IBM Security QRadar SOAR Review
Updated October 29, 2024

IBM Security QRadar SOAR Review

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with IBM Security QRadar SOAR

We use IBM Security QRadar SOAR to automate our process the incident response, so when the incident is generated on our SIEM IBM QRADAR, the SOAR collect the informations from offense and populate in an incident case, allow us to attach many artifacts to enrich our investigations and provide better visibility.

Pros

  • enrich events
  • triage incidents
  • many ways to automations

Cons

  • Improving support to shell script
  • Improving stability
  • Improving support a Trend Micro XDR to contain threats
  • Needs a developer team to automations
  • Cause downtime for some bugs
  • Is difficult to troubleshooting without IBM support team
I would rate IBM Security QRadar SOAR's overall usability a 7 out of 10. The interface is quite functional and offers a wide range of features, but it can be somewhat complex and intimidating for beginners. Additionally, the configuration and customization can require a significant learning curve, especially for those without prior experience with security orchestration and automation platforms.
IBM QRadar SOAR integrates seamlessly with IBM’s QRadar SIEM, making it an excellent choice for organizations that already use IBM's security solutions. This tight integration offers an end-to-end experience in threat detection and response.

Cortex XSOAR integrates well with a broader range of third-party tools and is more vendor-agnostic, which makes it flexible for organizations with a more diverse set of security tools.Why QRadar SOAR Wins: If your organization uses IBM products, QRadar SOAR's native integration provides a more cohesive experience.

Do you think IBM Security QRadar SOAR delivers good value for the price?

No

Are you happy with IBM Security QRadar SOAR's feature set?

No

Did IBM Security QRadar SOAR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security QRadar SOAR go as expected?

I wasn't involved with the implementation phase

Would you buy IBM Security QRadar SOAR again?

No

I'd rate IBM Security QRadar SOAR around 8 out of 10. It offers robust automation capabilities, comprehensive case management, and easy integration with other security tools, which makes it a solid choice for streamlining incident response workflows. However, the platform can have a steep learning curve for beginners, and some advanced configurations might require more effort, which prevents it from reaching a perfect score.

Using IBM Security QRadar SOAR

60 - At the moment, I'm the primary user of IBM Security QRadar SOAR, utilizing it individually for research, testing, and incident response tasks. As I’m not part of a larger team or organization using this specific tool regularly, there aren't other users actively engaging with IBM Security QRadar SOAR alongside me.
10 - Currently, there is no in-house team dedicated to providing ongoing support for IBM Security QRadar SOAR, as I am the sole user who utilizes it regularly. Maintenance and management are handled by me alone, without the involvement of others, as the use is focused on individual research and testing purposes.
  • Incident Response Automation: Streamlining the detection, investigation, and response to security incidents.
  • Threat Hunting: Identifying potential threats and vulnerabilities proactively.
  • Case Management: Organizing and tracking incidents for efficient resolution.
  • Playbook Customization: Creating tailored workflows for different security scenarios.
  • Integration Testing: Evaluating integration with other security tools and platforms for a cohesive defense strategy.
  • Digital Forensics: Utilizing the platform for gathering and analyzing forensic evidence during research projects, enhancing the investigation process.
  • Custom Automation Scripts: Developing unique scripts to automate repetitive tasks beyond typical incident response, saving time in various cybersecurity operations.
  • Threat Intelligence Enrichment: Integrating open-source intelligence feeds for enriched context, enabling deeper analysis and threat identification in my testing scenarios.
  • Advanced Threat Intelligence Sharing: Integrating with more external threat intelligence platforms to improve proactive threat detection.
  • Automated Compliance Reporting: Streamlining compliance audits by automating data collection and reporting for regulatory requirements.
  • Enhanced Incident Collaboration: Using it as a central hub to collaborate with external partners or clients on incident response efforts.
  • Machine Learning Integration: Incorporating machine learning models to enhance threat detection and response recommendations.
I'd rate my likelihood of renewing the use of IBM Security QRadar SOAR as an 8 out of 10. Its strong automation, customization, and integration capabilities make it highly valuable for incident response and cybersecurity research. However, occasional complexity and the need for more streamlined usability prevent it from being a perfect score.

Evaluating IBM Security QRadar SOAR and Competitors

  • Scalability
  • Integration with Other Systems
The single most important factor in my decision was the seamless integration with IBM QRadar SIEM. This integration creates a unified platform for threat detection and response, significantly enhancing efficiency by allowing incidents to be identified, analyzed, and addressed in a cohesive environment. It reduced the need to switch between multiple tools, streamlining the entire security workflow.
If I had to do it again, I would:

Conduct More Hands-on Testing: Spend more time with trial versions of multiple SOAR platforms to better understand their capabilities in real-world scenarios.

Engage Stakeholders Early: Involve potential collaborators or end-users earlier to gather diverse feedback on usability and requirements.

Evaluate Integration Depth: Test integrations with existing tools more thoroughly to ensure seamless compatibility.

Consider Long-Term Costs: Assess not just initial costs but long-term expenses, including licensing, training, and maintenance.

IBM Security QRadar SOAR Implementation

I would rate my satisfaction with the implementation of IBM Security QRadar SOAR as 7 out of 10. The process was generally straightforward, supported by helpful documentation and responsive support. However, certain advanced configurations proved more challenging and required more technical effort than anticipated, making the overall experience less seamless.
  • Third-party professional services
I used third-party professional services to implement IBM Security QRadar SOAR. They assisted with the initial setup, integration with existing security tools, and customization of automation playbooks. Their expertise streamlined the process, ensuring that the platform was configured correctly and efficiently, which saved time and ensured optimal functionality from the start.
Yes - Yes, the implementation was broken up into phases. It began with the planning and design phase to identify requirements and integration points. Next was the initial setup of the platform, followed by the integration with existing security tools. Then came playbook customization, and finally, the training and testing phase before full deployment.
Not sure - No, organizational change management wasn't a big part of the implementation. Since the use of IBM Security QRadar SOAR was primarily for individual research and testing purposes, there was no need for extensive change management processes, training, or restructuring. The focus remained on technical configuration and integration rather than organizational adjustments.
  • Complex Integration Setup
  • Advanced Playbook Customization
  • Limited Documentation

IBM Security QRadar SOAR Training

  • No Training
The product wasn't entirely easy to learn without training, especially for advanced features and customizations. While basic functions are relatively intuitive, understanding complex automation workflows and integrations requires guidance. I wouldn't recommend skipping training; engaging in formal training or tutorials ensures a smoother learning curve and better utilization of IBM Security QRadar SOAR's capabilities.

Configuring IBM Security QRadar SOAR

I would rate IBM Security QRadar SOAR as a 9 out of 10 for configurability. It offers extensive customization options for playbooks, workflows, integrations, and case management. While highly flexible, achieving advanced configurations can be complex and may require technical expertise, which is why it doesn’t get a perfect score.
Best practices for configuring IBM Security QRadar SOAR include starting with simple playbooks to gradually learn the system, using pre-built integrations to streamline setup, and customizing case management fields for relevance. Consistently test playbooks in a controlled environment, and maintain thorough documentation of configurations to simplify troubleshooting and future modifications.
Additional customizations for IBM Security QRadar SOAR included creating custom dashboards to enhance visibility into incident metrics, integrating external threat intelligence feeds to enrich incident data, and configuring detailed role-based access controls to ensure secure, appropriate access. These adjustments improved efficiency, data enrichment, and security in incident response workflows. tks

IBM Security QRadar SOAR Support

I would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.
ProsCons
Quick Resolution
Knowledgeable team
Problems get solved
Kept well informed
Immediate help available
Support understands my problem
Support cares about my success
None
I did not opt for premium support for IBM Security QRadar SOAR because the standard support has been adequate for my individual needs, providing timely and knowledgeable assistance. Given that my usage doesn’t require urgent or highly specialized support, the additional cost of premium support wasn’t justified or necessary at this stage.
IBM provided exceptional support when I faced a complex integration issue with IBM Security QRadar SOAR. The support team promptly assigned an experienced specialist who guided me step-by-step, staying engaged until the problem was fully resolved. Their patience, expertise, and clear communication made the process smooth, showcasing excellent customer service.

Using IBM Security QRadar SOAR

ProsCons
Like to use
Relatively simple
Easy to use
Well integrated
Consistent
Convenient
Feel confident using
Lots to learn
  • Playbook Automation
  • Case Management
  • Integration with Other Tools
  • Advanced Playbook Customization
  • Initial Integration Setup
  • User Role Management
Yes, but I don't use it

IBM Security QRadar SOAR Reliability

I would rate IBM Security QRadar SOAR's overall scalability as 9 out of 10. It effectively scales to handle large volumes of incidents and can be deployed across multiple departments or sites. Its architecture supports growing data and integration needs, but advanced configuration for larger deployments may require more effort, preventing a perfect score.
I would rate IBM Security QRadar SOAR's availability as 9 out of 10. The platform is highly reliable, with minimal unplanned outages or application errors, ensuring it’s available when needed. However, occasional minor maintenance periods or rare connectivity issues prevent it from achieving a perfect score in terms of availability.
I would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.

Integrating IBM Security QRadar SOAR

I would rate IBM Security QRadar SOAR's ease of integration as 8 out of 10. The platform offers numerous built-in integrations and provides flexibility for connecting with third-party tools. However, some advanced integrations can be complex and may require additional technical expertise, which slightly reduces the ease of the overall integration process.
  • IBM QRadar SIEM
  • Threat Intelligence Feeds
IBM QRadar SIEM: The integration was deep and seamless, providing real-time threat detection and response, and was relatively easy to achieve due to native compatibility.

Threat Intelligence Feeds: Provided enriched data but required custom scripts, making it more challenging.
  • Slack
  • Google Meeting
Google/Slack: For real-time incident notifications and improved team collaboration during response activities.
  • API (e.g. SOAP or REST)
  • AppExchange or similar marketplace
For integrating with IBM Security QRadar SOAR, start with native connectors to simplify the process. Thoroughly plan and document your integration requirements. Test each step to catch issues early. Use APIs and custom scripts for advanced or unsupported integrations. Engage IBM’s support and community forums for guidance on complex integration challenges.

Relationship with IBM

I would rate the vendor's ease of working with during the sales process as 9 out of 10. They were responsive, knowledgeable, and provided clear information about IBM Security QRadar SOAR. However, occasional delays in providing detailed technical insights prevented a perfect score, but overall, the experience was highly positive.
I would rate the vendor's ease of working with after the sale as 8 out of 10. They remained responsive and provided helpful support, but occasionally, resolving more complex technical issues took longer than expected. Despite this, their overall assistance was effective and professional, making the post-sale experience largely positive.
No sure
Not sure
Not sure
Not sure

Upgrading IBM Security QRadar SOAR

  • Enhanced Automation Capabilities
  • Better Integration
  • Improved User Interface
  • Enhanced Threat Intelligence
  • Expanded Integration Capabilities
  • User Interface Improvements

Comments

More Reviews of IBM Security QRadar SOAR

  1. Home
  2. Security Orchestration, Automation and Response (SOAR) Tools
  3. IBM Security QRadar SOAR Reviews
  4. User Review of IBM Security QRadar SOAR