We changed our name from IT Central Station: Here's why
2017-03-30T06:20:00Z

What is your primary use case for IBM QRadar?


How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

ITCS user
Guest
6868 Answers

author avatar
Real User

We primarily use QRadar for monitoring and preparing use cases. This solution is deployed on-prem.

2021-12-14T14:11:00Z
author avatar
Top 5Real User

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats. We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

2021-11-17T19:36:07Z
author avatar
Top 5Reseller

We use this solution both in our company and those of our clients. We are resellers of QRadar.

2021-10-04T15:20:38Z
author avatar
Top 20Real User

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

2021-09-24T02:06:16Z
author avatar
Top 5LeaderboardReal User

We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.

2021-09-07T12:23:57Z
author avatar
Top 10Real User

We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.

2021-08-06T10:41:11Z
author avatar
Top 5Real User

We use IBM QRadar for threat protection.

2021-07-17T03:01:11Z
author avatar
Top 20Real User

We have a POC environment but have not onboard it to any of our clients.

2021-07-15T07:35:31Z
author avatar
Top 5LeaderboardMSP

We are using the current version.

2021-07-13T02:01:26Z
author avatar
Top 20Real User

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall. However, that's the lesser use case.

2021-06-24T13:07:45Z
author avatar
Real User

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

2021-06-04T12:28:39Z
author avatar
Top 5LeaderboardReal User

We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.

2021-05-15T12:05:17Z
author avatar
Top 5LeaderboardMSP

We are a service provider and we are providing the solution as a managed service for multitenancy security.

2021-04-16T09:36:53Z
author avatar
Top 5LeaderboardReal User

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

2021-03-05T17:23:52Z
author avatar
Top 20Real User

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries.

2021-02-19T06:14:15Z
author avatar
Top 20Real User

We are using QRadar as a managed service.

2021-02-11T16:07:00Z
author avatar
Top 20Reseller

We primarily use the solution for log collection and security incidents as well as event management.

2021-02-10T18:53:33Z
author avatar
Top 5LeaderboardMSP

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

2021-01-26T10:22:50Z
author avatar
Top 5LeaderboardReal User

We used this product as a SIEM, for information security.

2021-01-24T15:38:21Z
author avatar
Top 20Real User

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

2021-01-24T11:57:00Z
author avatar
Top 20Real User

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

2021-01-14T14:07:47Z
author avatar
Top 20Real User

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

2021-01-12T16:38:34Z
author avatar
Top 5LeaderboardReal User

It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases.

2020-12-24T16:58:24Z
author avatar
Top 20Real User

We primarily use the solution to develop software, for some device controllers.

2020-12-19T07:31:11Z
author avatar
Real User

We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.

2020-12-10T17:37:00Z
author avatar
Top 5LeaderboardReal User

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system. We are also selling this product.

2020-12-04T14:16:02Z
author avatar
Real User

The primary use case of this solution is for monitoring the network.

2020-11-30T14:46:28Z
author avatar
Top 20Real User

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

2020-11-27T11:20:17Z
author avatar
Real User

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.

2020-11-25T19:59:57Z
author avatar
Real User

We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).

2020-11-16T12:57:27Z
author avatar
Top 20Real User

We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.

2020-11-13T11:30:59Z
author avatar
Top 20Reseller

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

2020-11-11T16:49:23Z
author avatar
Top 5Real User

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

2019-12-05T02:59:00Z
author avatar
Real User

We use this solution for log correlation and alerting.

2019-07-31T02:22:00Z
author avatar
Real User

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

2019-06-16T07:23:00Z
author avatar
Real User

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

2019-06-13T12:36:00Z
author avatar
Real User

The primary use of the solution in our deployment was for threat detection.

2019-06-13T12:36:00Z
author avatar
Top 20Real User

We are a partner and provide this solution to our customers.

2019-06-06T08:18:00Z
author avatar
Real User

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

2019-04-29T07:11:00Z
author avatar
Real User

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

2019-04-29T07:11:00Z
author avatar
Real User

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

2019-04-17T08:37:00Z
author avatar
Consultant

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

2019-04-17T08:37:00Z
author avatar
Real User

Our primary use case for this solution is compliance.

2019-04-17T08:37:00Z
author avatar
Top 20Real User

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

2019-04-11T06:16:00Z
author avatar
Reseller

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

2019-03-31T09:41:00Z
author avatar
Consultant

We use it to detect security incidents.

2019-03-19T10:11:00Z
author avatar
Top 5Real User

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

2019-03-10T16:43:00Z
author avatar
Real User

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.

2019-03-06T07:41:00Z
author avatar
Real User

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

2019-03-06T07:40:00Z
author avatar
Real User

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

2019-02-27T08:57:00Z
author avatar
Consultant

I use it to analyze incidents.

2019-02-26T08:25:00Z
author avatar
Reseller

Our primary use case of this solution is to identify threats.

2019-02-25T08:45:00Z
author avatar
Real User

Our primary use case of this solution is for our customer's operations.

2019-02-07T12:28:00Z
author avatar
Reseller

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.

2019-02-03T08:35:00Z
author avatar
Top 20Real User

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud.

2018-11-15T07:11:00Z
author avatar
Top 20Real User

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.

2018-10-29T15:46:00Z
author avatar
Real User

My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.

2018-10-04T17:27:00Z
author avatar
LeaderboardConsultant

My primary use case for this solution is to monitor security events in our cloud environment.

2018-09-09T05:40:00Z
author avatar
User

* CRM and billing system * 100 multiple technology servers: Windows AD, Linux, HP-UX, etc. * 40 firewall multiple routers * Cisco Nexus switches

2018-09-04T02:41:00Z
author avatar
Vendor

It is under a non-disclosure agreement (NDA).

2018-08-30T10:51:00Z
author avatar
Reseller

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. This solution is performing well.

2018-07-22T08:31:00Z
author avatar
Real User

In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.

2018-06-28T06:31:00Z
author avatar
Real User

* Origination process in banks. * Insurance claims on insurance companies.

2018-06-26T12:31:00Z
author avatar
Real User

I used the IBM QRadar product from 2015 until 2017.

2018-06-12T12:14:00Z
author avatar
Real User

SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar. It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. I am a security analyst working with QRadar.

2018-06-11T10:36:00Z
author avatar
Consultant

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar. I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

2018-06-11T06:45:00Z
author avatar
Real User

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy. You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on.

2018-06-03T09:17:00Z
author avatar
Top 20Consultant

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

2017-03-30T06:20:00Z
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,643 professionals have used our research since 2012.