IBM Security QRadar SIEM Console 31XX - license + 1 Year Software Subscript

Mfg.Part: D0WPLLL | CDW Part: 3340646 | UNSPSC: 43233205
Availability: In Stock
Warranties
Request Pricing
Product Details
  • License + 1 Year Software Subscription and Support
  • 1 install
  • failover
  • Passport Advantage Express
View Full Product Details
Better Together
IBM Security QRadar SIEM Console 31XX - license + 1 Year Software Subscript
Quick View
Total Price:

Product Overview

Main Features
  • License + 1 Year Software Subscription and Support
  • 1 install
  • failover
  • Passport Advantage Express
IBM Security QRadar products provide a security intelligence platform that integrates disparate functions including SIEM, Log Management, Configuration Monitoring, and Network Behavior Analytics into a comprehensive security intelligence solution.

Updates to IBM Security QRadar SIEM, IBM Security QRadar Log Manager, and IBM Security QRadar Network Anomaly Detection provide new capabilities in data management, visualization, and role-based access control. Updates to IBM Security QRadar Risk Manager help provide expanded support for multicontext security devices and additional networking technologies, enabling more comprehensive assessment and monitoring of large corporate networks.

IBM Security QRadar SIEM Console 31XX - license + 1 Year Software Subscript is rated 4.2 out of 5 by 14.
Rated 4 out of 5 by from It is really helpful to us from the compliance point of view. What is our primary use case?The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.How has it helped my organization?It is really helpful to us from the compliance point of view. Whenever we had an external lawyer come in, he used to ask us for the data retention and log retention. So, QRadar could put out reports that could audit for us within the log collections. It was very helpful for us to meet compliance requirements.In addition, it is a helpful solution for forensic analysis. It will easily perform Google type searches and get the logs searched easily. This is really helpful for us, and gives us a quicker investigation.What is most valuable?The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.What needs improvement?They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.For how long have I used the solution?More than five years.What do I think about the stability of the solution?The stability is very good. There is not a single point lacking in terms of stability. And, I have never faced technical issues.What do I think about the scalability of the solution?The scalability is good, especially with the introduction of data nodes. As of now, it is not a problem.How is customer service and technical support?The tech support is not that good. They often rely on their learned knowledge base, instead of getting their hands dirty upon the actual case issues. They just think of the traditional approach of "OK, try this, or that." Obviously, we already know which steps to follow, we need for them to come up with some out-of-the-box solutions. This delays the process of finding a solution to the problem. Unfortunately, this happens a lot.Which solutions did we use previously?I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.How was the initial setup?The initial setup was straightforward. It was not complex or difficult. It is not complicated.What's my experience with pricing, setup cost, and licensing?The cost of this product is expensive.What other advice do I have?If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex.When deciding on a solution, we always consider:* Cost-benefit* Shelf-life of the solution* Security of the solutionDisclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2018-11-08
Rated 5 out of 5 by from Built-in rules are enabled by default and tunable to meet the specific needs of each organization. Valuable Features:* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms.* Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered.* QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities.* X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs.* App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration.Improvements to My Organization:As a Professional Services consultant, I have heard many reports of how QRadar SIEM has quickly identified offenses which the users were unaware of previously. In addition to giving CISO’s gained visibility and increasing security posture, QRadar adheres to many compliance regulations across vertical industries.Room for Improvement:Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.Use of Solution:We have been using the solution for four years.Deployment Issues:NoStability Issues:We did not encounter any issues with stability.Scalability Issues:We did not encounter any issues with scalability.Technical Support:The technical support is very good.Previous Solutions:We had limited experience with RSA enVision, LogRhythm, and HPE ArcSight. QRadar is much easier and takes less time to implement and maintain.Initial Setup:The initial setup was straightforward.Pricing, Setup Cost and Licensing:Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost.Other Solutions Considered:We did not evaluate any other options.Other Advice:All SIEMs have a certain degree of complexity, especially where use cases and rules are concerned. I advise using Professional Services so your SIEM is configured by trained professionals.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are a business partner of IBM.
Date published: 2017-09-03
Rated 4 out of 5 by from For vulnerabilities, you see a popup on the screen. We do not have to look for it. It is pushed to us. Valuable Features:It's easy for us to see what's happening in the environment. It's very good to see the logs and the analytic stuff.Improvements to My Organization:We can see the vulnerabilities much easier with the product. You see a popup on the screen. We do not have to look for it. It is pushed to us.Room for Improvement:It is very expensive; very expensive.Stability Issues:The solution is very stable.Scalability Issues:I think it is scalable.Technical Support:We have used technical support. They are very good and very nice.Other Solutions Considered:We didn't evaluate any alternatives. We have yearly talks with the IBM consulting team. We look at the trends.Other Advice:When choosing a vendor, we look for a stable and trustworthy company. I think QRadar is the best solution you can get.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-06-23
Rated 4 out of 5 by from Contextual and threat-based incident management. Valuable Features:* Paradigm shift, security intelligence 2.0* Contextual-based incident management* Threat-based incident management* A single management console to handle all the data* Ease of use* Existing integration capabilities* Out-of-the-box reports* Parser developmentImprovements to My Organization:It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.Room for Improvement:* There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.* The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.Use of Solution:I have used this solution for four years.Stability Issues:There were no stability issues.Technical Support:I would give technical support a rating of 9/10.Initial Setup:The setup was straightforward and the deployment was easy.Cost and Licensing Advice:The pricing policy is a bit on the higher side. IBM offers discounts when applicable.Other Solutions Considered:We looked at other solutions such as RSA enVision and HPE ArcSight.Other Advice:Trust it, test it, and deploy it.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-30
Rated 4 out of 5 by from Contextual and threat-based incident management. Valuable Features:* Paradigm shift, security intelligence 2.0* Contextual-based incident management* Threat-based incident management* A single management console to handle all the data* Ease of use* Existing integration capabilities* Out-of-the-box reports* Parser developmentImprovements to My Organization:It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.Room for Improvement:* There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.* The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.Use of Solution:I have used this solution for four years.Stability Issues:There were no stability issues.Technical Support:I would give technical support a rating of 9/10.Initial Setup:The setup was straightforward and the deployment was easy.Cost and Licensing Advice:The pricing policy is a bit on the higher side. IBM offers discounts when applicable.Other Solutions Considered:We looked at other solutions such as RSA enVision and HPE ArcSight.Other Advice:Trust it, test it, and deploy it.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-30
Rated 4 out of 5 by from Offers device auto-discovery, along with rules and reports already created. Valuable Features:In my understanding, the best features are:* DSMs (Device Support Modules),* Device auto-discovery, and* Hundreds of rules and reports already created for you to mix up.These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.Improvements to My Organization:I have implemented QRadar in a big airline company, where they needed to get all their security information in one place. It helped in reducing the amount of time that was needed to evaluate the risk of every event. Configuring the alerts has never been easier; you just search for the event you think you need and start creating the rules that way. It is really straightforward and you don't need much IT knowledge for it. Of course, your experience with the product and a generalist view of the infrastructure, business and IT are strongly recommended, when using a tool similar to this.Use of Solution:We have implemented QRadar for two years, both in mid-size and big environments.Stability Issues:We never experienced any stability issues. The only problem that I had was related to the hardware and the high availability worked as expected.Something to take into account is the IBM support; they really know their business and how to fix problems. I had the opportunity to talk with L2 Managers in the US, who told me that IBM is investing in research, documentation and training for all the people working with it. This is a very interesting thing to have in mind, when choosing this platform.Scalability Issues:We never experienced any scalability issues. If you correctly estimate the amount of EPS (the license variable), then scalability is not a problem. They can run in a really big environment (100,000 EPS tested in production) and all the infrastructure will work as a charm.Technical Support:The technical support is excellent. As I've mentioned, they know their business and have a really good team behind them.Previous Solutions:I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.Initial Setup:The setup was really straightforward. You simply need to put your ISO image in the hypervisor, follow the on-screen instructions and you have it running in one hour.Cost and Licensing Advice:The pricing and licensing policies are really competitive. These solutions are not for a really small business, but having just one license variable is really good. You simple tell the partner or sales representative the number of EPS you want to receive in your appliance and that's it. Other solutions have a 'correlation' license, which is more like a trap than anything else.Other Solutions Considered:I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.Other Advice:You should ask the sales representative to give you the Excel sheet to calculate EPS. Keep in mind that the firewalls, proxies and networking devices such as those will consume lots of EPS, but they do provide really nice information and insight from your network.On Gartner, this is one of the most competitive SIEMs in the market. It is robust and IBM is investing a lot of money to get it running even better than it is running right now. You feel secured when you use it.This solution is being implemented around the world and every day, a new feature or add-on is created for it.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are business partners and have a really good relationship with IBM.
Date published: 2017-04-20
Rated 5 out of 5 by from Integrates with other applications and systems. Valuable Features:SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.Improvements to My Organization:You have the visibility of different events, thus we can resolve the issue.Room for Improvement:They should provide more integration with more devices.Use of Solution:I have been using this solution for three years.Technical Support:I would give the technical support a 8/10 rating. They are excellent.Initial Setup:The setup was straightforward.Cost and Licensing Advice:The pricing policy is good.Other Solutions Considered:We looked at another solution, NitroSecurity Inc.Other Advice:If you have a good budget, then go for IBM QRadar.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-13
Rated 4 out of 5 by from Provides log management, application monitoring, vulnerability scanning, full packet capture and risk analysis. Valuable Features:IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.Improvements to My Organization:The SIEM solution is considered as a monitoring tool for the network but you can set routing roles and special actions for certain events.Room for Improvement:* The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.* We urgently need to add more report templates.Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.Use of Solution:I have been using the solution for three years.Stability Issues:I didn't find any issues with stability of the product.Scalability Issues:The scalability of this product is very flexible because of the way that it counts the events that exceed the threshold of licenses it handled with the queue and stores the data for 5 GB, dealing with the events in a first-in, first-out (FIFO) methodology.Technical Support:I would rate the technical support as 9/10 for solving issues and 5/10 for responses.Previous Solutions:I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.Initial Setup:The initial setup is very easy, just like when you install an operating system, and then you do the configuration needed for your environment.Disclaimer: My company has a business relationship with this vendor other than being a customer:Prosoft is an IBM VAD (value added distributor) in Egypt.
Date published: 2017-04-12
  • y_2018, m_12, d_12, h_15
  • bvseo_bulk, prod_bvrr, vn_bulk_2.0.9
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_14
  • loc_en_US, sid_3340646, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdw