IBM Security QRadar

Security at it's peak

Avantages :

Security Innovation event management system is excellent as it has endless layers of security for a company's firewall

Inconvénients :

To be sincere, the only way this system can be flawed is when pass codes are compromised within

IBM QRadar SIEM

Commentaires : Collect in secure mode all critical events from our critical resources. Identify and analysis incidents and attacks.

Avantages :

The IBM QRadar SIEM is a powerful tool. A mature solution to collect event and investigate incidents and attacks. The tool store in secure mode all events. The tool is easy to use. Easy to add log sources and analysis offenses.

Inconvénients :

The documentation of the tool can be more detailed.

A Good SIEM for a SOC

Commentaires : QRadar has been acting as the go to SIEM tool in many SOC deployments due to its ease of deployment and the straightforward integrations being available out of the box. Threat and incident prioritisation allows the effective response to possible attacks compared to other SIEM platforms with ease of hunting for dormant and persistent threats.

Avantages :

The ease of deployment in the all-in-one VM appliance coupled with the simple log integrations are really helpful in the deployment of the platform, onboarding of log sources and to perform troubleshooting and development of custom parsers. Further, intuitive dashboards makes the administration and analysis more easier compared to other SIEM platforms.

Inconvénients :

Compared to other SIEM solutions, QRadar would require the integration with a separate solution to achieve the FIM capabilities. Similar to above, getting logs from windows servers can be of a bit tricky. The solution has a number of features and capabilities and deployments in distributed architecture could be troublesome if the team is either new to product or have not got a comprehensive idea about the architecture and features.

QRadar Gets It Mostly Done At A Cost

Commentaires : I used QRadar for over 10 years, and have found great success in using it in a reactive sense when other staff bring up security or connectivity issues; the ability to quickly show normalized logs -- along with the raw log output for the skeptical staff out there -- is a real boon to quickly finding the root cause of an issue and moving on. The pricing and licensing schemes of the product have gotten more cumbersome since the purchase of the product by IBM, and their support channels exhibit the kind of mind-numbing bureaucracy you can expect out of such a large organization.

Avantages :

When aggregating log information, the ability to quickly click and pivot around between data sources and filter results on-the-fly worked very well for any reactive kind of events. The software also did a relatively decent job on identifying data and log sources and classifying them correctly.

Inconvénients :

The software can be very involved and cumbersome; expect to dedicate significant staff time towards it in order to keep it operational and to continually tune the software for false positives. For example, at an organization with over 2,000 employees I had to dedicate almost a single employee to perform tasks within QRadar, and nothing else. Along with that, in order to be successful your support staff must be extremely familiar with networking and understanding the reasons why devices send the logs that they do. This is not the case where you can point-and-click a few things and have a system that alerts you properly when attacks are taking place.

A feasible solution for the detection of incidents, all our information is safe.

Commentaires : With IBM Security QRadar we reduce the risk of being vulnerable to a cyber attack, since the protection of this software is intuitive and prioritizes threats to be more effective in the security of our IT environment. It is a truly automatic process that guarantees the total protection of our data, has detailed reports and a very powerful response to cyber attacks.

Avantages :

It is a necessary software for all our business environment, since it guarantees that our information is safe, the dashboard is intuitive and understandable, the analyzes are effective so that threats do not enter and damage our information, I like the prioritization of threats, since neutralizes in order of importance, network forensics is very good, advanced searches are good, protection of our entire IT infrastructure is high, and we really like the trust that IBM Security QRadar places in us.

Inconvénients :

It has many features that somewhat limit the understanding of early adopters, it can be overwhelming the first time, but the quality of the results keeps our data safe and threats away.