We just raised a $30M Series A: Read our story
Suraj Jagtap
Senior Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
Feature rich solution recommended for every customer

Pros and Cons

  • "The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
  • "In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."

What is most valuable?

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

What needs improvement?

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

For how long have I used the solution?

I have been working with IBM QRadar for the last four years.

What do I think about the stability of the solution?

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

What do I think about the scalability of the solution?

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

How are customer service and technical support?

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

Which solution did I use previously and why did I switch?

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

How was the initial setup?

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

What's my experience with pricing, setup cost, and licensing?

As compared to LogRhythm, IBM QRadar's pricing is moderate.

What other advice do I have?

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
DD
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees
Real User
Top 20
Easy to use, provides environment visibility, and assists with incident discovery in advance of problems to the business

Pros and Cons

  • "This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
  • "The modularity could be improved."

What is our primary use case?

We are using QRadar as a managed service.

How has it helped my organization?

This product helps us to find security incidents before they become a problem to the business. We are able to attend to them quicker and we can put protection in place so that should they occur again, we are able to deal with them more easily.

What is most valuable?

The most valuable feature is the ease of use.

What needs improvement?

The modularity could be improved.

For how long have I used the solution?

We have been using IBM QRadar for three years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

We have had no issues with scalability and we have approximately 1,500 users. We are not using its full capabilities at the moment because we are still growing. In the next year or two, we will see.

How are customer service and technical support?

I don't deal with IBM directly. Rather, I deal with our service provider and they deal with IBM.

How was the initial setup?

The initial set was very easy for us because we just bought what we were looking for, and not the entire infrastructure.

What about the implementation team?

The company that we subscribe to for this service takes care of the installation, maintenance, and management of it. They give us updates that concern the features we use, so the maintenance doesn't affect us much.

What's my experience with pricing, setup cost, and licensing?

We use QRadar as a managed service and we pay licensing fees to the partner.

What other advice do I have?

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
AndyChan3
General manager at MOL-IT India Pvt. Ltd.
Real User
Top 5Leaderboard
Good detect rate with a small number of false positives, and support resolves issues quickly

Pros and Cons

  • "The detection rate is good and the false positive rate is low."
  • "They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."

What is our primary use case?

We used this product as a SIEM, for information security.

How has it helped my organization?

This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.

What is most valuable?

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

What needs improvement?

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

For how long have I used the solution?

We have used IBM QRadar for approximately two years.

What do I think about the stability of the solution?

I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.

How are customer service and technical support?

Technical support is quick to resolve issues.

Which solution did I use previously and why did I switch?

We developed our own application to use as a SIEM, but we switched to QRadar.

How was the initial setup?

The initial setup is complex and the deployment takes approximately three months.

What's my experience with pricing, setup cost, and licensing?

It would be great if this product were cheaper.

Which other solutions did I evaluate?

We did evaluate other options before selecting this product.

What other advice do I have?

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.

My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
JW
Solution Security Architect at PT. Sinergy Informasi Pratama
Real User
Top 20
Provides great analysis of event logs, event security; easily manageable with one monitor

Pros and Cons

  • "It can analyze event logs, event security, and give a good consult."
  • "Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."

What is our primary use case?

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

What is most valuable?

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

What needs improvement?

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

For how long have I used the solution?

I've been using this solution for a year. 

What do I think about the stability of the solution?

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

What do I think about the scalability of the solution?

The scalability is easy but it comes at a high price.

How are customer service and support?

IBM in Indonesia provides great support.

How was the initial setup?

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

What's my experience with pricing, setup cost, and licensing?

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

What other advice do I have?

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
FC
Ingénieur d'étude R&D at DOGA
Real User
Top 20
Easy to use, helps increase development speed and is stable

Pros and Cons

  • "The solution is relatively easy to use."
  • "The pricing of the solution is a bit high. If they could lower it, that would be ideal."

What is our primary use case?

We primarily use the solution to develop software, for some device controllers.

What is most valuable?

The solution is relatively easy to use.

The product helps increase development speed.

The customization is very good, as are the dashboards and the security.

What needs improvement?

I'm not sure if there are any features missing from the solution. It's pretty complete.

The pricing of the solution is a bit high. If they could lower it, that would be ideal.

For how long have I used the solution?

I've been using the solution for three years or so at this point. It hasn't been too long.

What do I think about the stability of the solution?

The solution is quite stable. It doesn't have bugs or glitches. It doesn't crash on me or freeze. It's reliable.

What do I think about the scalability of the solution?

I only really use the solution myself. I can't speak to the scalability of the solution.

How are customer service and technical support?

I've never had to reach out to technical support. I can't speak to their responsiveness or knowledgeability.

How was the initial setup?

The initial setup was not complex at all. It's pretty straightforward and simple. We didn't face any real issues during the deployment process.

What's my experience with pricing, setup cost, and licensing?

The price can be expensive, however, it's all relative, as it helps speed up development, which can save money for the organization. 

The payments for the product are made on a yearly basis.

What other advice do I have?

I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it.

I would recommend the solution to other organizations, however, if it is right for them depends on their need.

Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
GC
Queretaro at a tech services company with 1-10 employees
Reseller
Top 20
A complete network analysis tool that is agile, versatile, and easy to operate

Pros and Cons

  • "The most valuable features are the versatility of this solution and the variety of things you can do with it."
  • "The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."

What is our primary use case?

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

How has it helped my organization?

It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.

What is most valuable?

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

What needs improvement?

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

For how long have I used the solution?

We have been working with QRadar for less than one year.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

This is a scalable product that can scale to a large-sized organization.

My client for QRadar is medium-sized.

How was the initial setup?

You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.

It's a process to deploy, but once you have it configured it's easy to operate.

What about the implementation team?

The deployment can be done in-house.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay, it's comparable to other vendors.

It's not expensive for the resources that it gives you.

What other advice do I have?

I think the tool is very complete and very agile.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
KA
Country Manager at a tech services company with 11-50 employees
Real User
Top 20
Stable, scalable, and helpful support

What is our primary use case?

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats. We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

What needs improvement?

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

For how long have I used the solution?

I have been using IBM QRadar for approximately two…

What is our primary use case?

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

What needs improvement?

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

For how long have I used the solution?

I have been using IBM QRadar for approximately two years.

What do I think about the stability of the solution?

I have found IBM QRadar to be stable.

What do I think about the scalability of the solution?

IBM QRadar is scalable.

How are customer service and support?

The technical support of IBM QRadar is good.

Which solution did I use previously and why did I switch?

IBM QRadar is the best SAN solution we have used compared to the others.

How was the initial setup?

We manage the installation of the solution. It is not something difficult, it is reasonable. It is not that easy for anyone to do, it needs a technical team.

What about the implementation team?

The implementation needs a technical team and we have two engineers for the implementation and maintenance.

What's my experience with pricing, setup cost, and licensing?

There is a license to use this solution, which is paid annually. However, there are subscription options available.

What other advice do I have?

I recommend this solution to others.

I rate IBM QRadar an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
JB
Deputy General Manager at a comms service provider with 5,001-10,000 employees
Real User
Top 5Leaderboard
Correlation done well, fair pricing, and knowledgeable technical team

Pros and Cons

  • "When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
  • "I have noticed the interface has room for improvement."

What is most valuable?

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

What needs improvement?

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

For how long have I used the solution?

I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

How are customer service and technical support?

The solution has a good technical team.

How was the initial setup?

The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

What's my experience with pricing, setup cost, and licensing?

When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

Which other solutions did I evaluate?

We have compared Securonix and many other solutions to this one.

What other advice do I have?

I rate IBM QRadar a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.