Loading product reviews...
4.0 out of 5.0 (40 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on IBM but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Easy Deployment, Good Value, Needs Focus on New Collectors.

    Overall Comment

    QRadar scales very well, we went from collecting from primarily network devices Syslog, SDEE, and NetFlow) with their out of the box collectors, and then we began collecting the logs from our web gateway, domain controllers, and anti-malware system for a more wholistic view. Now, multiple new security products that we're implementing will be populating the system as part of a large CyberSecurity initiative. We face some challenges as some of the newer devices will require the development of a custom collector. More agility by the vendor in building out standard log collectors for enterprise level network security products (such as Cisco Web Services) would be appreciated. Overall, Security Event identification is pretty intuitive and easy for level 1 analysts to understand and follow up on. And overall, reporting seems to work well without leveraging an external reporting tool.

    What do you like most about the product or service?

    The intuitive nature of their dashboard and creating queries is very helpful for my team.

    What do you dislike most about the product?

    I would like more agility in the event/log collector space.

    Product capabilities - overall comment

    Integration with legacy device log and event collection is fairly broad, but would like to see more R&D around newer technologies that we are leveraging. As example, QRadar has an out of the box collector for Websense logs, but now that we are moving to Cisco Web Services we will need to build a custom collector. Creating a custom collector will require additional training for our team, or we will have to spin up a project to pay IBM to develop the collector for us.

    Service & support - overall comment

    We have a very responsive support team that checks in on a regular basis. They recommend development partners to provide resolution for specific use cases, such as event ticketing.

    Integration & Deployment - Overall comment

    The system itself is very stable, product updates are easy to manage, and it integrates well into our existing infrastructure.

    1 of 1 peer(s) found this review helpful.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Complex to set up and tune, but stable and functional.

    Overall Comment

    QRadar works as advertised. It is a bit complex to set up and tune, but once it is fully operational, it is pretty rock solid.

    What one piece of advice would you give other prospective customers?

    Expect to spend a lot of time configuring and tuning any SIEM. QRadar is no exception.

    What do you like most about the product or service?

    It is stable and functional.

    What do you dislike most about the product?

    Complexity of set up and tuning.

    What one thing do you wish the vendor did differently?

    Common integrations should be automated more.

    If you could start over, what would your organization do differently?

    We could have done a better job with pre-planning and scenario analysis in advance of deployment.

    Service & support - overall comment

    It was relatively easy to get support for complex issues from second and third level technical support.

    Integration & Deployment - Overall comment

    Set up of QRadar was relatively complex, but that is to be expected in the SIEM space.


  • 5 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Comprehensive SIEM solution with a strong roadmap and innovation.

    Overall Comment

    Overall it has been a very positive experience, they answered the RFI/RFP comprehensively and helped us with the Proof of Concept. They also help you in relation to architecting the solution but you need to be sure you are clear with the scope and you ask a lot of clarifying questions. Their implementation team (also known as the Labs team) is very strong and makes a difference on your implementation. They also have very good support and knowledge base. And they are always looking forward in relation to the industry and what's in the horizon including the cognitive area.

    What one piece of advice would you give other prospective customers?

    If you decide to go through a SIEM acquisition, invest the resources (time and people) to fully realize the solution. You cannot just leave it alone after the initial implementation and expect it to work with no issues. Once you commit, it is for a long time. I often call this a forever project.

    What do you like most about the product or service?

    They have been constantly developing the solution addressing the customer needs.

    What do you dislike most about the product?

    Lack of a message bus to address the challenge of sending events to a single destination instead of the different event processors.

    What one thing do you wish the vendor did differently?

    Clarify the licensing better especially on how it relates to a per appliance basis.

    If you could start over, what would your organization do differently?

    We would be more selective in relation to the events and log sources as well as developing more relevant use cases instead of using the use cases out-of-the-box. Prioritizing against the critical assets earlier that has the ease of implementation would have allowed the quicker win.

    Product capabilities - overall comment

    The product has one of the strongest capabilities in relation to security monitoring ranging from a comprehensive number of log sources including network flows. They also have the ability to extend the capability through its APIs as well as support for custom event sources. Their search capability is very good and more than meets our requirements. Further enhancements to their platform including cognition and machine learning will make it a stronger product.

    Service & support - overall comment

    Assuming you have gotten the correct level of support, their support team is very knowledgeable to help address your issues. Generally, they have been timely in their response. But it is important that you know when to escalate as well.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Great product, find good partner to implement.

    Overall Comment

    Working with the partner to implement the tool was great. The vendor knew the tool and was able to effectively implement for the organization.


  • 3 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    An effective SIEM tool.

    Overall Comment

    Architecture and implementation were relatively straightforward. Designing and implementation specific SIEM use cases for at the infrastructure and application level was generally straight forward with a number of the parsers being out of the box. The challenge was having IBM work on unique use cases.

    What one piece of advice would you give other prospective customers?

    Understand your environment and log sources and what types of events (and volume) they generate.

    What do you like most about the product or service?

    Industry recognized and a number of out of box parsers.

    What do you dislike most about the product?

    costly.

    If you could start over, what would your organization do differently?

    Understand application and infrastructure use cases more and how parsers would need to be built out.

    Integration & Deployment - Overall comment

    Applications are a challenge to integrate, especially custom built ones.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Need training option for the actual query language that is used, otherwise, a great tool.

    Overall Comment

    Client agent for windows logging is a little clunky. Need an automated push of the client and key.

    What one piece of advice would you give other prospective customers?

    do score card for comparing different solutions. They vary a lot in capabilities and functionality.

    What do you like most about the product or service?

    solid performance for a wide variety of events.

    What do you dislike most about the product?

    full visibility requires several modules to be purchased.

    What one thing do you wish the vendor did differently?

    better pricing from IBM directly. IBMs quote was 3 times the 3rd party reseller.

    If you could start over, what would your organization do differently?

    more time in actual bake-off.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Complex and robust with full and growing feature-set, but not for the faint-of-heart.

    Overall Comment

    Product is stable and performs well. Difficulties with integration partner and licensing/cost model complexity.

    What one piece of advice would you give other prospective customers?

    Understand your volume (EPS/bandwidth) ahead of time or you will be nickeled-and-dimed on incremental costs.

    What do you like most about the product or service?

    Capabilities and roadmap for additional features/functionality.

    What do you dislike most about the product?

    Cost.

    If you could start over, what would your organization do differently?

    Go directly to IBM for the professional services, architecture and engineering assistance (not a 3rd party).


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    Great solution but you definitely need in-house expertise to manage.

    Overall Comment

    The implementation itself was relatively straightforward. The challenges with the product have been primarily isolated to filtering out the noise and getting the solution to provide the alerting and reporting that we need to determine what is actually happening in our environment.

    What one piece of advice would you give other prospective customers?

    Make sure that you have dedicated appropriate resources to managing your SIEM environment. This is not a set it and forget it technology.


  • 5 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    If it can handle a university, it can handle any environment

    Overall Comment

    QRadar is an immensely powerful platform - it allows us to easily customize rules, offenses, reports to match our environment and our maturity.

    What one piece of advice would you give other prospective customers?

    Architecture and planning are key for deployment success. Careful consideration of people and processes vital for tuning QRadar's massive building block, rules and offenses to match your organization's security strategy and incident response plans.

    What do you like most about the product or service?

    Makes it easier and faster to dive into complex trends and issues to find real incidents that require attention.

    What do you dislike most about the product?

    Long learning curve and some offence and rule explanations don't provide enough useful insight.

    What one thing do you wish the vendor did differently?

    As with any complex product, more documentation, particularly in the form of how-to and explanatory videos around tuning, would be much appreciated.

    If you could start over, what would your organization do differently?

    Set up a dedicated event processor just for the Firewall logs from the get-go.


  • 4 out of 5.0, Reviewed

    Product(s): Qradar SIEM

    We were using the value of the product in very short period of time

    Overall Comment

    Great product and excellent value.


Show More Reviews

Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(32)
3.9

Ability to understand your organization's needs

(34)
4.0

Timely and complete response to product questions

(35)
4.2

Pricing and contract flexibility (pricing and terms)

(31)
3.5
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(39)
4.0

How long did your deployment take?

3 - 6 months (<6)

6 - 9 months (<9)

0 - 3 months (<3)

12 months or more

9 - 12 months (<12)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(25)
3.9

Ease of integration using standard APIs and tools

(34)
3.9

Quality and availability of end-user training

(33)
3.7

Ease of deployment

(37)
3.8
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(38)
3.9

Did you purchase a support package from vendor?

Yes

No


Timeliness of vendor's response

(36)
4.0

Quality of technical support

(36)
3.8

Quality of peer user community

(30)
3.9
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(40)
4.2

Real-Time Monitoring

(37)
4.5

Threat Intelligence

(35)
4.1

Behavior Profiling

(33)
3.7

Data and User Monitoring

(35)
3.9

Application Monitoring

(33)
3.9

Analytics

(37)
3.8

Log Management and Reporting

(37)
4.4

Deployment/Support Simplicity

(35)
4.1
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Technical Assessment

Executive Sponsor

Rollout and Install

Functional Assessment

Vendor/Product Selection

Development/Integration

Vendor Management

Maintenance and Support

Application Lead

User Training

Other...


Why did you purchase a Security Information Event Management solution?

Enable/improve security event alerting, investigation

Enable/improve log collection, reporting and retention capabilities

Meet regulatory or commercial compliance requirements

Enable/improve security incident workflow and reporting

Enable/improve security incident workflow and reporting

Reduce costs for threat management operations

Enable/improve behavioral analysis of users and other entities

Enable/improve tracking access to and activities related to databases, applications

Meet customer or business partner expectations about your security monitoring program

Reduce costs for meeting compliance mandates

Other...


What other vendors were considered? Multiple responses allowed.

Splunk

LogRhythm

Hewlett Packard Enterprise

Intel Security (McAfee)

RSA, The Security Division of EMC

SolarWinds

IBM

NetIQ

AlienVault

Trustwave

Elasticsearch

EventTracker

Security Onion

Other...


What were the key factors that drove your decision for selecting the vendor?

Strong technical/product support

Product functionality and performance

Pre-existing relationships

Financial/organizational viability

Overall cost

Product roadmap and future vision

Availability of managed services

Strong consulting partnership

Strong customer focus

Strong user community

Other...


In which region(s) did your deployment take place? Multiple responses allowed.

North America

North Amerca

Asia/Pacific

Europe, Middle East and Africa

EMEA