4 out of 5.0 (42 ratings)
38 Verified Reviews

Qradar SIEM

Easy to implement

It was smooth and seamless

Qradar SIEM, Other...

implemenation was good but we lacked the expertise to gain maximum value or operationalize

Tool worked as expected

Qradar SIEM

Easy Deployment, Good Value, Needs Focus on New Collectors.

QRadar scales very well, we went from collecting from primarily network devices Syslog, SDEE, and NetFlow) with their out of the box collectors, and then we began collecting the logs from our web gateway, domain controllers, and anti-malware system for a more wholistic view. Now, multiple new security products that we're implementing will be populating the system as part of a large CyberSecurity initiative. We face some challenges as some of the newer devices will require the development of a custom collector. More agility by the vendor in building out standard log collectors for enterprise level network security products (such as Cisco Web Services) would be appreciated. Overall, Security Event identification is pretty intuitive and easy for level 1 analysts to understand and follow up on. And overall, reporting seems to work well without leveraging an external reporting tool.

1

Qradar SIEM

Complex to set up and tune, but stable and functional.

QRadar works as advertised. It is a bit complex to set up and tune, but once it is fully operational, it is pretty rock solid.

Qradar SIEM

Comprehensive SIEM solution with a strong roadmap and innovation.

Overall it has been a very positive experience, they answered the RFI/RFP comprehensively and helped us with the Proof of Concept. They also help you in relation to architecting the solution but you need to be sure you are clear with the scope and you ask a lot of clarifying questions. Their implementation team (also known as the Labs team) is very strong and makes a difference on your implementation. They also have very good support and knowledge base. And they are always looking forward in relation to the industry and what's in the horizon including the cognitive area.

Qradar SIEM

Great product, find good partner to implement.

Working with the partner to implement the tool was great. The vendor knew the tool and was able to effectively implement for the organization.

Qradar SIEM

An effective SIEM tool.

Architecture and implementation were relatively straightforward. Designing and implementation specific SIEM use cases for at the infrastructure and application level was generally straight forward with a number of the parsers being out of the box. The challenge was having IBM work on unique use cases.

Qradar SIEM

Need training option for the actual query language that is used, otherwise, a great tool.

Client agent for windows logging is a little clunky. Need an automated push of the client and key.

Qradar SIEM

Complex and robust with full and growing feature-set, but not for the faint-of-heart.

Product is stable and performs well. Difficulties with integration partner and licensing/cost model complexity.

Qradar SIEM

Great solution but you definitely need in-house expertise to manage.

The implementation itself was relatively straightforward. The challenges with the product have been primarily isolated to filtering out the noise and getting the solution to provide the alerting and reporting that we need to determine what is actually happening in our environment.