IBM QRadar Overview

IBM QRadar is the #2 ranked solution in our list of Log Management Software. It is most often compared to Splunk: IBM QRadar vs Splunk

What is IBM QRadar?

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

IBM QRadar is also known as QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar.

IBM QRadar Buyer's Guide

Download the IBM QRadar Buyer's Guide including reviews and more. Updated: January 2021

IBM QRadar Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.

IBM QRadar Video

Pricing Advice

What users are saying about IBM QRadar pricing:
  • "It's very expensive but it fits our budget."
  • "It is a perpetual license that we have for the event collector. The licensing is done based on the number of events and flows that you receive on this particular device. These are perpetual licenses, which means once you purchase them, they don't expire, which means that the support to IBM is definitely renewed after every one year. We have an enterprise agreement with IBM, which puts the cost in a totally different category as compared to someone who is not an IBM partner and is approaching IBM for this solution. We were able to get massive discounts. To give you an idea, we recently purchased 30,000 event licenses, and it costs around $480,000. It is definitely not a cheap product. We have licenses for about 270,000 events per second and 3 million flows per second. All the appliances and their events and flows are basically clubbed together and charged or rather calculated through a single source. The console receives all the details from all the event processes that we have globally. So, the license that we have is a single license for 270,000 events per second and 3 million flows per second, but that can be managed centrally. I was only part of the secondary purchase, which was 30,000 events per second for about $480,000. You can calculate how much we paid for 270,000 events. Reducing its price would be a compromise. We have already used a lower-priced product in the form of NNT, but we had to get rid of it because it was not doing the job that we actually wanted to do. You get what you pay for."
  • "It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
  • "In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
  • "QRadar is quite expensive. It wouldn't be worth it for a small business..."
  • "There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well."

IBM QRadar Software Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1373244
Security Analyst at a hospitality company with 10,001+ employees
Real User
Nov 20, 2020
Provides the visibility and analytics needed to detect and combat security risks

What is our primary use case?

We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the… more »

Pros and Cons

  • "The rule engine is very easy to use — very flexible."
  • "The user interface is a bit clunky, a bit hard to find what you need."

What other advice do I have?

I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go. Overall, on a scale from one to ten, I would give this solution a rating of eight.
Amit Bhatnagar
Senior Manager Information Security at Conduent (formerly Xerox Services)
Real User
Top 10
Dec 1, 2020
A user-friendly, stable, and solid product with internal AI and good scalability

What is our primary use case?

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

Pros and Cons

  • "It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
  • "A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."

What other advice do I have?

I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate…
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.
DAX Paulino
Cybersecurity Practice Lead at a tech services company with 201-500 employees
Real User
Top 20
Apr 3, 2019
Enables us to handle the most critical attacks and integrates well with other solutions

What is our primary use case?

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

Pros and Cons

  • "One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
  • "In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."

What other advice do I have?

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need. This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters. In our case, deployment and maintenance…
BALA
Program Manager at a tech services company
Real User
Apr 17, 2019
Highly customizable and provides a single dashboard for global device monitoring

What is our primary use case?

Our primary use case for this solution is compliance.

Pros and Cons

  • "There is a single dashboard that gives us a complete overview of what is happening around the globe."
  • "Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."

What other advice do I have?

I would rate this solution eight and a half out of ten.
Vulnera08667
Vulnerability Manager at a tech services company with 51-200 employees
Reseller
Top 10
Mar 31, 2019
Scanning by the Vulnerability Manager and alert-generation are key features for us

What is our primary use case?

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

Pros and Cons

  • "The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
  • "It would be good if the program allowed certain profiles to only see certain customer information."

What other advice do I have?

QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product. In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one…
reviewer1318914
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
Nov 27, 2020
Not user friendly, doesn't integrate well, and has terrible technical support

What is our primary use case?

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.

Pros and Cons

  • "The solution can scale."
  • "The solution is clunky."

What other advice do I have?

I'm not sure of which version of the solution we're using. I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC. Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics…
Cyberspec67
Cyber Security Specialist at AEC
Real User
Top 5
Apr 29, 2019
Alerts and correlates the aggregate events or offenses we receive through all the applications we use

What is our primary use case?

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

Pros and Cons

  • "IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
  • "There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."

What other advice do I have?

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.
Larbi Belmiloud
Security Engineer at a tech services company with 11-50 employees
Real User
Top 20
Jun 23, 2019
Enables us to stop and detect vulnerabilities

What is our primary use case?

The primary use of the solution in our deployment was for threat detection.

Pros and Cons

  • "We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
  • "The interface is very old. IBM should remake it into a more modern interface."

What other advice do I have?

The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best. I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning…
See 30 more IBM QRadar Reviews
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.