148

IBM Security QRadar SIEM Event Capacity Increase from 1K to 2.5K EPS - lice

Mfg. Part: D0WTWLL | CDW Part: 3634284 | UNSPSC: 43233205
Request Pricing
Close

Have leasing questions? Let us know how can we help.

Note: Leasing is available to organizations only. Leasing is not available to individuals.
800.808.4239
Mon-Fri 7am-7:30pm CT
Availability:
Ships same day if ordered before 4 PM CT
  • License + 1 Year Software Subscription and Support
  • 1 install
  • failover
  • Passport Advantage Express
View More
Product Overview
Main Features
  • License + 1 Year Software Subscription and Support
  • 1 install
  • failover
  • Passport Advantage Express
IBM Security QRadar SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. As an option, this software incorporates IBM Security X-Force Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.

Technical Specifications
Specifications are provided by the manufacturer. Refer to the manufacturer for an explanation of the print speed and other ratings.
General
Category: Security applications
Subcategory: Security - intrusion and vulnerability detection , Security - security suite

Header
Brand: IBM
Compatibility: PC
Manufacturer: IBM
Model: SIEM Event Capacity Increase from 1K to 2.5K EPS
Packaged Quantity: 1
Product Line: IBM Security QRadar

Licensing
License Pricing: Failover , Volume

Service
Support Details Full Contract Period: 1 year

Service & Support
Type: New releases update

Service & Support Details
Service Type: New releases update



Response Time: 2 hours
Service Availability (Hours a Day): Business hours
Service Type: Phone consulting



Service Availability (Days a Week): Monday-Sunday
Service Availability (Hours a Day): 24 hours a day
Service Type: Emergency phone consulting



Service Type: Web knowledge base access



Service Type: E-mail consulting

Software
Bundled Support: 1 Year Software Subscription and Support
License Category: License
License Qty: 1 install
License Type: License
Licensing Program: Passport Advantage Express

Product Reviews
IBM Security QRadar SIEM Event Capacity Increase from 1K to 2.5K EPS - lice is rated 4.2 out of 5 by 11.
Rated 4 out of 5 by from Contextual and threat-based incident management. Valuable Features:* Paradigm shift, security intelligence 2.0* Contextual-based incident management* Threat-based incident management* A single management console to handle all the data* Ease of use* Existing integration capabilities* Out-of-the-box reports* Parser developmentImprovements to My Organization:It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.Room for Improvement:* There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.* The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.Use of Solution:I have used this solution for four years.Stability Issues:There were no stability issues.Technical Support:I would give technical support a rating of 9/10.Initial Setup:The setup was straightforward and the deployment was easy.Cost and Licensing Advice:The pricing policy is a bit on the higher side. IBM offers discounts when applicable.Other Solutions Considered:We looked at other solutions such as RSA enVision and HPE ArcSight.Other Advice:Trust it, test it, and deploy it.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-30
Rated 4 out of 5 by from Contextual and threat-based incident management. Valuable Features:* Paradigm shift, security intelligence 2.0* Contextual-based incident management* Threat-based incident management* A single management console to handle all the data* Ease of use* Existing integration capabilities* Out-of-the-box reports* Parser developmentImprovements to My Organization:It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.Room for Improvement:* There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.* The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.Use of Solution:I have used this solution for four years.Stability Issues:There were no stability issues.Technical Support:I would give technical support a rating of 9/10.Initial Setup:The setup was straightforward and the deployment was easy.Cost and Licensing Advice:The pricing policy is a bit on the higher side. IBM offers discounts when applicable.Other Solutions Considered:We looked at other solutions such as RSA enVision and HPE ArcSight.Other Advice:Trust it, test it, and deploy it.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-30
Rated 4 out of 5 by from Offers device auto-discovery, along with rules and reports already created. Valuable Features:In my understanding, the best features are:* DSMs (Device Support Modules),* Device auto-discovery, and* Hundreds of rules and reports already created for you to mix up.These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.Improvements to My Organization:I have implemented QRadar in a big airline company, where they needed to get all their security information in one place. It helped in reducing the amount of time that was needed to evaluate the risk of every event. Configuring the alerts has never been easier; you just search for the event you think you need and start creating the rules that way. It is really straightforward and you don't need much IT knowledge for it. Of course, your experience with the product and a generalist view of the infrastructure, business and IT are strongly recommended, when using a tool similar to this.Use of Solution:We have implemented QRadar for two years, both in mid-size and big environments.Stability Issues:We never experienced any stability issues. The only problem that I had was related to the hardware and the high availability worked as expected.Something to take into account is the IBM support; they really know their business and how to fix problems. I had the opportunity to talk with L2 Managers in the US, who told me that IBM is investing in research, documentation and training for all the people working with it. This is a very interesting thing to have in mind, when choosing this platform.Scalability Issues:We never experienced any scalability issues. If you correctly estimate the amount of EPS (the license variable), then scalability is not a problem. They can run in a really big environment (100,000 EPS tested in production) and all the infrastructure will work as a charm.Technical Support:The technical support is excellent. As I've mentioned, they know their business and have a really good team behind them.Previous Solutions:I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.Initial Setup:The setup was really straightforward. You simply need to put your ISO image in the hypervisor, follow the on-screen instructions and you have it running in one hour.Cost and Licensing Advice:The pricing and licensing policies are really competitive. These solutions are not for a really small business, but having just one license variable is really good. You simple tell the partner or sales representative the number of EPS you want to receive in your appliance and that's it. Other solutions have a 'correlation' license, which is more like a trap than anything else.Other Solutions Considered:I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.Other Advice:You should ask the sales representative to give you the Excel sheet to calculate EPS. Keep in mind that the firewalls, proxies and networking devices such as those will consume lots of EPS, but they do provide really nice information and insight from your network.On Gartner, this is one of the most competitive SIEMs in the market. It is robust and IBM is investing a lot of money to get it running even better than it is running right now. You feel secured when you use it.This solution is being implemented around the world and every day, a new feature or add-on is created for it.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are business partners and have a really good relationship with IBM.
Date published: 2017-04-20
Rated 5 out of 5 by from Integrates with other applications and systems. Valuable Features:SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.Improvements to My Organization:You have the visibility of different events, thus we can resolve the issue.Room for Improvement:They should provide more integration with more devices.Use of Solution:I have been using this solution for three years.Technical Support:I would give the technical support a 8/10 rating. They are excellent.Initial Setup:The setup was straightforward.Cost and Licensing Advice:The pricing policy is good.Other Solutions Considered:We looked at another solution, NitroSecurity Inc.Other Advice:If you have a good budget, then go for IBM QRadar.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-13
Rated 4 out of 5 by from Provides log management, application monitoring, vulnerability scanning, full packet capture and risk analysis. Valuable Features:IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.Improvements to My Organization:The SIEM solution is considered as a monitoring tool for the network but you can set routing roles and special actions for certain events.Room for Improvement:* The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.* We urgently need to add more report templates.Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.Use of Solution:I have been using the solution for three years.Stability Issues:I didn't find any issues with stability of the product.Scalability Issues:The scalability of this product is very flexible because of the way that it counts the events that exceed the threshold of licenses it handled with the queue and stores the data for 5 GB, dealing with the events in a first-in, first-out (FIFO) methodology.Technical Support:I would rate the technical support as 9/10 for solving issues and 5/10 for responses.Previous Solutions:I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.Initial Setup:The initial setup is very easy, just like when you install an operating system, and then you do the configuration needed for your environment.Disclaimer: My company has a business relationship with this vendor other than being a customer:Prosoft is an IBM VAD (value added distributor) in Egypt.
Date published: 2017-04-12
Rated 3 out of 5 by from We can build interactive dashboards around it. Mathematical operators currently cannot be used within the reference maps. Valuable Features:The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.Improvements to My Organization:We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.Room for Improvement:In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.Stability Issues:There were no stability issues.Scalability Issues:There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.Technical Support:We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.Initial Setup:I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.Other Advice:It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-06
Rated 5 out of 5 by from Can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent. Valuable Features:Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events.Improvements to My Organization:Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.Room for Improvement:AI is superb but need improvements.Use of Solution:Two years.Deployment Issues:No issues.Stability Issues:No issues.Technical Support:Very good.Previous Solutions:No, I have only used this solution.Initial Setup:It was straightforward.Other Solutions Considered:Splunk.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2017-04-06
Rated 5 out of 5 by from Although it provides incident management of the alerts it produces, this could be improved to allow more restrictions Valuable Features:IBM Security QRadar has many valuable features. One of the most valuable features of IBM Security QRadar is the ease of extracting information from raw logs/events, whether the log source sending the events is supported by IBM or not (for example, a custom in-house application) and use this information in creating searches, correlation rules, reports, and dashboards. Another feature is scalability; scaling up a deployment to support more events per second is made simple just by “linking” new appliances to the main deployment through configuration steps that only take minutes to complete. I do not know if I can call this a feature, but a “general” feature of QRadar is that it does not require highly technically skilled personnel to administer. The dashboards and configurations through the web UI are easy to read, understand, and change.Room for Improvement:Although QRadar provides incident management of the alerts it produces, this area could use a little improvement to allow more restrictions on who can close alerts and easily updating alerts with and reading text templates.Use of Solution:I have used IBM Security QRadar for nearly two years now. I use it as a user in my organization’s Managed Security Services division where we monitor clients’ environments. I also work with it as an implementer to deploy and customize it for clients.Deployment Issues:Any deployment will have issues. The issues that I encounter with deploying QRadar are raised with IBM Support and are usually solved quickly through applying patches or changing individual files to fix the web GUI issue.Stability Issues:The causes of stability issues are usually not QRadar, but of misconfigured devices/log sources (for example, sending debug events to QRadar that results in millions of events in a short period of time). However, if a deployment is done correctly, QRadar stays stable.Scalability Issues:No, I did not face issues with scalability. One of the great features of QRadar is the ease of scalability. A license upgrade is simply done by purchasing it and applying it through the GUI which only takes minutes to. If an organization wants a larger expansion, all that it has to do is to buy the required hardware with QRadar installed, and “link” it to the main deployment through steps that also take minutes. This new hardware will provide the extra events per second or flows per minute capabilities required for the expansion.Technical Support:IBM provides support in various regions in the world. The level of technical support is good. Once a support ticket is open, the support team tries to fix it directly or passes it on to higher levels, and will involve the QRadar development team if required.Previous Solutions:No, I did not use a separate solution, although I have read and heard about different solutions from the various clients I have met with. Clients switch to using QRadar because they say that maintaining and administering other solutions becomes a hassle and requires trained personnel. Another reason clients switch to using QRadar because of cost.Initial Setup:The initial setup of QRadar is straightforward. From the installation perspective, IBM provides one ISO file that can be used to install any of the QRadar components, with the activation key deciding which components to install. From the deployment perspective, QRadar has the ability to automatically detect many log sources sending logs. The out-of-the-box dashboards, searches, reports, and correlation rules allows QRadar to start displaying intelligence and insight on devices, network statistics, authentication, and many more, and to start alerting on offenses and policy violations automatically. Coupling this with the automatically detected log sources, a demonstration of QRadar can only take a few hours from the installation, to automatically detecting a log source such as firewall logs, to getting alerts on excessive firewall denies, port scans, etc.Other Advice:The advice I would give to others is to work with the implementation team to properly fine tune the out-of-the-box “building block rules” and to enter their network hierarchy in QRadar in order for it to give best results and reduce false positive alerts.Disclaimer: My company has a business relationship with this vendor other than being a customer:We're a value added services security company that is a distributor of Q1-Labs QRadar (now IBM).
Date published: 2017-03-11
  • y_2017, m_5, d_25, h_14
  • bvseo_bulk, prod_bvrr, vn_bulk_1.0.0-hotfix-1
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_11
  • loc_en_US, sid_3634284, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdwg
 
Adding to Cart...
5/27/2017 2:47:02 PM
^ Back to Top

Maximum 300 characters
An account manager will email you within one business day to confirm your request.

Your Quote has been submitted

What Happens Next? A confirmation email is on its way. Within one business day, you will be contacted by an Account Manager to finalize your quote.

Error!

Something went wrong.

Please try again later.