IBM QRadar Overview
IBM QRadar is the #2 ranked solution in our list of Log Management Software. It is most often compared to Splunk: IBM QRadar vs Splunk
What is IBM QRadar?
The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.
With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.
IBM QRadar is also known as QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar.
IBM QRadar Buyer's Guide
Download the IBM QRadar Buyer's Guide including reviews and more. Updated: September 2021
IBM QRadar Customers
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
IBM QRadar Video
Pricing Advice
What users are saying about IBM QRadar pricing:
- "It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
- "It's very expensive but it fits our budget."
- "It is a perpetual license that we have for the event collector. The licensing is done based on the number of events and flows that you receive on this particular device. These are perpetual licenses, which means once you purchase them, they don't expire, which means that the support to IBM is definitely renewed after every one year. We have an enterprise agreement with IBM, which puts the cost in a totally different category as compared to someone who is not an IBM partner and is approaching IBM for this solution. We were able to get massive discounts. To give you an idea, we recently purchased 30,000 event licenses, and it costs around $480,000. It is definitely not a cheap product. We have licenses for about 270,000 events per second and 3 million flows per second. All the appliances and their events and flows are basically clubbed together and charged or rather calculated through a single source. The console receives all the details from all the event processes that we have globally. So, the license that we have is a single license for 270,000 events per second and 3 million flows per second, but that can be managed centrally. I was only part of the secondary purchase, which was 30,000 events per second for about $480,000. You can calculate how much we paid for 270,000 events. Reducing its price would be a compromise. We have already used a lower-priced product in the form of NNT, but we had to get rid of it because it was not doing the job that we actually wanted to do. You get what you pay for."
IBM QRadar Software Reviews
Filter by:
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Order by:
Loading...
Search:
Simon Thornton
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
Provides a single window into your network, SIEM, network flows, and risk management of your assets
What is our primary use case?
We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.Pros and Cons
- "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
- "I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
What other advice do I have?
Make sure that you have the buy-in from different teams in the company because you will need help from the network teams. You will potentially need help from IT. You need to have a strategy of how you onboard logs into SIEM. Do you take a risk-based approach or do you onboard everything? You should take the time to understand the architecture and the implications of design choices. For instance, QRadar Components communicate with each other using SSH tunnels. The normal practice in security is that if I put a device in a DMZ, then communication between the device on the normal network, which…
Andris Soroka
Co-owner and CEO at Data Security Solutions
Best price-performance ratio, good scalability, and easy to set up
What is our primary use case?
I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.Pros and Cons
- "We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
- "There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
What other advice do I have?
It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in…
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
535,919 professionals have used our research since 2012.
Amit Bhatnagar
Senior Manager Information Security at Conduent (formerly Xerox Services)
A user-friendly, stable, and solid product with internal AI and good scalability
What is our primary use case?
We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.Pros and Cons
- "It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
- "A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
What other advice do I have?
I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate…
Md Saiful Hyder
AGM, Enterprise Solutions at Omgea Exim Ltd
Flexible and scalable with good stability
What is our primary use case?
We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.Pros and Cons
- "This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
- "Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
What other advice do I have?
We're using the latest version of the solution. We are a reseller. We're selling the solution to end customers. Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing…
SuhailWagle
Cyber Security Consultant at Gulf Business Machines
Great integration capabilities with excellent scalability potential and an easy setup
What is our primary use case?
We primarily use the solution for log collection and security incidents as well as event management.Pros and Cons
- "The most valuable aspect of the solution is the integration capabilities on offer."
- "Technical support could be improved by a bit."
What other advice do I have?
We are resleers of QRadar. In general, we have been quite happy with the solution. I would rate it nine out of ten. We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving. When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very…See 44 more IBM QRadar Reviews
Popular Comparisons
Splunk
LogRhythm NextGen SIEM
ELK Logstash
Azure Sentinel
ArcSight Enterprise Security Manager (ESM)
RSA NetWitness Logs and Packets (RSA SIEM)
McAfee ESM
Exabeam Fusion SIEM
Fortinet FortiSIEM
Elastic SIEM
Rapid7 InsightIDR
AT&T AlienVault USM
Securonix Security Analytics
Graylog
SolarWinds Security Event Manager
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- What is your opinion of IBM QRadar?
- What is the difference between IT event correlation and aggregation?
- What Questions Should I Ask Before Buying SIEM?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What is the difference between SIEM and SOAR platforms?
- How does Network Detection and Response (NDR) Differ from SIEM?
- What is the difference between log management and SIEM?
- Which SIEM is best fit with Palo Alto Cortex XDR?