TrustRadius Insights for IBM Security QRadar SIEM are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Efficient Integration with Technologies: Users have consistently praised the tool for its seamless integration with various technologies, allowing for the efficient monitoring of attack patterns and correlation of events. Reviewers indicate that this capability provides a comprehensive view across different systems.
User-Friendly Interface: Many reviewers have highlighted the clean, complete, and user-friendly interface that facilitates easy management and contributes to reducing downtime during outages. The intuitive design has been commended for enhancing the overall user experience.
Customizability and Flexibility: Users highly value the tool's ability to create custom dashboards. Reviewers also like the customization options for rules, reports, parsed fields, and DSM settings. This flexibility empowers users to tailor the tool according to their specific needs.
We use IBM Security QRadar SIEM as a SIEM in a few of our internal customer environments. This helps us provide security monitoring to those environments once we onboard the relevant logs. In each environment we onboard 20+ different hosts and log types and write detections for threat cases that we've identified.
Pros
Easy to onboard generic sources
Easy to normalize generic sources
Easy to write basic detections
Maintenance and updates are user friendly
Cons
The UI is not pleasant to look at and can be a pain to navigate
It's hard to write DSM's for custom log sources
Complicated detections (RBA alerting and chaining detections together)
Likelihood to Recommend
I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.
VU
Verified User
Engineer in Engineering (Defense & Space company, 5001-10,000 employees)
The business needed an all in one solution which can collect logs from all the devices across the organization as well as it should be user friendly enough for analysts to use (considering finding resources). IBM Security QRadar SIEM fits in the sweet spot to get both resolved. The all in one deployment to distributed, both were good according to the regions we deployed it onto.
Pros
User Behaviour Analytics
Easy log source onboarding
Easy reference set management for IOCs
Cons
Aerial searches are a little complicated
The UI for the event analysis looks a little dated
Widgets on the dashboard can be more automated
Likelihood to Recommend
IBM Secuirty QRadar SIEM has proven to be an industry leader time and again for multiple years. It’s user friendly historical searches, reference set management and other key features makes it easy for new SOC analysts .Its well suited for medium to large size organizations. However, it’s not an ideal solution for smaller organizations as the solution incurs a decent license cost. Small organization can manage at free SIEM solutions.
VU
Verified User
Analyst in Engineering (Telecommunications company, 5001-10,000 employees)
At ADV-IC we provide cybersecurity services to multiple clients, QRadar SIEM is one of the tools that stands out the most for its practicality, which is why I interact a lot with it
Pros
Use Cases
Integrations
Dashboard
Cons
datagateway deployment
more functionality to the aql language
opportunity area for integration with cloud-to-cloud platforms
Likelihood to Recommend
It is very easy to search for incidents and follow them up since it has very simple filters to make queries.
VU
Verified User
Engineer in Engineering (Computer & Network Security company, 51-200 employees)
It is used to monitor all the organization's security tools and infrastructure centrally and in this way detect incidents quickly, it also helps us comply with regulations.
Pros
Group the different events that generated it in the name of the offense
Receive email alerts
Always report errors on the main page
Have an easy to understand interface for creating rules
Cons
Have the parsing of all sources
Frequent updating of log source parsing
Better breadth in the editing of reports
Likelihood to Recommend
Appropriate for well-known log sources, but inappropriate for obscure log sources or applications.
Our company are MSSP service provider, and most of our customers are integrated with our XDR ( SEIM & SOAR ) IBM Security QRadar SIEM resolved many issues with our customers, plus IBM Security QRadar SIEM has many add-ons and DSM for most endpoint and security controllers, and it's easy also to integrate it with threat intelligent platformswe have more than 300 Usecase for cloud .endpoind and firewalls
Pros
parsing
event correlation
Ease of searching and viewing payload and events
Cons
eps sizing
auto refresh on offenses page
develop use case manager add-one
Likelihood to Recommend
IBM Security QRadar SIEM is commonly used in Security Operations Centers to provide security analysts with a centralized console for monitoring, investigating, and responding to security events, For organizations with relatively small and straightforward IT infrastructures, the deployment and maintenance of IBM Security QRadar SIEM might be overly complex and costly compared to simpler SIEM solutions
Qradar helps me and our clients get reliable and well-performing SIEM functionalities. We have created a broad spectrum of use-cases to cover the detection of various security threats with ease. The support team was always helpful if we had questions about the product and we could resolve all issues that came up so far really fast.
Pros
SIEM functionalities.
Offense rule creation.
Log searching.
Cons
Possibility to edit multiple rules at once is missing.
There should be more build-in notifications options than just E-Mail and local notifications.
Likelihood to Recommend
IBM Qradar is best suited for medium to large businesses that want to have a singular platform to gain insight into what all of their hosts and servers are doing exactly at the moment. They can also create complex rules to get alerts („offenses“) based on various log parameters for security or observability use cases.
VU
Verified User
Engineer in Engineering (Security & Investigations company, 1-10 employees)
QRadar is primarily being used by companies to increase the visibility of their operational environment. It is used as the central correlation engine for relevant event sources. It is almost always the central piece of their SOC, assisting the analysts in quickly determining risks to the organization. The deployment footprint varies from client to client driven by required coverage area and cost.
Pros
It is easier to deploy than most SIEM's.
Its correlation engine in my opinion is the best of any SIEM.
The GUI when compared to most other SIEM's is easier to work with.
It is a mature SIEM with a better than average level of support.
Cons
As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
The ability to customize the GUI and reporting per user needs some improvement.
Likelihood to Recommend
QRadar is well suited for any SOC and it would always be my first recommendation for this kind of deployment. The biggest issue it has is cost, for small to midsize companies looking to deploy it. It very quickly becomes cost-prohibitive. Another issue it and every SIEM that I'm aware of needs to address is east to west traffic visibility. Flows by default only give you at most sixty data points, which is not enough in today's world.
Our company provides a QRadar plugin that generates NetFlow data for the QRadar net flow dashboard from packet data to enhance network security, management, and analytics
Pros
Net flow dashboard provides clear and concise display of net flow data
QRadar makes sure that the most important events are highlighted
Cons
Better working with technology partners for QRadar plugins
Help promoter plugins to QRadar installed base
Likelihood to Recommend
Where concise clear display of events and net flow is required