We just raised a $30M Series A: Read our story
Kashif-Jamil
CEO at Xcelliti
Real User
Top 5Leaderboard
Easy to install and use, but the GUI and reporting features need to be improved

Pros and Cons

  • "It has very rich functionality."
  • "QRadar needs to be more specialized, along the lines of what other SIEM solutions are."

What is our primary use case?

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

What is most valuable?

This product is easy to install, integrate, and use.

It has very rich functionality.

What needs improvement?

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

For how long have I used the solution?

I have been working with IBM QRadar for between three and four years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

QRadar is a scalable solution.

How are customer service and technical support?

Technical support is very good.

What's my experience with pricing, setup cost, and licensing?

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

What other advice do I have?

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
OF
Professional Services at a tech services company with 51-200 employees
Real User
Powerful user behavior analytics capabilities, and the log and process collection functionality is good

What is most valuable?

The most valuable feature is user behavior analytics (UBA). The EPS and FPS graphs are helpful. The collecting of logs and processes is very good.

What needs improvement?

The support process needs to be improved. Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

For how long have I used the solution?

I have been using IBM QRadar for about one year.

What do I think about the stability of the solution?

QRadar is a very stable product.

How are customer service and technical support?

The whole process for support is something that needs to be improved. You have to…

What is most valuable?

The most valuable feature is user behavior analytics (UBA).

The EPS and FPS graphs are helpful.

The collecting of logs and processes is very good.

What needs improvement?

The support process needs to be improved.

Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

For how long have I used the solution?

I have been using IBM QRadar for about one year.

What do I think about the stability of the solution?

QRadar is a very stable product.

How are customer service and technical support?

The whole process for support is something that needs to be improved. You have to create a case, export the log and attach it to the case, then an engineer will clarify what you need to export and attach it to the ticket or support case, and so on. When you're working with a system that does not have good bandwidth, it makes it even more stressful. It is a lot of work and it should be easier to do.

My colleague has worked more with support and the feedback that I have heard is that they are quite good. It's the process that I am complaining about.

How was the initial setup?

The initial setup is pretty straightforward.  We had several logs to integrate so it took a week and perhaps a few days.

What other advice do I have?

I would rate this product a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,089 professionals have used our research since 2012.
BT
Assistant IT Manager at a insurance company with 1,001-5,000 employees
Real User
Top 5
A SIEM solution that's easy to use, but the price could be better

What is our primary use case?

I use QRadar for cybersecurity defense, operation, and to improve performances.

What is most valuable?

I like that it's easy to use and the performance is good.

What needs improvement?

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

For how long have I used the solution?

I have been using IBM QRadar for four years.

What do I think about the stability of the solution?

IBM QRadar is a stable solution, but it could be more stable.

What do I think about the scalability of the solution?

IBM QRadar is a scalable solution. We have about 100 users at the moment.

How are customer service and

What is our primary use case?

I use QRadar for cybersecurity defense, operation, and to improve performances.

What is most valuable?

I like that it's easy to use and the performance is good.

What needs improvement?

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

For how long have I used the solution?

I have been using IBM QRadar for four years.

What do I think about the stability of the solution?

IBM QRadar is a stable solution, but it could be more stable.

What do I think about the scalability of the solution?

IBM QRadar is a scalable solution. We have about 100 users at the moment.

How are customer service and technical support?

I remember that I opened ten or 20 cases to receive support from IBM over three years.

How was the initial setup?

The initial setup and deployment are very easy. I think it took us about a month to implement this solution. We have a team of two, one manager and one technical, to deploy, manage, and maintain this solution.

What about the implementation team?

We installed this solution with the help of a consultant.

What's my experience with pricing, setup cost, and licensing?

The price could be better. I bought a subscription for three years. 

What other advice do I have?

On a scale from one to ten, I would give IBM QRadar a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ITCS user
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 20
Can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent.

Pros and Cons

  • "Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
  • "AI is superb but need improvements."

What is our primary use case?

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

How has it helped my organization?

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

What is most valuable?

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

What needs improvement?

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

For how long have I used the solution?

One to three years...

What do I think about the stability of the solution?

No issues.

How are customer service and technical support?

Very good

Which solution did I use previously and why did I switch?

Mcafee, switched due to the bad correlation of data.

How was the initial setup?

It was straightforward

Which other solutions did I evaluate?

Splunk and Logrhythm..

What other advice do I have?

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
Top 5Leaderboard
Flexible, easy to use, and scalable

Pros and Cons

  • "The solution is flexible and easy to use."
  • "IBM is going through some problems with its resources currently making its support response time slow."

What is our primary use case?

We are a service provider and we are providing the solution as a managed service for multitenancy security.

What is most valuable?

The solution is flexible and easy to use.

What needs improvement?

IBM is going through some problems with its resources currently making its support response time slow.

For how long have I used the solution?

I have been using the solution for a couple of months.

What do I think about the stability of the solution?

I find the solution reliable. 

What do I think about the scalability of the solution?

The solution is scalable. We have 15 customers using it at the moment.

How are customer service and technical support?

The support could be a lot better by being faster.

Which solution did I use previously and why did I switch?

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

How was the initial setup?

The installation was a little difficult and could be made easier.

Which other solutions did I evaluate?

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

What other advice do I have?

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
MK
Practice Head at a tech services company with 51-200 employees
Real User
Top 20
Flexible correlation, easy to use, and stable

Pros and Cons

  • "It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
  • "The technical support can be improved a little bit, and the price could be cheaper."

What is our primary use case?

We have a POC environment but have not onboard it to any of our clients.

What is most valuable?

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

What needs improvement?

The technical support can be improved a little bit, and the price could be cheaper.

For how long have I used the solution?

I have been using IMB QRadar for one year.

What do I think about the stability of the solution?

IBM QRadar is a stable solution.

How are customer service and technical support?

Technical support needs improvement.

Which solution did I use previously and why did I switch?

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

IBM QRadar is a little bit expensive compared to other products.

What other advice do I have?

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Olakanmi Oluwole
Cyber threat Intelligence Manager at CyberLab Africa
Real User
Top 5
Beneficial log reporting, excellent technical support, but stability needs improvement

What is our primary use case?

We use IBM QRadar for threat protection.

What is most valuable?

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

What needs improvement?

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The stability of the solution could improve.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and technical support?

The technical support is great.…

What is our primary use case?

We use IBM QRadar for threat protection.

What is most valuable?

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

What needs improvement?

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The stability of the solution could improve.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and technical support?

The technical support is great. Additionally, there are plenty of resources available to increase knowledge about the solution.

Which solution did I use previously and why did I switch?

We have used other solutions in the past.

How was the initial setup?

The installation is not very difficult, I did not have any problems.

What about the implementation team?

We used consultants for the implementation. We have five engineers that do the maintenance of this solution.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution.

What other advice do I have?

I would recommend this solution to others.

I rate IBM QRadar a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oscar Orellana
Founder at a university with 11-50 employees
Real User
Top 10
Stable, easy to set up, and has good support

What is our primary use case?

This product helps to build a strong architecture, which is important to avoid problems.

What is most valuable?

I think the QDI is very good.

What needs improvement?

The biggest drawback of this solution is the price. The threat detection needs improvement, they have many false positives. It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

For how long have I used the solution?

I have been using IBM QRadar for three years. We are using version 7.4.3

What do I think about the stability of the solution?

It's a stable solution.

How are customer service and technical support?

We have many interactions with L2 support when we needed L3 support.…

What is our primary use case?

This product helps to build a strong architecture, which is important to avoid problems.

What is most valuable?

I think the QDI is very good.

What needs improvement?

The biggest drawback of this solution is the price.

The threat detection needs improvement, they have many false positives.

It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

For how long have I used the solution?

I have been using IBM QRadar for three years.

We are using version 7.4.3

What do I think about the stability of the solution?

It's a stable solution.

How are customer service and technical support?

We have many interactions with L2 support when we needed L3 support. I would rate technical support an eight out of ten.

How was the initial setup?

The initial setup is straightforward. We had no problems.

It took approximately a month to deploy.

What's my experience with pricing, setup cost, and licensing?

This price is a little high, so it's an expensive product. It is a good solution but not a cheap one.

What other advice do I have?

I would rate IBM QRadar a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.