We are using it for visibility and compliance.
Solutions Architect at a tech services company with 51-200 employees
Excellent visibility, good notifications, and helpful support
Pros and Cons
- "The visibility it gives you into your infrastructure has been great."
- "The AI engine could be smarter."
What is our primary use case?
What is most valuable?
The visibility it gives you into your infrastructure has been great.
The notifications it provides offer valuable information when something is happening in your blind spot.
What needs improvement?
The AI engine could be smarter.
It is a bit expensive.
For how long have I used the solution?
I've used the solution for about three years.
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. I'd rate it five out of five. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution scales well, and it's easy to do. I'd rate it five out of five in terms of the ease of scalability.
We have a lot of users on the solution currently. We have customers on the product as well. There are likely more than 500 users inside and outside the organization.
How are customer service and support?
Support has been helpful and responsive. There may sometimes be a delay. However, they do get you the information you need.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We've only ever used IBM.
How was the initial setup?
The setup is a bit complex. I'd rate it two out of five in terms of ease of deployment. It took us a week to get everything up and running.
We had two engineers working on deployment and maintenance.
What about the implementation team?
We handled the solution in-house. We did not need outside assistance.
What was our ROI?
We've seen a good ROI. I'd give it a five out of five.
What's my experience with pricing, setup cost, and licensing?
It's a bit pricey as a product. I'd rate it a two out of five, with five being the most affordable. It depends on what you buy; the longer you use it, the better the cost. It's an all-inclusive license. You don't need to pay for extra features.
Which other solutions did I evaluate?
We did look at a few other options.
What other advice do I have?
We use the solution inside our organization. Our clients use it too. We are a premium partner in our region.
We're using the latest version of the solution.
I'd rate the solution nine out of ten. It really provides good visibility.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Premium Partners

Senior Manager Cyber Security Services & Solutions at Trillium
A User Behavior Analytics (UBA) solution with useful out-of-the-box rules and use cases, but functionality should be more integrated
Pros and Cons
- "I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
- "IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
What is most valuable?
I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.
What needs improvement?
IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on.
For how long have I used the solution?
We have been using IBM QRadar User Behavior Analytics for about four years.
What do I think about the stability of the solution?
Stability is good, but the investigation system should be better.
What do I think about the scalability of the solution?
IBM QRadar User Behavior Analytics is scalable. You have the EPS and closed license. I think scalability is not an issue because it is available on both the hardware and the software. You can install the software plans if you want, and there is also a hardware plan.
How are customer service and support?
Their technical support is good. I have not faced any issues before, and the technical support is good.
What other advice do I have?
I will recommend this solution to potential users.
On a scale from one to ten, I would give IBM QRadar User Behavior Analytics a seven.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Good logging, reporting, support, and integration with GRD
Pros and Cons
- "The most valuable feature is the integration with the GRD, for banking."
- "The advanced planning management (APM) features should be included."
What is our primary use case?
We are a solution provider and QRadar is one of the products that we implement for our customers.
The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.
The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.
Endpoints are not included for most of the clients.
What is most valuable?
The most valuable feature is the integration with the GRD, for banking.
What needs improvement?
The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.
What do I think about the stability of the solution?
We have not faced any issues in terms of stability.
What do I think about the scalability of the solution?
This is a scalable product.
How are customer service and support?
The support from IBM is okay. I would rate them a four out of five.
How was the initial setup?
The initial setup is not very complex. My team has hands-on experience with the product, which is perhaps why they do not complain about its complexity.
The distributor helped us a lot, which is something that we appreciate.
What about the implementation team?
We implement this product for our clients.
Which other solutions did I evaluate?
There are competing products but IBM is a well-known brand so for the most part, we offer IBM QRadar to our clients.
What other advice do I have?
Overall, IBM QRadar is very good but no product is perfect.
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
SOC Manager at Nais Srl
Feature - rich, well priced and has good support
Pros and Cons
- "The interface is good."
- "I would like to see the update process simplified."
What is our primary use case?
IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.
What is most valuable?
It's a complete platform.
The interface is good.
They have more than 100 features.
What needs improvement?
It is not easy to use.
The updates are not very easy. It is very complex. I would like to see the update process simplified.
When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.
For how long have I used the solution?
We have used IBM QRadar within the last twelve months.
What do I think about the stability of the solution?
IBM QRadar is a stable solution.
What do I think about the scalability of the solution?
It's a scalable platform.
How are customer service and support?
Technical support is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
What's my experience with pricing, setup cost, and licensing?
Pricing is good.
What other advice do I have?
I would rate IBM QRadar an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: As a SOC we are real user of QRadar platform for more then one customers.
Country Manager at Magarah
Stable, scalable, and helpful support
Pros and Cons
- "I have found IBM QRadar to be stable."
- "IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that."
What is our primary use case?
The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.
We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.
What needs improvement?
IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.
For how long have I used the solution?
I have been using IBM QRadar for approximately two years.
What do I think about the stability of the solution?
I have found IBM QRadar to be stable.
What do I think about the scalability of the solution?
IBM QRadar is scalable.
How are customer service and support?
The technical support of IBM QRadar is good.
Which solution did I use previously and why did I switch?
IBM QRadar is the best SAN solution we have used compared to the others.
How was the initial setup?
We manage the installation of the solution. It is not something difficult, it is reasonable. It is not that easy for anyone to do, it needs a technical team.
What about the implementation team?
The implementation needs a technical team and we have two engineers for the implementation and maintenance.
What's my experience with pricing, setup cost, and licensing?
There is a license to use this solution, which is paid annually. However, there are subscription options available.
What other advice do I have?
I recommend this solution to others.
I rate IBM QRadar an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Founder at Halainfosec
Priced well and has good support, but it is resource intensive
Pros and Cons
- "The flexibility is good in terms of pulling log files."
- "It's resource-intensive."
What is our primary use case?
We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.
We are working with this solution, but it is being managed by another vendor.
We are service providers. We are providing SOC service and MSSP services for our clients.
We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.
What is most valuable?
There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.
There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.
The flexibility is good in terms of pulling log files.
What needs improvement?
Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.
It's resource-intensive.
The IBM QRadar team has to be proactive and they have to be informative about the product.
They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.
For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.
For how long have I used the solution?
I have been working with IBM QRadar for approximately four years.
I moved into consulting, at the architectural level. I'm not working at the core level but I know the basics of QRadar and how exactly it functions.
How are customer service and technical support?
Technical support is good.
My personal experience was fantastic. They are always good and we have never had any problems.
There are a lot of online resources available.
What's my experience with pricing, setup cost, and licensing?
When compared with other SIEM solutions, QRadar is considerably less expensive. I would like to compare it with Elasticsearch because they have different pricing strategies.
QRadar is events per second, EPS-based, whereas Elasticsearch is resource-based. You have to estimate based on how many resources will be used in the infrastructure, irrespective of log resources and log volumes.
They are charging based on the resources.
Which other solutions did I evaluate?
I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.
What other advice do I have?
There are many competitive tools that are emerging regarding XDR solutions or SO solutions, which are capabilities that QRadar offers.
The competition is very different from the geographical locations.
For the Indian market, locally, they are still working on the old SIEM structure. It is a very generic SIEM model. Western countries, especially North American clients, are advanced in terms of moving the infrastructure to the cloud. Some have OT security and they're also doing some Office 365 advancements and several advanced search engines for endpoint detection.
They are expecting that nothing is left behind without using any licenses. Microsoft provides part of the security services if you go with the EFI license.
As vendors, we need to counter with the important visibility areas, and the critical access, which needs to be monitored as part of security.
I would rate IBM QRadar a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
General Manager at Global Solutions Services
Log correlation is very useful for processing alerts
Pros and Cons
- "Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
- "Its architecture is very complicated."
What is our primary use case?
- CRM and billing system
- 100 multiple technology servers: Windows AD, Linux, HP-UX, etc.
- 40 firewall multiple routers
- Cisco Nexus switches
How has it helped my organization?
Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow.
What is most valuable?
- DSM parsing
- Log correlation
- X-Force connectivity
- Ease of DSM customisation
- Multiple reports
What needs improvement?
- Data encryption
- Flow encryption
- Third-party compliance
- Its architecture is very complicated.
- Its hardware is Lenovo-based.
For how long have I used the solution?
Three to five years.
Disclosure: My company has a business relationship with this vendor other than being a customer: IBM Partner
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd
In one single pane of glass, we can see all the issues. Though, the architecture could be improved.
Pros and Cons
- "On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
- "It saves a lot of time. We integrate the customer's firewall with all their networking devices."
- "This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
- "The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
What is our primary use case?
Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related.
This solution is performing well.
How has it helped my organization?
It saves a lot of time. We integrate the customer's firewall with all their networking devices. If there is an issue, it helps us do the proactive work before it becomes a bigger issue. We are able to pinpoint issues and solve them.
Additionally, it is very easy to figure out. In one dashboard, we can see all the issues. There is no need to login to every device. In one single pane of glass, we can see everything.
What is most valuable?
Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.
What needs improvement?
The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
It is a combination of multiple factors. The issues is from the customer side, not from QRadar. If you are able to get the right details from the customer, this solution is scalable.
How are customer service and technical support?
I am not involved with technical support because I am in pre-sales.
Which solution did I use previously and why did I switch?
Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.
What's my experience with pricing, setup cost, and licensing?
I do not have control over pricing, though I do help customers with their sizing.
Which other solutions did I evaluate?
I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.
My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared.
We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.
What other advice do I have?
I would rate it a seven out of 10. I have had some challenges integrating this solution.
Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures.
People who handle only four or five security devices spread across the globe should go with this SIEM tool.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.

Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?