Try our new research platform with insights from 80,000+ expert users
Senior Server Security Engineer
Real User
Has great scalablity, if you use APS 25 GPS license you can change to 3000 EPS anytime
Pros and Cons
  • "IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
  • "I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."

What is our primary use case?

Our primary use case of this solution is to identify threats. 

How has it helped my organization?

We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is. 

What is most valuable?

This solution has many valuable features but I especially like the Log Manager feature.

What needs improvement?

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

IBM QRadar is stable and scalable. 

What do I think about the scalability of the solution?

Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.

How are customer service and support?

We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support. 

How was the initial setup?

The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions. 

It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.

What about the implementation team?

We deploy it for our clients.

What's my experience with pricing, setup cost, and licensing?

Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.

What other advice do I have?

I would rate it an eight out of ten. Not a ten because of the complex interface. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user643884 - PeerSpot reviewer
Senior System Administrator at a tech services company with 11-50 employees
Real User
Offers device auto-discovery, along with rules and reports already created.

How has it helped my organization?

I have implemented QRadar in a big airline company, where they needed to get all their security information in one place. It helped in reducing the amount of time that was needed to evaluate the risk of every event. Configuring the alerts has never been easier; you just search for the event you think you need and start creating the rules that way. It is really straightforward and you don't need much IT knowledge for it. Of course, your experience with the product and a generalist view of the infrastructure, business and IT are strongly recommended, when using a tool similar to this.

What is most valuable?

In my understanding, the best features are:

  • DSMs (Device Support Modules),
  • Device auto-discovery, and
  • Hundreds of rules and reports already created for you to mix up.

These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.

What do I think about the stability of the solution?

We never experienced any stability issues. The only problem that I had was related to the hardware and the high availability worked as expected.

Something to take into account is the IBM support; they really know their business and how to fix problems. I had the opportunity to talk with L2 Managers in the US, who told me that IBM is investing in research, documentation and training for all the people working with it. This is a very interesting thing to have in mind, when choosing this platform.

What do I think about the scalability of the solution?

We never experienced any scalability issues. If you correctly estimate the amount of EPS (the license variable), then scalability is not a problem. They can run in a really big environment (100,000 EPS tested in production) and all the infrastructure will work as a charm.

How are customer service and technical support?

The technical support is excellent. As I've mentioned, they know their business and have a really good team behind them.

Which solution did I use previously and why did I switch?

I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.

How was the initial setup?

The setup was really straightforward. You simply need to put your ISO image in the hypervisor, follow the on-screen instructions and you have it running in one hour.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing policies are really competitive. These solutions are not for a really small business, but having just one license variable is really good. You simple tell the partner or sales representative the number of EPS you want to receive in your appliance and that's it. Other solutions have a 'correlation' license, which is more like a trap than anything else.

Which other solutions did I evaluate?

I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.

What other advice do I have?

You should ask the sales representative to give you the Excel sheet to calculate EPS. Keep in mind that the firewalls, proxies and networking devices such as those will consume lots of EPS, but they do provide really nice information and insight from your network.

On Gartner, this is one of the top 10 SIEM solutions in the market. It is robust and IBM is investing a lot of money to get it running even better than it is running right now. You feel secured when you use it.

This solution is being implemented around the world and every day, a new feature or add-on is created for it.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are business partners and have a really good relationship with IBM.
PeerSpot user
Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
it_user634830 - PeerSpot reviewer
Group CIO at a tech services company with 501-1,000 employees
Consultant
Provides visibility in terms of the threat surface and proactively looks at mitigation measurements.

How has it helped my organization?

It gives us more visibility in terms of the threat surface and to proactively look at mitigation measurements, in terms of managing our risks. As our side business is increasing, it gives us a better way to handle of things.

What is most valuable?

We are using this SIEM solution, which is pretty good in terms of detecting threats and managing the intelligence for us.

What needs improvement?

In the next release, I obviously would want to see more integration to the cloud-based services such as Microsoft Azure and the other line of business applications, so that we have a comprehensive view on a hybrid cloud stack.

What do I think about the stability of the solution?

The stability of this product is pretty good. It's helping us a lot and they keep on adding new features. Thus, as a platform, it's quite stable.

What do I think about the scalability of the solution?

Scalability is good because it is a cloud-based offering and a managed services offering solution. The scalability is left for IBM to manage, so it's not a headache for us to manage.

How is customer service and technical support?

We have used the technical support on and off. Since it's on a 24/7 SLA, it gets managed well. It is pretty good. On a scale of 1-10, I would give it an eight.

How was the initial setup?

The setup was a bit complex. But as a project team, we pulled it through. It was complex because you need to understand the product and they need to understand our business requirements, as all of this is in the setup. So, it's not a straightforward payoff by just putting us off way there.

Which other solutions did I evaluate?

The SIEM solutions list we looked from included IBM, Cisco and Check Point.

The most important criteria while selecting a vendor are that it is a future-proof and tabulating solution. Also, the other factors involved are being a global leader and getting us up there as well.

The primary reason as to why we chose IBM is because we had a significant local presence. Also, QRadar's portfolio and its features on the Gartner's website were pretty much at the top end, i.e., as a leader in the leadership aspect.

What other advice do I have?

This is quite an established solution so, I will have no hesitations in recommending it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ahmed Hossam - PeerSpot reviewer
SOC Analyst Tier 2 at IP Protocol INC
Real User
An AI-powered incident and risk analysis, triage and response tool with a user-friendly graphical interface
Pros and Cons
  • "I like the graphical interface. It's so good and easy."
  • "Integration could be better. They should make it easy to integrate with other solutions."

What is our primary use case?

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

What is most valuable?

I like the graphical interface. It's so good and easy.

What needs improvement?

Integration could be better. They should make it easy to integrate with other solutions. 

For how long have I used the solution?

I have been using IBM QRadar Advisor with Watson for three or four years.

What do I think about the stability of the solution?

IBM QRadar Advisor with Watson is a stable solution.

What do I think about the scalability of the solution?

I think IBM QRadar Advisor with Watson is scalable.

How are customer service and support?

We didn't use technical support as the community was very helpful.

How was the initial setup?

The initial setup was difficult the first time, but it got easier after that.

What's my experience with pricing, setup cost, and licensing?

I think my company pays for the license yearly.

What other advice do I have?

I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Assistant Engineer at Harel Mallac Technologies Ltd
Real User
Simple to manage, reliable, and straightforward installation
Pros and Cons
  • "The solution is easy to use, manage, and review all incidents."
  • "If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."

What is our primary use case?

I use IBM QRadar for user behavior analytics, and mostly incident handling.

What is most valuable?

The solution is easy to use, manage, and review all incidents.

What needs improvement?

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

For how long have I used the solution?

I have been using IBM QRadar for approximately four years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

We have approximately three customers and the total users that are using it would be approximately 200.

How was the initial setup?

The initial installation was straightforward, we were able to have it running in half a day.

What about the implementation team?

I do the implementation and maintenance of the solution.

What's my experience with pricing, setup cost, and licensing?

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

What other advice do I have?

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Sr.Network Engineer at NTT Security
Real User
A reliable and scalable solution for network behavior and log analytics
Pros and Cons
  • "The solution is reliable."
  • "I need a solution which will send alerts in the event of any behavior."

What is our primary use case?

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

What is most valuable?

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

What needs improvement?

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

What do I think about the stability of the solution?

The solution is reliable. 

What do I think about the scalability of the solution?

The scalability is fine. 

How are customer service and technical support?

Technical support is okay. We have had no issues with them. 

What's my experience with pricing, setup cost, and licensing?

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

What other advice do I have?


Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1584831 - PeerSpot reviewer
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees
Real User
Protects our network from various threats
Pros and Cons
  • "The threat hunting capabilities in general are great."

    What is our primary use case?

    We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

    Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

    How has it helped my organization?

    The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.

    What is most valuable?

    The threat hunting capabilities in general are great. 

    What needs improvement?

    I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

    For how long have I used the solution?

    I have been using this solution for two and a half years. 

    What do I think about the stability of the solution?

    This solution is quite stable. 

    How are customer service and technical support?

    We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.

    Which solution did I use previously and why did I switch?

    We used to use Splunk.

    How was the initial setup?

    How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything. 

    Deployment took two to three weeks from beginning to end.

    What's my experience with pricing, setup cost, and licensing?

    The price of this solution is a little high.

    What other advice do I have?

    Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required. 

    Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.

    Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Senior Cybersecurity Consultant at CIA Botswana
    Real User
    Top 20
    Enables our clients to detect threats and vulnerabilities in real time
    Pros and Cons
    • "Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
    • "The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."

    What is our primary use case?

    Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

    How has it helped my organization?

    Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast. 

    What is most valuable?

    The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.

    What needs improvement?

    The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.

    The configuration steps are not easy to follow compared to NetWitness.

    What do I think about the scalability of the solution?

    Scalability is good. I have plans to increase usage it just depends on the contracts. If I get more contracts I get more people. Most clients want to manage security and so they would want to outsource their expertise. If they outsource their expertise that means I have to recruit more people.

    How are customer service and technical support?

    Their technical support is pretty good. 

    How was the initial setup?

    The initial setup was easy. It usually takes around three months or so. In terms of the implementation strategy, once we get the correct events sorted, the strategy is to connect enough events sources so that they give you an efficient solution. 

    We require five to ten people for setup and maintenance. 

    What about the implementation team?

    I'm the consultant so we do the implementation ourselves. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing depends on the customer. The pricing is good.

    What other advice do I have?

    I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    Buyer's Guide
    Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.