IBM QRadar Room for Improvement

DAX Paulino
Cybersecurity Practice Lead at a tech services company with 201-500 employees
The first area for improvement is the cost. It's a little bit too expensive for us. Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it. In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting. View full review »
Program Manager at a tech services company
With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels. Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product. View full review »
Vulnerability Manager at a tech services company with 51-200 employees
It would be good if the program allowed certain profiles to only see certain customer information. View full review »
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
438,725 professionals have used our research since 2012.
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused with our requests. View full review »
Cyber Security Specialist at AEC
There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar. View full review »
Larbi Belmiloud
Security Engineer at a tech services company with 11-50 employees
The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on. Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement. In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head. View full review »
Dameer Siddiqui
Senior Associate Consultant at Skill Orbit (Pvt.) Ltd.
The quoting and the dashboard session could be improved. It should be more user-friendly. Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product. View full review »
Senior Security Architect at a tech services company with 10,001+ employees
There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well. View full review »
B.T. Güvenlik Yöneticisi at a recruiting/HR firm with 10,001+ employees
There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment. The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten. View full review »
D.M.Hashim-Ul- Alom
Senior Server Security Engineer
I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client. IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution. View full review »
Nimesh Bhatia
IT Security and Business Development Manager at a tech services company with 51-200 employees
If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them. If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers. We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update. View full review »
Managing Director at a tech services company with 1,001-5,000 employees
They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not. View full review »
Daniel Sichel
User at a healthcare company with 5,001-10,000 employees
I would still like to see a better GUI. improvements have been made but there still a way to go. There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again. In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for 5 or 6 figures in hardware and software, it aught to keep up with my typing. But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else. View full review »
Chief Technology Officer at a tech services company with 51-200 employees
There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer. The ticketing system is not fully automated and needs to be improved. There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team. The pricing needs to be such that they are more competitive with other vendors. View full review »
Muhammad Adeel
Senior Security Engineer at dig8labs
The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops. View full review »
Onyegbule Uche
Technical Consultant at Activedge Technologies
I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place. View full review »
Phillip Okemwa
Senior Information Security Analyst at a financial services firm with 501-1,000 employees
I would like for them to lower the price. View full review »
Information Security Manager at a comms service provider with 1,001-5,000 employees
There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product. View full review »
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at CIA Botswana
The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved. The configuration steps are not easy to follow compared to NetWitness. View full review »
Harshit Jaiswal
Security Consultant at Varutra Consulting
The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects. They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal. View full review »
Marketing Director at a aerospace/defense firm with 1-10 employees
The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool. View full review »
Shaikh Jamal Uddin
Senior Information Security Consultant at Secure Coat
Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements. View full review »
Senior Information Security Analyst at a tech services company with 501-1,000 employees
I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions. View full review »
General Manager at New System Engineering
It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices. View full review »
Mika Suomu
Cloud Security Architect at Nordcloud Oy
* Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more. * The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. * I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions. View full review »
Rajeev MM
Senior Analyst at a tech services company with 201-500 employees
They should introduce some automation into the product. View full review »
Senior Field Manager at a tech services company
I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution. View full review »
Rossella Falcone
Sr. Security Engineer at OmnitechIT
It needs more resilience and functionality. View full review »
Yong Chen
Security Consultant at a tech services company with 11-50 employees
They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement. View full review »
Nizar Hedhili
General Manager at Global Solutions Services
* Data encryption * Flow encryption * Third-party compliance * Its architecture is very complicated. * Its hardware is Lenovo-based. View full review »
Vik Solem
President, Consultant, Trainer at MEI Security
We would like to see better instrumentation for debugging changes in the log flow. View full review »
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
438,725 professionals have used our research since 2012.