IBM Security QRadar Reviews

Vendor: IBM

4.0 out of 5

204 reviews
91% willing to recommend

6,935 followers

What is IBM Security QRadar?

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

Get the IBM Security QRadar Buyer's Guide and find out what your peers are saying about IBM Security QRadar, CrowdStrike Falcon, Fortinet FortiEDR and more!

IBM Security QRadar is the #1 ranked solution in top User Entity Behavior Analytics (UEBA) solutions, #4 ranked solution in top Security Information and Event Management (SIEM) solutions, #4 ranked solution in SOAR tools, #6 ranked solution in Log Management Software, #10 ranked solution in top Managed Detection and Response (MDR) solutions, #14 ranked solution in XDR Security products, and #18 ranked solution in EDR tools. PeerSpot users give IBM Security QRadar an average rating of 8.0 out of 10. IBM Security QRadar is most commonly compared to CrowdStrike Falcon: IBM Security QRadar vs CrowdStrike Falcon. IBM Security QRadar is popular among the large enterprise segment, accounting for 46% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 22% of all views.

Helped 814,763 peers since 2012

Featured reviews

Muzzamil Hussain

Assistant Vice President at National Bank of Pakistan

One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.

Read full review

Maaz Khalid

Manager SOC at Rewterz

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days. When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment. We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems. We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services. The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

Read full review

Frank Eargle

Information Security Engineer at Glasshouse Systems

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability. IBM Security QRadar’s GUI could be improved. I…

Read full review

IBM Security QRadar mindshare

Product category:

As of November 2024, the mindshare of IBM Security QRadar in the Security Information and Event Management (SIEM) category stands at 9.5%, up from 9.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Key learnings from peers

Valuable Features

IBM Security QRadar has a range of valuable features. These include a flexible playbook engine that allows for graphical visualization of processes, effective integration with other security management systems, good machine learning and analysis capabilities, and effective flagging and pinpointing of strange activity. Other valuable features include simplicity, event and flow collection, predictive analysis capabilities, AI assistant, blocks of predefined conditions for configuring detection rules, real-time detection, vulnerability management, and good visualization. It receives praise for its higher availability, ease of use, risk rating of users, good monitoring and dashboards, and machine learning models. It is described as a complete platform with over 100 features, suitable for large companies with critical infrastructure, and able to support MSSP models. Customers appreciate its user-friendliness, stability, scalability, and good technical support. Pricing is also considered reasonable.

"think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems.In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption."
"The most valuable feature of the solution is its ability to rectify a situation involving any anomalies expeditiously."
"Regarding the tool's ability to maintain high-security standards, I rate it ten out of ten."

Room for Improvement

IBM Security QRadar needs improvement in several areas, including complex management configurations, stability, cost, visualization, compatibility with new-generation tools, and cloud support. Other areas for improvement are dashboards, technical support response time, remote action capabilities. Some users would like to see noise reduction, out-of-the-box use cases, advance in office management, APM features, and a threat intelligence feed.

"For future updates, I'd like to see more advanced threat intelligence features integrated with AI. This would help with analyzing traffic patterns and improving protection. QRadar currently doesn't integrate with AI for threat analysis. However, AI could enhance its capabilities by learning traffic patterns and automatically blocking or quarantining suspicious traffic. This would be especially useful when administrators are not actively monitoring. AI could help by analyzing incoming and outgoing traffic and adjusting policies accordingly."
"Communication between the silos sometimes becomes an issue, making it an area where improvements are required."
"The solution does not support the integration of flat file databases."

ROI

Users report positive ROI from IBM Security QRadar, with a good or reasonable return on investment, particularly in terms of employee profiling and valuable data obtained. It is seen as providing significant value.

Pricing

IBM Security QRadar adopts a straightforward pricing approach, often with no setup costs, easing the implementation burden for users. Typically, pricing is structured based on a combination of factors such as data volume, event rates, and required features. Costs vary accordingly, catering to diverse organizational sizes and requirements.

"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace."
"The tool's price is high."

Popular Use Cases

IBM Security QRadar is used for a variety of security purposes such as threat detection and response, incident management, monitoring, breach management, and user behavior analytics. It is used for logging and monitoring network security, security analysis, and monitoring for network-related attacks. QRadar is used to collect logs and monitor user activity and traffic from one network to another. It helps detect viruses on Windows servers and critical assets, and track user activity such as connections during travel. The UBA component is used to investigate user activity and detect uncommon authentication patterns. The tool helps automate the incident processing and provides visibility into the incident management process.

Service and Support

IBM Security QRadar's customer service and support receive mixed reviews. Some users are satisfied with the level of service they receive and find technical support helpful. Others have had issues with accessibility and response time.

Deployment

Initial setup for IBM Security QRadar varies depending on the complexity of the environment and network architecture. It can range from easy to moderate to complex, and can take anywhere from a few hours to several months to complete. It is manageable with the right technical expertise and support. The deployment and configuration require initial implementation followed by additional time for fine-tuning and automation.

Scalability

IBM Security QRadar is considered a scalable solution, with ratings of this aspect ranging from six to ten out of ten. The solution is said to handle thousands of users, and it is easy to add appliances or expand licenses. Some users have noted that the solution may require some planning for long-term scalability or may come at a high price. It is reported to work well for small, medium, and large enterprises, with users ranging from less than five to over 25,000.

Stability

The stability of IBM Security QRadar is rated good to excellent, with some even giving it a perfect 10. Some reviewers mention occasional errors or bugs, but these are generally quickly resolved by IBM's support team. A few reviewers express concerns about the system's capacity to handle large volumes of logs and the resources required for certain features.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our IBM Security QRadar Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Financial Services Firm

10%

Government

Manufacturing Company

University

Healthcare Company

Energy/Utilities Company

Comms Service Provider

Insurance Company

Media Company

Retailer

Construction Company

Real Estate/Law Firm

Non Profit

Hospitality Company

Transportation Company

Outsourcing Company

Wholesaler/Distributor

Legal Firm

Performing Arts

Recreational Facilities/Services Company

Consumer Goods Company

Pharma/Biotech Company

Compare IBM Security QRadar with alternative products

Learn more about IBM Security QRadar

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats.

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

Data processing and capture on any security event
Disaster recovery options and high availability
Scalability for large enterprises
SoftLayer cloud installation capability
Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

IBM Security QRadar was previously known as IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson.