IBM QRadar Overview

IBM QRadar is the #2 ranked solution in our list of Log Management Software. It is most often compared to Splunk: IBM QRadar vs Splunk

What is IBM QRadar?

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

IBM QRadar is also known as QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar.

IBM QRadar Buyer's Guide

Download the IBM QRadar Buyer's Guide including reviews and more. Updated: July 2021

IBM QRadar Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.

IBM QRadar Video

Pricing Advice

What users are saying about IBM QRadar pricing:
  • "It's very expensive but it fits our budget."
  • "It is a perpetual license that we have for the event collector. The licensing is done based on the number of events and flows that you receive on this particular device. These are perpetual licenses, which means once you purchase them, they don't expire, which means that the support to IBM is definitely renewed after every one year. We have an enterprise agreement with IBM, which puts the cost in a totally different category as compared to someone who is not an IBM partner and is approaching IBM for this solution. We were able to get massive discounts. To give you an idea, we recently purchased 30,000 event licenses, and it costs around $480,000. It is definitely not a cheap product. We have licenses for about 270,000 events per second and 3 million flows per second. All the appliances and their events and flows are basically clubbed together and charged or rather calculated through a single source. The console receives all the details from all the event processes that we have globally. So, the license that we have is a single license for 270,000 events per second and 3 million flows per second, but that can be managed centrally. I was only part of the secondary purchase, which was 30,000 events per second for about $480,000. You can calculate how much we paid for 270,000 events. Reducing its price would be a compromise. We have already used a lower-priced product in the form of NNT, but we had to get rid of it because it was not doing the job that we actually wanted to do. You get what you pay for."
  • "Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years."

IBM QRadar Software Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Andris Soroka
Co-owner and CEO at Data Security Solutions
Real User
Top 20
Best price-performance ratio, good scalability, and easy to set up

What is our primary use case?

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

Pros and Cons

  • "We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
  • "There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."

What other advice do I have?

It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in…
AM
Security Analyst at a hospitality company with 10,001+ employees
Real User
Top 20
Provides the visibility and analytics needed to detect and combat security risks

What is our primary use case?

We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the… more »

Pros and Cons

  • "The rule engine is very easy to use — very flexible."
  • "The user interface is a bit clunky, a bit hard to find what you need."

What other advice do I have?

I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go. Overall, on a scale from one to ten, I would give this solution a rating of eight.
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
524,194 professionals have used our research since 2012.
HH
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees
Real User
Top 20
User-friendly, offers easy integrations, and has a straightforward setup

What is our primary use case?

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that… more »

Pros and Cons

  • "Customer service is very good and very helpful."
  • "The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."

What other advice do I have?

I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well. While 7.4 is out, we're currently working with version 7.3. Overall, I would rate the product at an eight out of ten. There's more to be done…
Amit Bhatnagar
Senior Manager Information Security at Conduent (formerly Xerox Services)
Real User
Top 10
A user-friendly, stable, and solid product with internal AI and good scalability

What is our primary use case?

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

Pros and Cons

  • "It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
  • "A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."

What other advice do I have?

I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate…
Md Saiful Hyder
AGM, Enterprise Solutions at Omgea Exim Ltd
MSP
Top 5Leaderboard
Flexible and scalable with good stability

What is our primary use case?

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

Pros and Cons

  • "This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
  • "Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."

What other advice do I have?

We're using the latest version of the solution. We are a reseller. We're selling the solution to end customers. Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing…
SuhailWagle
Cyber Security Consultant at Gulf Business Machines
Reseller
Top 10
Great integration capabilities with excellent scalability potential and an easy setup

What is our primary use case?

We primarily use the solution for log collection and security incidents as well as event management.

Pros and Cons

  • "The most valuable aspect of the solution is the integration capabilities on offer."
  • "Technical support could be improved by a bit."

What other advice do I have?

We are resleers of QRadar. In general, we have been quite happy with the solution. I would rate it nine out of ten. We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving. When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very…
RU
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
Top 5Leaderboard
A stable SIEM solution with centralized control and built-in AI/ML

What is our primary use case?

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all… more »

Pros and Cons

  • "QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
  • "When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."

What other advice do I have?

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for. I would rate IBM QRadar a nine out of ten.
OK
Analyst at a tech services company with 501-1,000 employees
Real User
Easily monitors your environment with good user interface and plug-in integrations

What is our primary use case?

We use IBM QRadar to monitor security logs across the network.

Pros and Cons

  • "One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
  • "I would like the rule creation interface to be much more user-friendly in the next release."

What other advice do I have?

I would recommend IBM QRadar. The user interface is really great and it simplifies the task of monitoring your environment. On a scale of one to ten, I would give IBM QRadar an eight.
See 39 more IBM QRadar Reviews
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.