IBM QRadar Pros and Cons

IBM QRadar Pros

Co-owner and CEO at Data Security Solutions
We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.
View full review »
AM
Security Analyst at a hospitality company with 10,001+ employees
The rule engine is very easy to use — very flexible.
View full review »
Senior Manager Information Security at Conduent (formerly Xerox Services)
It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool.
View full review »
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.
AGM, Enterprise Solutions at a comms service provider with 51-200 employees
This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.
View full review »
Cyber Security Consultant at Gulf Business Machines
The most valuable aspect of the solution is the integration capabilities on offer.
View full review »
RU
Senior Solutions Architect with 51-200 employees
QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.
View full review »
Tech Lead at a tech services company with 1,001-5,000 employees
There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.
View full review »
AK
Head of Project office
Technical support is good overall.
View full review »
RO
Information Security Specialist at a comms service provider with 501-1,000 employees
The solution can scale.
View full review »
Security Engineer at a tech services company with 11-50 employees
We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens.
View full review »

IBM QRadar Cons

Co-owner and CEO at Data Security Solutions
There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.
View full review »
AM
Security Analyst at a hospitality company with 10,001+ employees
The user interface is a bit clunky, a bit hard to find what you need.
View full review »
Senior Manager Information Security at Conduent (formerly Xerox Services)
A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.
View full review »
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.
AGM, Enterprise Solutions at a comms service provider with 51-200 employees
Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want.
View full review »
Cyber Security Consultant at Gulf Business Machines
Technical support could be improved by a bit.
View full review »
RU
Senior Solutions Architect with 51-200 employees
When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.
View full review »
Tech Lead at a tech services company with 1,001-5,000 employees
SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want.
View full review »
AK
Head of Project office
The reporting system could use some upgrading.
View full review »
RO
Information Security Specialist at a comms service provider with 501-1,000 employees
The solution is clunky.
View full review »
Security Engineer at a tech services company with 11-50 employees
The interface is very old. IBM should remake it into a more modern interface.
View full review »
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.