Loading product reviews...
4.0 out of 5.0 (42 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on IBM but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Easy to implement

    Overall Comment

    It was smooth and seamless

    What one piece of advice would you give other prospective customers?

    We have to have managed services for this product. I love working with VirtualArmor and could not ask for a better managed Service Provider

    What one thing do you wish the vendor did differently?

    nothing

    If you could start over, what would your organization do differently?

    Be more internally prepared


  • 5 out of 5.0, Reviewed

    Product(s): Qradar SIEM, Other...

    implemenation was good but we lacked the expertise to gain maximum value or operationalize

    Overall Comment

    Tool worked as expected

    What one piece of advice would you give other prospective customers?

    Need internal staff and expertise

    What do you like most about the product or service?

    Good SIEM, standrad confi and reporting

    What do you dislike most about the product?

    n/a

    What one thing do you wish the vendor did differently?

    n/a

    If you could start over, what would your organization do differently?

    More of a Hybrid or Managed Service


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Easy Deployment, Good Value, Needs Focus on New Collectors.

    Overall Comment

    QRadar scales very well, we went from collecting from primarily network devices Syslog, SDEE, and NetFlow) with their out of the box collectors, and then we began collecting the logs from our web gateway, domain controllers, and anti-malware system for a more wholistic view. Now, multiple new security products that we're implementing will be populating the system as part of a large CyberSecurity initiative. We face some challenges as some of the newer devices will require the development of a custom collector. More agility by the vendor in building out standard log collectors for enterprise level network security products (such as Cisco Web Services) would be appreciated. Overall, Security Event identification is pretty intuitive and easy for level 1 analysts to understand and follow up on. And overall, reporting seems to work well without leveraging an external reporting tool.

    What do you like most about the product or service?

    The intuitive nature of their dashboard and creating queries is very helpful for my team.

    What do you dislike most about the product?

    I would like more agility in the event/log collector space.

    Product capabilities - overall comment

    Integration with legacy device log and event collection is fairly broad, but would like to see more R&D around newer technologies that we are leveraging. As example, QRadar has an out of the box collector for Websense logs, but now that we are moving to Cisco Web Services we will need to build a custom collector. Creating a custom collector will require additional training for our team, or we will have to spin up a project to pay IBM to develop the collector for us.

    Service & support - overall comment

    We have a very responsive support team that checks in on a regular basis. They recommend development partners to provide resolution for specific use cases, such as event ticketing.

    Integration & Deployment - Overall comment

    The system itself is very stable, product updates are easy to manage, and it integrates well into our existing infrastructure.

    1 of 1 peer(s) found this review helpful.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Complex to set up and tune, but stable and functional.

    Overall Comment

    QRadar works as advertised. It is a bit complex to set up and tune, but once it is fully operational, it is pretty rock solid.

    What one piece of advice would you give other prospective customers?

    Expect to spend a lot of time configuring and tuning any SIEM. QRadar is no exception.

    What do you like most about the product or service?

    It is stable and functional.

    What do you dislike most about the product?

    Complexity of set up and tuning.

    What one thing do you wish the vendor did differently?

    Common integrations should be automated more.

    If you could start over, what would your organization do differently?

    We could have done a better job with pre-planning and scenario analysis in advance of deployment.

    Service & support - overall comment

    It was relatively easy to get support for complex issues from second and third level technical support.

    Integration & Deployment - Overall comment

    Set up of QRadar was relatively complex, but that is to be expected in the SIEM space.


  • 5 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Comprehensive SIEM solution with a strong roadmap and innovation.

    Overall Comment

    Overall it has been a very positive experience, they answered the RFI/RFP comprehensively and helped us with the Proof of Concept. They also help you in relation to architecting the solution but you need to be sure you are clear with the scope and you ask a lot of clarifying questions. Their implementation team (also known as the Labs team) is very strong and makes a difference on your implementation. They also have very good support and knowledge base. And they are always looking forward in relation to the industry and what's in the horizon including the cognitive area.

    What one piece of advice would you give other prospective customers?

    If you decide to go through a SIEM acquisition, invest the resources (time and people) to fully realize the solution. You cannot just leave it alone after the initial implementation and expect it to work with no issues. Once you commit, it is for a long time. I often call this a forever project.

    What do you like most about the product or service?

    They have been constantly developing the solution addressing the customer needs.

    What do you dislike most about the product?

    Lack of a message bus to address the challenge of sending events to a single destination instead of the different event processors.

    What one thing do you wish the vendor did differently?

    Clarify the licensing better especially on how it relates to a per appliance basis.

    If you could start over, what would your organization do differently?

    We would be more selective in relation to the events and log sources as well as developing more relevant use cases instead of using the use cases out-of-the-box. Prioritizing against the critical assets earlier that has the ease of implementation would have allowed the quicker win.

    Product capabilities - overall comment

    The product has one of the strongest capabilities in relation to security monitoring ranging from a comprehensive number of log sources including network flows. They also have the ability to extend the capability through its APIs as well as support for custom event sources. Their search capability is very good and more than meets our requirements. Further enhancements to their platform including cognition and machine learning will make it a stronger product.

    Service & support - overall comment

    Assuming you have gotten the correct level of support, their support team is very knowledgeable to help address your issues. Generally, they have been timely in their response. But it is important that you know when to escalate as well.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Great product, find good partner to implement.

    Overall Comment

    Working with the partner to implement the tool was great. The vendor knew the tool and was able to effectively implement for the organization.


  • 3 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    An effective SIEM tool.

    Overall Comment

    Architecture and implementation were relatively straightforward. Designing and implementation specific SIEM use cases for at the infrastructure and application level was generally straight forward with a number of the parsers being out of the box. The challenge was having IBM work on unique use cases.

    What one piece of advice would you give other prospective customers?

    Understand your environment and log sources and what types of events (and volume) they generate.

    What do you like most about the product or service?

    Industry recognized and a number of out of box parsers.

    What do you dislike most about the product?

    costly.

    If you could start over, what would your organization do differently?

    Understand application and infrastructure use cases more and how parsers would need to be built out.

    Integration & Deployment - Overall comment

    Applications are a challenge to integrate, especially custom built ones.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Need training option for the actual query language that is used, otherwise, a great tool.

    Overall Comment

    Client agent for windows logging is a little clunky. Need an automated push of the client and key.

    What one piece of advice would you give other prospective customers?

    do score card for comparing different solutions. They vary a lot in capabilities and functionality.

    What do you like most about the product or service?

    solid performance for a wide variety of events.

    What do you dislike most about the product?

    full visibility requires several modules to be purchased.

    What one thing do you wish the vendor did differently?

    better pricing from IBM directly. IBMs quote was 3 times the 3rd party reseller.

    If you could start over, what would your organization do differently?

    more time in actual bake-off.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Complex and robust with full and growing feature-set, but not for the faint-of-heart.

    Overall Comment

    Product is stable and performs well. Difficulties with integration partner and licensing/cost model complexity.

    What one piece of advice would you give other prospective customers?

    Understand your volume (EPS/bandwidth) ahead of time or you will be nickeled-and-dimed on incremental costs.

    What do you like most about the product or service?

    Capabilities and roadmap for additional features/functionality.

    What do you dislike most about the product?

    Cost.

    If you could start over, what would your organization do differently?

    Go directly to IBM for the professional services, architecture and engineering assistance (not a 3rd party).


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Great solution but you definitely need in-house expertise to manage.

    Overall Comment

    The implementation itself was relatively straightforward. The challenges with the product have been primarily isolated to filtering out the noise and getting the solution to provide the alerting and reporting that we need to determine what is actually happening in our environment.

    What one piece of advice would you give other prospective customers?

    Make sure that you have dedicated appropriate resources to managing your SIEM environment. This is not a set it and forget it technology.


Show More Reviews

Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(34)
4.0

Ability to understand your organization's needs

(36)
4.0

Timely and complete response to product questions

(37)
4.3

Pricing and contract flexibility (pricing and terms)

(33)
3.6
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(41)
4.0

How long did your deployment take?

3 - 6 months (<6)

6 - 9 months (<9)

0 - 3 months (<3)

12 months or more

9 - 12 months (<12)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(26)
4.0

Ease of integration using standard APIs and tools

(36)
3.9

Quality and availability of end-user training

(35)
3.8

Ease of deployment

(39)
3.8
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(40)
4.0

Did you purchase a support package from the vendor?

Yes

No

I’m unsure


Timeliness of vendor's response

(38)
4.1

Quality of technical support

(37)
3.8

Quality of peer user community

(32)
3.9
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(42)
4.2

Real-Time Monitoring

(39)
4.5

Threat Intelligence

(37)
4.2

Behavior Profiling

(35)
3.7

Data and User Monitoring

(37)
3.9

Application Monitoring

(35)
3.9

Analytics

(39)
3.9

Log Management and Reporting

(39)
4.4

Deployment/Support Simplicity

(37)
4.2
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Executive Sponsor

Technical Assessment

Rollout and Install

Vendor/Product Selection

Functional Assessment

Vendor Management

Development/Integration

Maintenance and Support

Application Lead

User Training

Other...


Why did you purchase a Security Information Event Management solution?

Enable/improve security event alerting, investigation

Enable/improve log collection, reporting and retention capabilities

Meet regulatory or commercial compliance requirements

Enable/improve security incident workflow and reporting

Enable/improve security incident workflow and reporting

Enable/improve behavioral analysis of users and other entities

Enable/improve tracking access to and activities related to databases, applications

Reduce costs for threat management operations

Meet customer or business partner expectations about your security monitoring program

Reduce costs for meeting compliance mandates

Other...


What other vendors were considered?

Splunk

LogRhythm

Hewlett Packard Enterprise

Intel Security (McAfee)

RSA, The Security Division of EMC

SolarWinds

IBM

NetIQ

AlienVault

Trustwave

Cisco

CyberArk

Elasticsearch

EventTracker

Rapid7

SecureWorks

Security Onion

Trend Micro

Other...


What were the key factors that drove your decision for selecting the vendor?

Strong technical/product support

Product functionality and performance

Pre-existing relationships

Financial/organizational viability

Product roadmap and future vision

Overall cost

Availability of managed services

Strong consulting partnership

Strong customer focus

Strong user community

Other...


In which region(s) did your deployment take place? Multiple responses allowed.

North America

North Amerca

Asia/Pacific

Europe, Middle East and Africa

EMEA