Try our new research platform with insights from 80,000+ expert users
Director, Cybersecurity at a media company with 51-200 employees
User
It has a logical, user-friendly GUI
Pros and Cons
  • "IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot."
  • "It has a logical, user-friendly GUI."
  • "Dashboards and reports could provide better visualization of SIEM activity."

What is our primary use case?

We used QRadar SIEM over Juniper Secure Analytics platform. 

The company profile is telecom. The infrastructure has a large geographical spread.

How has it helped my organization?

IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot.

What is most valuable?

  • It has a logical, user-friendly GUI. 
  • Very easy to drill down in offenses and get to the bottom of raw data.

What needs improvement?

Dashboards and reports could provide better visualization of SIEM activity. 

An executive or CISO dashboard would be nice to have by default.

Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.

What other advice do I have?

The tool gets better value in the hands of an experienced security analyst. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user393954 - PeerSpot reviewer
Application Infrastructure innovation at a financial services firm with 1,001-5,000 employees
Vendor
Using it through IBM's Managed Security Services, they keep us alerted of what events are hitting, and adapting for it. I'd like to see tighter integration with other IBM products.

What is most valuable?

What is valuable is that we're using it through IBM's MSS services, and that they're doing a really good job of keeping us alerted of what events are hitting, and adapting for it.

How has it helped my organization?

It benefits us from a standpoint that we're very immature in our review of how security should be approached, and it's really helped us move up to modern awareness of what's going on on the internet.

What needs improvement?

I'd like to see, and they're getting there, is more integration; tighter integration with some of the other IBM Security products. They're moving a lot tighter to BigFix. BigFix has a lot of power in it, and MaaS360 also has a lot of power in it. I'd like to see those more tightly integrated.

What do I think about the stability of the solution?

We have not had any stability or scalability issues. We're a little concerned about the latest version and the fact that it cannot be upgraded, that it requires a clean install.

How are customer service and technical support?

We have not really used technical support, because it's a managed service, so we call the SOC and they help us. They are very helpful.

Which solution did I use previously and why did I switch?

We just really sold our CIO and CTO on the fact that we need to do better than we are, where we're at today. We had a lot of virus challenges, like most companies, and malware, so we had to figure out how to reduce that.

How was the initial setup?

I was involved in the initial setup. Well, IBM did it, since it was a managed service. It was pretty straightforward.

Which other solutions did I evaluate?

We looked at numerous other players. We chose IBM because it has a lot of power, and you can grow it as much as and however you want it to.

When I am looking for a vendor, I don't look for a VAR, I look for a partner.

What other advice do I have?

If you're going to implement it, implement it using managed services, because it's too complex of a product to try to do yourself.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
PeerSpot user
Cyber Security Advisor / CISO / Healthcare Security Pro at OMC SYSTEMS LLC
Vendor
The dashboards give us an overview of traffic flow and pinpoint configuration issues.

Valuable Features

I find that the dashboards are the most helpful to get an overview of traffic flow and issues.

Improvements to My Organization

We find that reviewing Q1 Radar is very helpful to pinpoint configuration issues, as well as go back and find traffic flows from comprimised hosts.

Deployment Issues

No.

Stability Issues

None.

Scalability Issues

N/A

Customer Service and Technical Support

Customer Service:

N/A

Technical Support:

N/A

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vice President & Country Head at Inspira Enterprise
Real User
Excellent risk rating but could keep data longer
Pros and Cons
  • "QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
  • "QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."

What is most valuable?

QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.

What needs improvement?

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

For how long have I used the solution?

I've been using QRadar UBA for two and a half years.

What do I think about the stability of the solution?

QRadar UBA is quite stable.

Which other solutions did I evaluate?

QRadar UBA's price is a little more than street price and could be reduced.

What other advice do I have?

I would rate QRadar UBA seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1305144 - PeerSpot reviewer
Technical Presales at a tech services company with 1,001-5,000 employees
MSP
Scalable with excellent security analytics
Pros and Cons
  • "This solution has excellent security analytics."
  • "I think that the search speed of this solution could be improved."

What is our primary use case?

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

What is most valuable?

This solution has excellent security analytics.

What needs improvement?

I think that the search speed of this solution could be improved.

What do I think about the scalability of the solution?

This is a scalable solution, we have customers who have scaled.  

How was the initial setup?

The initial setup is very easy and takes just one day.

What other advice do I have?

I would recommend this solution to everyone considering using it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1421823 - PeerSpot reviewer
Deputy General Manager at a comms service provider with 5,001-10,000 employees
Real User
Correlation done well, fair pricing, and knowledgeable technical team
Pros and Cons
  • "When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
  • "I have noticed the interface has room for improvement."

What is most valuable?

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

What needs improvement?

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

For how long have I used the solution?

I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

How are customer service and technical support?

The solution has a good technical team.

How was the initial setup?

The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

What's my experience with pricing, setup cost, and licensing?

When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

Which other solutions did I evaluate?

We have compared Securonix and many other solutions to this one.

What other advice do I have?

I rate IBM QRadar a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer1168407 - PeerSpot reviewer
Sr. Information Security Analyst at a insurance company with 51-200 employees
Real User
Robust monitoring that is scalable and includes the SOC service
Pros and Cons
  • "The best part of this solution is having a third-party SOC."
  • "The user interface is a bit difficult to get used to."

What is our primary use case?

The primary use case of this solution is for monitoring the network.

What is most valuable?

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

What needs improvement?

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

For how long have I used the solution?

I have been working with QRadar for two years.

We are working with the latest version.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

How was the initial setup?

The third-party vendor manages the system

What about the implementation team?

We had a third party vendor to complete the installation, so it wasn't bad.

Which other solutions did I evaluate?

We evaluated all of the Gartner top quadrants.

What other advice do I have?

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user970365 - PeerSpot reviewer
Cybersecurity Practice Lead at a tech services company with 201-500 employees
Real User
Enables us to handle the most critical attacks and integrates well with other solutions
Pros and Cons
  • "One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
  • "In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."

What is our primary use case?

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

How has it helped my organization?

With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical. As of the moment, we are more secure than before.

What is most valuable?

One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.

What needs improvement?

The first area for improvement is the cost. It's a little bit too expensive for us. 

Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.

In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very reliable. It's very stable.

What do I think about the scalability of the solution?

It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.

How are customer service and technical support?

I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We have just fixed things ourselves.

Which solution did I use previously and why did I switch?

We did not use any solutions before QRadar.

How was the initial setup?

It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already communicating.

We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too much downtime since we're just monitoring a few servers and a couple of security tools.

What about the implementation team?

We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also gave us a little bit of training and knowledge transfer.

What's my experience with pricing, setup cost, and licensing?

It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.

Which other solutions did I evaluate?

We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.

What other advice do I have?

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need.

This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters.

In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers.

At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years.

I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.