpoints and without the help of QRadar SIEM it would be impossible to analyze threats, attacks and exploitations.
- correlation events
- search events timing
- friendly managed rules
- capability integration vendors
- service support
- Improvement in the process of consuming virtual machine resources
- improvement in the process of analyzing errors and warnings generated by the system
- reduction in incident response time
- Visibility of normalized data, reducing manual work time for parsing
- Reduction in the security risk of the environment as a whole
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can use from the SIEM infrastructure. In Microsfot Sentinel, licensing is by type of log ingestion, making the event management process more complex for paying for the solution, in addition to making it more expensive and unpredictable.
Do you think IBM Security QRadar SIEM delivers good value for the price?
Not sure
Are you happy with IBM Security QRadar SIEM's feature set?
Yes
Did IBM Security QRadar SIEM live up to sales and marketing promises?
Yes
Did implementation of IBM Security QRadar SIEM go as expected?
Yes
Would you buy IBM Security QRadar SIEM again?
Yes