We just raised a $30M Series A: Read our story
MUHAMMAD WAQAS
Relationship Manager at a financial services firm with 5,001-10,000 employees
Real User
Reasonably priced with good technical support and offers great performance

Pros and Cons

  • "We've found the technical support to be very good."
  • "The product needs to improve its GUI."

What is most valuable?

The price is very good. It's quite reasonable.

The solution's performance is excellent. The stability is excellent.

We've found the technical support to be very good.

The pricing is very good.

What needs improvement?

The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.

For how long have I used the solution?

I've been using the solution for approximately two years or so.

What do I think about the stability of the solution?

The stability of the product has been great. It's from 80% to 90% is stable. There are very few bugs or glitches. It doesn't crash or freeze. If you do run into issues, technical support is quite helpful. 

What do I think about the scalability of the solution?

The product works well for small or medium-sized enterprises.

How are customer service and technical support?

The technical support has been great so far. If you run into any kind of issue, their support is available. They are very helpful and extremely responsive. We're quite satisfied with their level of service. I'd give them a rating of 90% to 95%.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is quite reasonable.

What other advice do I have?

We're a customer and an end-user. We don't have a direct business relationship with IBM.

Overall, I would rate the solution at a nine out of ten. We've been extremely satisfied with the product so far.

I'd recommend the solution, however, depends upon a company's budget and requirements. For small and medium enterprises, QRadar is the best solution, due to its price and performance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
JN
Director of Information Security at a financial services firm with 501-1,000 employees
Real User
Top 20
Scalable with good searching capabilities and good support

Pros and Cons

  • "The most valuable feature is the searching capability and real-time operational use."
  • "Some of the cloud apps need improvement."

What is our primary use case?

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

How has it helped my organization?

It has improved the way that the organization functions.

What is most valuable?

The most valuable feature is the searching capability and real-time operational use.

What needs improvement?

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

For how long have I used the solution?

I have been using IBM QRadar for two years.

We are using the current version.

What do I think about the stability of the solution?

Stability is moderate.

We have 15 people using this solution in our organization. Their positions vary from Network Engineers, Security Engineers, and Security Analysts.

What do I think about the scalability of the solution?

It's very scalable.

How are customer service and technical support?

Technical support is good.

I would rate them a nine out of ten. Their response time is good.

Which solution did I use previously and why did I switch?

Previously, I did not use another solution.

How was the initial setup?

The initial setup is complex. It's just the nature of the CM tool.

What's my experience with pricing, setup cost, and licensing?

I think that the price is fair, but we can always say that the price could be cheaper.

What other advice do I have?

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,424 professionals have used our research since 2012.
JM
Sr.Network Engineer at a computer software company with 10,001+ employees
MSP
A reliable and scalable solution for network behavior and log analytics

Pros and Cons

  • "The solution is reliable."
  • "I need a solution which will send alerts in the event of any behavior."

What is our primary use case?

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

What is most valuable?

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

What needs improvement?

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

What do I think about the stability of the solution?

The solution is reliable. 

What do I think about the scalability of the solution?

The scalability is fine. 

How are customer service and technical support?

Technical support is okay. We have had no issues with them. 

What's my experience with pricing, setup cost, and licensing?

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

What other advice do I have?


Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RR
IT Security Manager at a tech services company with 201-500 employees
Real User
Excellent network monitoring but needs better compatibility

Pros and Cons

  • "The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
  • "The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."

What is our primary use case?

Our primary use case is for monitoring global infrastructure.

What is most valuable?

The feature that I have found most valuable is how it monitors the real network. That is its leading security feature.

What needs improvement?

In terms of what could be improved, I'd say do nothing, in its current state it does quite okay for now.

The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good

For how long have I used the solution?

I have been using IBM QRadar for more than five years.

I'm using the latest version of QRadar.

What do I think about the stability of the solution?

The stability is very good. Its operation is very good.

What do I think about the scalability of the solution?

We have less than five people using it.

For us, as a small security company, it is covering our needs and our growth.

How are customer service and technical support?

Customer support is good. When an incident gets raised there is a 10 day response.

How was the initial setup?

The initial setup was complex.

What about the implementation team?

We use the vendor for everything. That is the style of the corporation. For these jobs the responsibility and knowledge is on the vendor's side.

What's my experience with pricing, setup cost, and licensing?

Implementation is over time and the maintenance price for QRadar is competitive.

What other advice do I have?

On a scale of one to ten, I would give IBM QRadar a seven.

Overall, I would of course recommend this product to others because of all its functionalities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
DB
Security Sales Consultant at Google, LLC
Reseller
Great detection capability; lacks features such as predictive identification of threads

Pros and Cons

  • "Vulnerability data, network data and the like, are part of correlation and detection."
  • "Pricing model could be more cost-effective."

What is our primary use case?

I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant. 

What is most valuable?

A valuable feature is the detection capability. I like that the solution can use data other than log data which means that things like vulnerability data, network data and the like, are part of the correlation and detection.

What needs improvement?

I think they could change their pricing model to be more cost effective. It currently relies on data ingestion. I'd like to see IBM extend their capability with the solution to include more than just fault finding, features such as predictive identification of threads. Having better support for things like MITRE and the ATT&CK chain, and using all of the known attacks that are out there when they're actually spotting events and correlations. 

For how long have I used the solution?

I've used this solution for 10 years. 

What do I think about the scalability of the solution?

The solution is very scalable. 

How are customer service and technical support?

Technical support is pretty good, but sometimes when the problems are complex they can be slow to respond. 

How was the initial setup?

The initial setup is very easy. I think it's one of the easiest SIMs to use. 

What other advice do I have?

IBM has recently come out with a new version called Cloud Pak for Security but I haven't used it yet. It contains not just QRadar, but also IBM's resilience incident response products. 

I recommend the solution but because of the issues with pricing and technical support, I rate the solution seven out of 10. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
SG
Vice President at a financial services firm with 10,001+ employees
Real User
Provides a complete platform for log ingestion, correlations and runtime

Pros and Cons

  • "The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
  • "The solution should enhance its capabilities of UEBA and AI/ML tech modeling."

What is most valuable?

The product provides a very defined solution. It provides a complete platform for ingesting the log, doing the correlations and handling the runtime.

What needs improvement?

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

For how long have I used the solution?

I have been using IBM QRadar for approximately four years.

What do I think about the stability of the solution?

IBM QRadar is a very stable product.

What do I think about the scalability of the solution?

The product is very scalable and this can be done to a number of endpoints and towers. However, this is not very feasible, as it depends on the available in-house infrastructure. 

How are customer service and technical support?

Technical support is very helpful. They are very knowledgeable. While the geographic location can sometimes pose a challenge, my overall experience with the technical support team has been very positive.

How was the initial setup?

The complexity of the initial setup is intermediate. It is neither straightforward nor complex but somewhere in the middle. A person with experience working in a security operation center and who is experienced with correlation rules and use cases can directly configure into the solution. 

What other advice do I have?

Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship.

I rate IBM QRadar as an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
TG
Sr. Information Security Analyst at a insurance company with 51-200 employees
Real User
Robust monitoring that is scalable and includes the SOC service

Pros and Cons

  • "The best part of this solution is having a third-party SOC."
  • "The user interface is a bit difficult to get used to."

What is our primary use case?

The primary use case of this solution is for monitoring the network.

What is most valuable?

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

What needs improvement?

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

For how long have I used the solution?

I have been working with QRadar for two years.

We are working with the latest version.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

How was the initial setup?

The third-party vendor manages the system

What about the implementation team?

We had a third party vendor to complete the installation, so it wasn't bad.

Which other solutions did I evaluate?

We evaluated all of the Gartner top quadrants.

What other advice do I have?

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Syed Hammad Shafiq
Information Security Manager at a tech services company with 1,001-5,000 employees
Real User
Easy to set up but support is lacking

What is our primary use case?

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

What needs improvement?

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

How are customer service and technical

What is our primary use case?

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

What needs improvement?

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

How are customer service and technical support?

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

How was the initial setup?

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

Which other solutions did I evaluate?

I am evaluating Splunk.

What other advice do I have?

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.