Try our new research platform with insights from 80,000+ expert users
Khalid Majeed - PeerSpot reviewer
Cyber Security Consultant at Software Productivity Strategists, Inc. (SPS)
Consultant
Reliable with good technical support but needs better visualization
Pros and Cons
  • "The product can scale."
  • "The product can be a bit complex."

What is our primary use case?

We are implementors and implement this solution for our clients, who use it for analytics. 

What is most valuable?

It offers good machine learning. The analysis is very helpful. 

The user activity is effectively flagged. It can pinpoint strange activity. 

It is stable and reliable.

The product can scale.

Technical support is good. 

What needs improvement?

The product can be a bit complex. A lot of things, like visualization, could be better. It would help the customer gain a better understanding. 

For how long have I used the solution?

I've used the solution for five to six years. I've used it for a while now at this point. 

Buyer's Guide
IBM Security QRadar
April 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

What do I think about the scalability of the solution?

The solution is scalable. It can handle thousands of users or maybe even more. I'd rate the scalability nine out of ten. 

We mostly deal with small or medium enterprises. 

How are customer service and support?

Most of the time, technical support is helpful. I am satisfied with the level of service we receive. 

How would you rate customer service and support?

Positive

How was the initial setup?

It is easy to implement. I'd rate the ease of implementation seven out of ten. 

The deployment only takes no more than a few hours. There are configurations and fine-tuning that have to happen after that, and everything could take about a week. 

What about the implementation team?

As implementors, we can implement the solution for our clients. 

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable. It's not expensive compared to other solutions. If you get the console and other licenses, you can easily use it with other QRadar solutions. 

What other advice do I have?

New clients should know that it does give good analytics and it will help them save time.

I'd rate the solution seven out of ten. It's a good product.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
JohnTamakloe - PeerSpot reviewer
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
Excellent visibility, good notifications, and helpful support
Pros and Cons
  • "The visibility it gives you into your infrastructure has been great."
  • "The AI engine could be smarter."

What is our primary use case?

We are using it for visibility and compliance.

What is most valuable?

The visibility it gives you into your infrastructure has been great.

The notifications it provides offer valuable information when something is happening in your blind spot.

What needs improvement?

The AI engine could be smarter. 

It is a bit expensive. 

For how long have I used the solution?

I've used the solution for about three years. 

What do I think about the stability of the solution?

The solution is stable. I'd rate it five out of five. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The solution scales well, and it's easy to do. I'd rate it five out of five in terms of the ease of scalability. 

We have a lot of users on the solution currently. We have customers on the product as well. There are likely more than 500 users inside and outside the organization. 

How are customer service and support?

Support has been helpful and responsive. There may sometimes be a delay. However, they do get you the information you need. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We've only ever used IBM. 

How was the initial setup?

The setup is a bit complex. I'd rate it two out of five in terms of ease of deployment. It took us a week to get everything up and running. 

We had two engineers working on deployment and maintenance. 

What about the implementation team?

We handled the solution in-house. We did not need outside assistance. 

What was our ROI?

We've seen a good ROI. I'd give it a five out of five. 

What's my experience with pricing, setup cost, and licensing?

It's a bit pricey as a product. I'd rate it a two out of five, with five being the most affordable. It depends on what you buy; the longer you use it, the better the cost. It's an all-inclusive license. You don't need to pay for extra features. 

Which other solutions did I evaluate?

We did look at a few other options. 

What other advice do I have?

We use the solution inside our organization. Our clients use it too. We are a premium partner in our region. 

We're using the latest version of the solution.

I'd rate the solution nine out of ten. It really provides good visibility.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Premium Partners
PeerSpot user
Buyer's Guide
IBM Security QRadar
April 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
UzairKhan - PeerSpot reviewer
Business General Manager at Mutex Systems
Real User
Good logging, reporting, support, and integration with GRD
Pros and Cons
  • "The most valuable feature is the integration with the GRD, for banking."
  • "The advanced planning management (APM) features should be included."

What is our primary use case?

We are a solution provider and QRadar is one of the products that we implement for our customers.

The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.

The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.

Endpoints are not included for most of the clients.

What is most valuable?

The most valuable feature is the integration with the GRD, for banking.

What needs improvement?

The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.

What do I think about the stability of the solution?

We have not faced any issues in terms of stability.

What do I think about the scalability of the solution?

This is a scalable product. 

How are customer service and support?

The support from IBM is okay. I would rate them a four out of five.

How was the initial setup?

The initial setup is not very complex. My team has hands-on experience with the product, which is perhaps why they do not complain about its complexity.

The distributor helped us a lot, which is something that we appreciate.

What about the implementation team?

We implement this product for our clients.

Which other solutions did I evaluate?

There are competing products but IBM is a well-known brand so for the most part, we offer IBM QRadar to our clients.

What other advice do I have?

Overall, IBM QRadar is very good but no product is perfect.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
SOC Manager at Nais Srl
Real User
Feature - rich, well priced and has good support
Pros and Cons
  • "The interface is good."
  • "I would like to see the update process simplified."

What is our primary use case?

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

What is most valuable?

It's a complete platform.

The interface is good.

They have more than 100 features.

What needs improvement?

It is not easy to use.

The updates are not very easy. It is very complex. I would like to see the update process simplified.

When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

For how long have I used the solution?

We have used IBM QRadar within the last twelve months.

What do I think about the stability of the solution?

IBM QRadar is a stable solution.

What do I think about the scalability of the solution?

It's a scalable platform.

How are customer service and support?

Technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?


What's my experience with pricing, setup cost, and licensing?

Pricing is good.

What other advice do I have?

I would rate IBM QRadar an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: As a SOC we are real user of QRadar platform for more then one customers.
PeerSpot user
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at Magarah
Real User
Stable, scalable, and helpful support
Pros and Cons
  • "I have found IBM QRadar to be stable."
  • "IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that."

What is our primary use case?

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

What needs improvement?

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

For how long have I used the solution?

I have been using IBM QRadar for approximately two years.

What do I think about the stability of the solution?

I have found IBM QRadar to be stable.

What do I think about the scalability of the solution?

IBM QRadar is scalable.

How are customer service and support?

The technical support of IBM QRadar is good.

Which solution did I use previously and why did I switch?

IBM QRadar is the best SAN solution we have used compared to the others.

How was the initial setup?

We manage the installation of the solution. It is not something difficult, it is reasonable. It is not that easy for anyone to do, it needs a technical team.

What about the implementation team?

The implementation needs a technical team and we have two engineers for the implementation and maintenance.

What's my experience with pricing, setup cost, and licensing?

There is a license to use this solution, which is paid annually. However, there are subscription options available.

What other advice do I have?

I recommend this solution to others.

I rate IBM QRadar an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Founder at Halainfosec
Reseller
Priced well and has good support, but it is resource intensive
Pros and Cons
  • "The flexibility is good in terms of pulling log files."
  • "It's resource-intensive."

What is our primary use case?

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

What is most valuable?

There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.

There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.

The flexibility is good in terms of pulling log files.

What needs improvement?

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.

It's resource-intensive.

The IBM QRadar team has to be proactive and they have to be informative about the product.

They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.

For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

For how long have I used the solution?

I have been working with IBM QRadar for approximately four years.

I moved into consulting, at the architectural level. I'm not working at the core level but I know the basics of QRadar and how exactly it functions. 

How are customer service and technical support?

Technical support is good. 

My personal experience was fantastic. They are always good and we have never had any problems.

There are a lot of online resources available.

What's my experience with pricing, setup cost, and licensing?

When compared with other SIEM solutions, QRadar is considerably less expensive. I would like to compare it with Elasticsearch because they have different pricing strategies.

QRadar is events per second, EPS-based, whereas Elasticsearch is resource-based. You have to estimate based on how many resources will be used in the infrastructure, irrespective of log resources and log volumes. 

They are charging based on the resources. 

Which other solutions did I evaluate?

I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.

What other advice do I have?

There are many competitive tools that are emerging regarding XDR solutions or SO solutions, which are capabilities that QRadar offers.

The competition is very different from the geographical locations.

For the Indian market, locally, they are still working on the old SIEM structure. It is a very generic SIEM model. Western countries, especially North American clients, are advanced in terms of moving the infrastructure to the cloud. Some have OT security and they're also doing some Office 365 advancements and several advanced search engines for endpoint detection.

They are expecting that nothing is left behind without using any licenses. Microsoft provides part of the security services if you go with the EFI license.

As vendors, we need to counter with the important visibility areas, and the critical access, which needs to be monitored as part of security. 

I would rate IBM QRadar a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
General Manager at Global Solutions Services
User
Log correlation is very useful for processing alerts
Pros and Cons
  • "Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
  • "Its architecture is very complicated."

What is our primary use case?

  • CRM and billing system
  • 100 multiple technology servers: Windows AD, Linux, HP-UX, etc.
  • 40 firewall multiple routers 
  • Cisco Nexus switches

How has it helped my organization?

Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow.

What is most valuable?

  • DSM parsing
  • Log correlation
  • X-Force connectivity
  • Ease of DSM customisation
  • Multiple reports

What needs improvement?

  • Data encryption
  • Flow encryption
  • Third-party compliance
  • Its architecture is very complicated.
  • Its hardware is Lenovo-based.

For how long have I used the solution?

Three to five years.
Disclosure: My company has a business relationship with this vendor other than being a customer: IBM Partner
PeerSpot user
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd
Reseller
In one single pane of glass, we can see all the issues. Though, the architecture could be improved.
Pros and Cons
  • "On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
  • "It saves a lot of time. We integrate the customer's firewall with all their networking devices."
  • "This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
  • "The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."

What is our primary use case?

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

How has it helped my organization?

It saves a lot of time. We integrate the customer's firewall with all their networking devices. If there is an issue, it helps us do the proactive work before it becomes a bigger issue. We are able to pinpoint issues and solve them.

Additionally, it is very easy to figure out. In one dashboard, we can see all the issues. There is no need to login to every device. In one single pane of glass, we can see everything.

What is most valuable?

Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.

What needs improvement?

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

It is a combination of multiple factors. The issues is from the customer side, not from QRadar. If you are able to get the right details from the customer, this solution is scalable.

How are customer service and technical support?

I am not involved with technical support because I am in pre-sales.

Which solution did I use previously and why did I switch?

Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.

What's my experience with pricing, setup cost, and licensing?

I do not have control over pricing, though I do help customers with their sizing.

Which other solutions did I evaluate?

I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.

My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared. 

We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.

What other advice do I have?

I would rate it a seven out of 10. I have had some challenges integrating this solution.

Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures.

People who handle only four or five security devices spread across the globe should go with this SIEM tool.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.