IBM Security QRadar SIEM

Score8.9 out of 10

284 Reviews and Ratings

Top Performing Features

+10%

Centralized event and log data collection

Effectiveness of real-time centralized event and log data collection

Cat avg: 9

+30%

Host and network-based intrusion detection

Ability to detect both endpoint intrusion and network ingress detection

Cat avg: 7.4

+12%

Event and log normalization/management

Ability to normalize event syntax so that logs can be compared and are machine-understandable

Cat avg: 8.5

+11%

Data integration/API management

Ease and quality of data integrations between SIEM and other systems

Cat avg: 8.1

Worst Performing Features

-7%

Custom dashboards and workspaces

dashboards that can be customized to meet the needs of specific groups

Cat avg: 8

+2%

Behavioral analytics and baselining

How effectively activity and behavior baselines are established and maintained

Cat avg: 7.5

+8%

Response orchestration and automation

Quality of built-in response orchestration and automation in Next-Gen SIEM

Cat avg: 7.1

IBM Security QRadar SIEM Features from Reviews

8.5+7%

Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 9
Correlation
Correlation of logs and events to pinpoint significant threats
Category average: 8.4
Event and log normalization/management
Ability to normalize event syntax so that logs can be compared and are machine-understandable
Category average: 8.5
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 7.7
Integration with Identity and Access Management Tools
Integration with access control tools like Active Directory and LDAP
Category average: 7.7
Custom dashboards and workspaces
dashboards that can be customized to meet the needs of specific groups
Category average: 8
Host and network-based intrusion detection
Ability to detect both endpoint intrusion and network ingress detection
Category average: 7.4
Data integration/API management
Ease and quality of data integrations between SIEM and other systems
Category average: 8.1
Behavioral analytics and baselining
How effectively activity and behavior baselines are established and maintained
Category average: 7.5
Rules-based and algorithmic detection thresholds
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
Category average: 8.2
Response orchestration and automation
Quality of built-in response orchestration and automation in Next-Gen SIEM
Category average: 7.1
Reporting and compliance management
Ease and quality of reporting and compliance functions
Category average: 8.3
Incident indexing/searching
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Category average: 8.8

IBM Security QRadar SIEM Features from the Vendor

Correlation
Correlation of logs and events to pinpoint significant threats
Integration with Identity and Access Management Tools
Integration with access control tools like Active Directory and LDAP
Custom dashboards and workspaces
dashboards that can be customized to meet the needs of specific groups
Behavioral analytics and baselining
How effectively activity and behavior baselines are established and maintained
Rules-based and algorithmic detection thresholds
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
Reporting and compliance management
Ease and quality of reporting and compliance functions

Open architecture to deploy on premises, on cloud, or as a service.
Investigation speed faster with automated triage and contextual intelligence
Better visibility by removing silos and unifying input and shared insights
Integrates with existing tools to leave data where it is and leveraging current environment.