IBM Security QRadar SIEM All-in-One 31XX - Software Subscription and Suppor

Mfg. Part: E0G1DLL | CDW Part: 3455922 | UNSPSC: 43233205
Request Pricing

Have leasing questions? Let us know how can we help.

Note: Leasing is available to organizations only. Leasing is not available to individuals.
Mon-Fri 7am-7:30pm CT
Ships same day if ordered before 4 PM CT
  • Software Subscription and Support Renewal ( 1 year )
  • 1 install
  • failover
  • Passport Advantage Express
View More
Product Overview
Main Features
  • Software Subscription and Support Renewal ( 1 year )
  • 1 install
  • failover
  • Passport Advantage Express
IBM Security QRadar products provide a security intelligence platform that integrates disparate functions including SIEM, Log Management, Configuration Monitoring, and Network Behavior Analytics into a comprehensive security intelligence solution. Its one-console approach helps you to detect advanced threats, address regulatory compliance mandates, detect insider threats and fraud, predict risks against the business, and consolidate data silos.

Technical Specifications
Specifications are provided by the manufacturer. Refer to the manufacturer for an explanation of the print speed and other ratings.
Category: Security applications
Subcategory: Security - intrusion and vulnerability detection , Security - security suite

Brand: IBM
Compatibility: PC
Manufacturer: IBM
Model: SIEM All-in-One 31XX
Packaged Quantity: 1
Product Line: IBM Security QRadar

License Pricing: Failover , Volume

Support Details Full Contract Period: 1 year

Service & Support
Type: New releases update

Service & Support Details
Service Type: New releases update

Response Time: 2 hours
Service Availability (Hours a Day): Business hours
Service Type: Phone consulting

Service Availability (Days a Week): Monday-Sunday
Service Availability (Hours a Day): 24 hours a day
Service Type: Emergency phone consulting

Service Type: Web knowledge base access

Service Type: E-mail consulting

License Category: Maintenance
License Qty: 1 install
License Type: Software Subscription and Support Renewal
License Validation Period: 1 year
Licensing Program: Passport Advantage Express

Product Reviews
IBM Security QRadar SIEM All-in-One 31XX - Software Subscription and Suppor is rated 4.2 out of 5 by 6.
Rated 3 out of 5 by from We can build interactive dashboards around it. Mathematical operators currently cannot be used within the reference maps. Valuable Features:The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.Improvements to My Organization:We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.Room for Improvement:In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.Stability Issues:There were no stability issues.Scalability Issues:There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.Technical Support:We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.Initial Setup:I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.Other Advice:It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-06
Rated 5 out of 5 by from Can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent. Valuable Features:Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events.Improvements to My Organization:Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.Room for Improvement:AI is superb but need improvements.Use of Solution:Two years.Deployment Issues:No issues.Stability Issues:No issues.Technical Support:Very good.Previous Solutions:No, I have only used this solution.Initial Setup:It was straightforward.Other Solutions Considered:Splunk.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-06
Rated 5 out of 5 by from Although it provides incident management of the alerts it produces, this could be improved to allow more restrictions Valuable Features:IBM Security QRadar has many valuable features. One of the most valuable features of IBM Security QRadar is the ease of extracting information from raw logs/events, whether the log source sending the events is supported by IBM or not (for example, a custom in-house application) and use this information in creating searches, correlation rules, reports, and dashboards. Another feature is scalability; scaling up a deployment to support more events per second is made simple just by “linking” new appliances to the main deployment through configuration steps that only take minutes to complete. I do not know if I can call this a feature, but a “general” feature of QRadar is that it does not require highly technically skilled personnel to administer. The dashboards and configurations through the web UI are easy to read, understand, and change.Room for Improvement:Although QRadar provides incident management of the alerts it produces, this area could use a little improvement to allow more restrictions on who can close alerts and easily updating alerts with and reading text templates.Use of Solution:I have used IBM Security QRadar for nearly two years now. I use it as a user in my organization’s Managed Security Services division where we monitor clients’ environments. I also work with it as an implementer to deploy and customize it for clients.Deployment Issues:Any deployment will have issues. The issues that I encounter with deploying QRadar are raised with IBM Support and are usually solved quickly through applying patches or changing individual files to fix the web GUI issue.Stability Issues:The causes of stability issues are usually not QRadar, but of misconfigured devices/log sources (for example, sending debug events to QRadar that results in millions of events in a short period of time). However, if a deployment is done correctly, QRadar stays stable.Scalability Issues:No, I did not face issues with scalability. One of the great features of QRadar is the ease of scalability. A license upgrade is simply done by purchasing it and applying it through the GUI which only takes minutes to. If an organization wants a larger expansion, all that it has to do is to buy the required hardware with QRadar installed, and “link” it to the main deployment through steps that also take minutes. This new hardware will provide the extra events per second or flows per minute capabilities required for the expansion.Technical Support:IBM provides support in various regions in the world. The level of technical support is good. Once a support ticket is open, the support team tries to fix it directly or passes it on to higher levels, and will involve the QRadar development team if required.Previous Solutions:No, I did not use a separate solution, although I have read and heard about different solutions from the various clients I have met with. Clients switch to using QRadar because they say that maintaining and administering other solutions becomes a hassle and requires trained personnel. Another reason clients switch to using QRadar because of cost.Initial Setup:The initial setup of QRadar is straightforward. From the installation perspective, IBM provides one ISO file that can be used to install any of the QRadar components, with the activation key deciding which components to install. From the deployment perspective, QRadar has the ability to automatically detect many log sources sending logs. The out-of-the-box dashboards, searches, reports, and correlation rules allows QRadar to start displaying intelligence and insight on devices, network statistics, authentication, and many more, and to start alerting on offenses and policy violations automatically. Coupling this with the automatically detected log sources, a demonstration of QRadar can only take a few hours from the installation, to automatically detecting a log source such as firewall logs, to getting alerts on excessive firewall denies, port scans, etc.Other Advice:The advice I would give to others is to work with the implementation team to properly fine tune the out-of-the-box “building block rules” and to enter their network hierarchy in QRadar in order for it to give best results and reduce false positive alerts.Disclaimer: My company has a business relationship with this vendor other than being a customer:We're a value added services security company that is a distributor of Q1-Labs QRadar (now IBM).
Date published: 2017-03-11
Rated 4 out of 5 by from It captures and processes large volumes of event data, and scales to support them in a unified database. But, it'd be good to have a default configuration to meet PCI requirements. Valuable Features:It's very helpful in meeting compliance monitoring and reporting (PCI DSS, PA DSS, ISO, SOX) requirements.Improvements to My Organization:It captures and processes large volumes of event data, and scales to support hundreds of thousands of events in one unified database.It also offers high-availability and disaster-recovery options.There's very high quality in reporting suitable to all most all compliance requirements.Room for Improvement:We use it mostly for purchases and regulatory requirements of that process. It would be good, therefore, if there was a standard configuration by default that was offered or proposed during install or configuration to meet PCI requirements, e.g. log archive duration set by default to one year for each device added.The event Information display might prioritize event ID, user, destination, source, and date/time as the first info gathered in the report.Use of Solution:We're only using the Log Manager.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2015-11-11
Rated 5 out of 5 by from The dashboards give us an overview of traffic flow and pinpoint configuration issues. Valuable Features:I find that the dashboards are the most helpful to get an overview of traffic flow and issues.Improvements to My Organization:We find that reviewing Q1 Radar is very helpful to pinpoint configuration issues, as well as go back and find traffic flows from comprimised hosts.Deployment Issues:No.Stability Issues:None.Scalability Issues:N/ACustomer Service:N/ATechnical Support:N/ADisclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2015-09-10
Rated 3 out of 5 by from No matter what technology you choose the technology area is 15% of the effort. Your process’s are 85% Valuable Features:IBM Qradar is* Ease of install . Its effectively redhat6.5 with an app on top.* Automatic log source identification* Inbuilt rules and reports are comprehensive so out of the box the system does things* Recognises every log source we have added.* IBM supply a virtual image which makes the standing up of a system a small piece of work.Improvements to My Organization:IBM Qradar has great data reduction. We have several hundred million log records arrive on various of the platforms daily and have been able to tune them to alert on important things well. Very few false positives.Like any SIEM product at a very base level the system is a pattern matcher. Looking for patterns in single log messages or looking for patterns in multiple logs messages combined with flow data. It has a primary focus of Security Event Management but you can look for anything in the information flowing through the system and can alert on it. So it can be used - and we do - as a general IT event management/monitoring system.Room for Improvement:Room for improvement - IBM Qradar:* Graphing on the system is a tad course. Analytics now requires really high quality graphing to assist in pinpointing anomalies.* Need for multiple Java versions for deployment setup is a pain.* There are areas you need to have Java 7 to be able to use.(Primary need for this is to access the Deployment area)* We need to be able to handle multiple overlapping ip address areas. That is coming we know. But slowly.* When you are building this in a virtualised environment you do have a bit of difficulty accessing the GUI.Use of Solution:3.5 yearsI have used several versions of the Qradar system. Both the IBM version and the Juniper STRM OEM version.IBM I rate as 7.5/10STRM at 7/10Deployment Issues:No real issues with deploy. What it is doing is exactly what we expected. It does have a few wrinkles but that is more about where we are collecting logs from.Stability Issues:No stability issues yet.Scalability Issues:No scalability issues yet. We have sized the latest system to cope with up to 10000 eps and or only at about 4000 at the moment. Scaling is simply adding extra license as required at the moment. Easy.Customer Service:Generally excellent.Technical Support:Generally excellent.Previous Solutions:* We were using SPLUNK. Licensing does not allow you to expose Splunk screens to customers (we are an ISP and IT service provider).* Mcafee Nitro was too expensive* Arcsight takes too long to install and tuneInitial Setup:Simple:* Boot VM off ISO image.* Install license* Point logs at it* DoneOccasionally the documentation did not reflect what was happening so did need to access tech support a few times.Implementation Team:We implemented it ourselves. Initial seat of pants approach. Worked. I got my Redhat builder to spin up the two VM servers off the supplied image, licensed them, gave them the appropriate IP addresses, created the deployment (the Java 7 bit) and the system started receiving logs from the 1200 CISCO routers.ROI:We are fulfilling a government contract. Install and move to BAU has been done and it came in under the estimated budget…..so All Good.Other Solutions Considered:* Mcafee Nitro* Juniper STRM* AlienVault. Note. We would probably have used AlienVault but there was no representation in Asia Pacific at the time* TrustWaveOther Advice:* First gather your requirements* From that build a business case.* Understand that no matter what technology you choose the technology area is 15% of the effort. Your processes are 85%. No process…then 5h1t in …5h1t out.* Make sure you know your business reasons for the implementationDisclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2015-01-15
  • y_2017, m_4, d_24, h_15
  • bvseo_bulk, prod_bvrr, vn_bulk_1.0.0-hotfix-1
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_6
  • loc_en_US, sid_3455922, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdwg
Adding to Cart...
4/26/2017 6:25:59 PM
^ Back to Top

Maximum 300 characters
An account manager will email you within one business day to confirm your request.

Your Quote has been submitted

What Happens Next? A confirmation email is on its way. Within one business day, you will be contacted by an Account Manager to finalize your quote.


Something went wrong.

Please try again later.