It gives me insight and visibility, so I can detect a threat coming in and all the offenses are coming in from monitoring one spot.
Cyber Security Manager at a energy/utilities company with 1,001-5,000 employees
In general, if you have any botnets or malware, you identify and mitigate it. The biggest challenge is in the upgrade.
What is most valuable?
How has it helped my organization?
We're centralizing all the logs in one location. So, if you have an incident, you can definitely discover it fairly quickly, as it's in one database. In general terms, if you have any botnets or malware, you identify and mitigate it fairly quickly.
What needs improvement?
The biggest challenge is in the upgrade, e.g., when it comes down to a new OS, you have to wipe it clean and reset everything. It takes time when you have 40-50 devices all over the place. It's impossible sometimes to go out and touch every single one of them. So, then, if it's an automatic process, you can upgrade to the new version in just point and click. However, that's not the case right now.
WinCollect is a challenge also, and I'd highly recommend that the Q1 team should build a lot of Windows-based collectors that simply work. Just like the competitor, Spunk, when you put it in, you don't have to do too much modifications. So, that's a challenge right now.
What do I think about the stability of the solution?
The environment is pretty stable. We just upgraded about a year ago, so it's pretty robust in the environment that we have. It's working really well for us, we've been using it for about 10+ years. We bought it before IBM purchased them.
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
How are customer service and support?
We interact with IBM regularly, so we have a direct tie with them. We're almost like a partner, right now, and we are working very well together.
The technical support is pretty good, i.e., if you get the right person in, it moves pretty fast and issues are resolved fairly quickly. But, you just need to find the right person, which can be a little difficult sometimes.
How was the initial setup?
The setup is very complex; it's not like somebody can walk in and build it. It requires many years of experience to manage and maintain it. You need to have at least an experienced and dedicated team, in order to maintain the environment that we have. It's nothing like a click-and-done type; it requires a lot of care and feeding to manage the environment.
What other advice do I have?
It's a very solid product. However, there are a lot of things that can be improved.
Definitely get a team or hire a professional to install this product. Otherwise, I guarantee you're not going to be successful. There is a lot of filtering that needs to be done; otherwise, you are going to get overwhelmed with the events coming in and will have no idea, as to what is right and wrong. You definitely want to hire a trained team or some professionals.
The price is the most important criteria when selecting a vendor. Other factors such as the quality of the product, PoC, how well the team interacts and the support, are always important.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Cybersecurity Business Development Manager at a comms service provider with 10,001+ employees
Helpful customer support, overall good functionality, and reliable
Pros and Cons
- "Overall a great solution."
- "There needs to be better integration with other applications."
What is our primary use case?
I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries.
What is most valuable?
Overall a great solution.
What needs improvement?
There needs to be better integration with other applications.
What do I think about the scalability of the solution?
We have approximately 40 users using the solution.
How are customer service and technical support?
The technical support is good.
How was the initial setup?
The installation is complex.
What about the implementation team?
We do the deployment for the solution.
What other advice do I have?
I rate IBM QRadar a ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Ingénieur d'étude R&D at DOGA
Easy to use, helps increase development speed and is stable
Pros and Cons
- "The solution is relatively easy to use."
- "The pricing of the solution is a bit high. If they could lower it, that would be ideal."
What is our primary use case?
We primarily use the solution to develop software, for some device controllers.
What is most valuable?
The solution is relatively easy to use.
The product helps increase development speed.
The customization is very good, as are the dashboards and the security.
What needs improvement?
I'm not sure if there are any features missing from the solution. It's pretty complete.
The pricing of the solution is a bit high. If they could lower it, that would be ideal.
For how long have I used the solution?
I've been using the solution for three years or so at this point. It hasn't been too long.
What do I think about the stability of the solution?
The solution is quite stable. It doesn't have bugs or glitches. It doesn't crash on me or freeze. It's reliable.
What do I think about the scalability of the solution?
I only really use the solution myself. I can't speak to the scalability of the solution.
How are customer service and technical support?
I've never had to reach out to technical support. I can't speak to their responsiveness or knowledgeability.
How was the initial setup?
The initial setup was not complex at all. It's pretty straightforward and simple. We didn't face any real issues during the deployment process.
What's my experience with pricing, setup cost, and licensing?
The price can be expensive, however, it's all relative, as it helps speed up development, which can save money for the organization.
The payments for the product are made on a yearly basis.
What other advice do I have?
I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it.
I would recommend the solution to other organizations, however, if it is right for them depends on their need.
Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at IT Specialist LLC
Free of charge and fully integrated with QRadar SIEM
Pros and Cons
- "The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
- "The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users."
What is our primary use case?
User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.
What is most valuable?
The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.
What needs improvement?
The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.
It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations.
It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.
For how long have I used the solution?
I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.
What do I think about the stability of the solution?
It's quite stable.
What do I think about the scalability of the solution?
It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users.
How are customer service and technical support?
The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.
How was the initial setup?
The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.
What's my experience with pricing, setup cost, and licensing?
It's free of charge.
What other advice do I have?
I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Application Security Architect at Bank Al Habib Limited
Stable and reliable but needs better integration with extensions
Pros and Cons
- "I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
- "There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
What is our primary use case?
Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.
What is most valuable?
I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.
What needs improvement?
In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere.
Additionally, there should be integration with IBM Guardian.
Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.
For how long have I used the solution?
I have been using IBM QRadar User Behavior Analytics for a month or two.
What do I think about the stability of the solution?
In terms of stability, in my current company, QRadar is working fine. But in my previous organization that was using QRadar, we experienced some QRadar failures. There were two or three times the data was wiped out instead of transferring to EGA and we had to restart QRadar from scratch and all the data was lost. It happened a lot. Maybe it was due to lack of management since it was a new company.
How are customer service and technical support?
We do have experience with support. We get support from the IBM people in Karachi, Pakistan.
They're good.
How was the initial setup?
The initial setup was really easy, it was really straightforward. I got it done in one day.
What other advice do I have?
What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different.
On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven.
I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement.
It is a complex product compared to LogRhythm.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Stable and solid security intelligence but lacks some functionalities
Pros and Cons
- "QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
- "From a functionality point of view there are issues sometimes."
What is our primary use case?
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
What is most valuable?
In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.
What needs improvement?
From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.
For how long have I used the solution?
I have been working with IBM QRadar User Behavior Analytics for two years.
What do I think about the stability of the solution?
I have not seen any issues with the stability of the solution either.
What do I think about the scalability of the solution?
I have not seen any issues with the scalability of the solution
How are customer service and technical support?
The technical support is fine now. I was not happy with the support when we started with this solution in 2017. If you look at that first year, 2017 to 2018, they had lots of support issues. We logged the cases and they would only call us back depending on their resources. There were no options to call them on a landline or a hotline number. They needed improvement there. They should have had a dedicated support response. Over the last year I have seen an improvement. I used to wait for a week to get a call back from them, but now, when you have critical tickets they will respond in two or three hours, depending on the criticality of your support case. They have improved.
How was the initial setup?
The initial setup was neither straightforward nor too complex. It did take some effort to implement, but it was manageable. We did not see any issues implementing it. We actually completed it in three to six months. When we initially implemented it we used some fresh use cases and observed the performance but these were all completed in three to six months. The initial deployment took hardly one week.
What's my experience with pricing, setup cost, and licensing?
Regarding the price, it is a bit high for normal customers. It is better for enterprise-class customers where they get a licensing model for MSSP for enterprises.
Which other solutions did I evaluate?
We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.
What other advice do I have?
Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product.
On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Technical Consultant at activedge
Enchances Security Through Vulnerability Management and Increased Visibility
Pros and Cons
- "The most valuable features would have to be the products' ability to customize vulnerability management settings."
- "There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
What is our primary use case?
I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.
How has it helped my organization?
QRadar has significantly improved our security. It has reduced threats considerably. The solution provides increased visibility along with actionable intelligence. We are looking into implementing it to proactively take steps to prevent or reduce the attacks.
What is most valuable?
The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.
What needs improvement?
I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It's very stable. We never need much help with that.
What do I think about the scalability of the solution?
The solution is very scalable; it's designed to be, it's distributed architecture. It's entirely scalable.
Currently, there are five domain users working with this solution. We don't have visibility on our end user count due to the fact that end users don't need to log on to the application.
Our maintenance needs require just one experienced QRadar analyst to moderate.
How are customer service and technical support?
Technical support has proven to be very helpful.
How was the initial setup?
The initial setup wasn't straightforward. The setup is situation specific.
The deployment for us took about 3 months.
What about the implementation team?
Implementation was done in-house.
What was our ROI?
What other advice do I have?
I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution
On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security and Business Development Manager at a computer software company with 51-200 employees
Enables us to ensure that the data being transferred from one company to another is done securely but it needs better cloud security
Pros and Cons
- "The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
- "Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
What is our primary use case?
Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.
How has it helped my organization?
The security has improved my organization.
What is most valuable?
The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.
What needs improvement?
If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email.
Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.
If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.
We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
Stability is very good. It's better than it used to be.
What do I think about the scalability of the solution?
Scalability is very good.
Everyone has used this solution for security purposes. We use it daily.
How are customer service and technical support?
The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two.
How was the initial setup?
The initial setup is fine. The moment we send the packets for an update it's easy but then there are challenges for the users. We have actually changed the hardware, so it got updated. We have to check if the problems are due to the hardware or due to the software.
The initial setup normally will take a day. it depends on the number of users. We have 300 users on the system which took around ten days.
We require five to ten staff members for deployment and maintenance.
Which other solutions did I evaluate?
Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.
What other advice do I have?
I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it.
I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?