The features make my work easier.
Senior Security Engineer at dig8labs
Custom parsing tool makes customization easy, and UI is friendly
Pros and Cons
- "The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
- "The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
How has it helped my organization?
What is most valuable?
The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.
Customizing it is very easy and it has a user-friendly interface.
What needs improvement?
The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.
For how long have I used the solution?
More than five years.
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The scalability is good. I'm quite satisfied with it.
How are customer service and support?
Technical support is the area IBM should work on. Support is not that responsive. If I open a support ticket, it takes three to four days for them to respond. They take that much time.
Which solution did I use previously and why did I switch?
I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.
How was the initial setup?
The initial setup was very straightforward. I didn't have to do anything once I installed it and configured it. It was very simple. Other solutions I have worked on, such as McAfee and LogRhythm, are a bit complex. This one is very easy to install and configure.
The deployment takes one to two months, max. The implementation strategy is totally dependent on the number of EPS, the requirements, and the types of log sources. We collect this information and then create our strategy.
I have been an engineer in many firms. I have deployed it by myself. One expert can deploy it. If there are 100,000 EPS you'll need more resources. If you have 5,000 to 10,000 EPS, one person can do it.
What's my experience with pricing, setup cost, and licensing?
IBM has subscriptions plans that run for one year.
What other advice do I have?
Overall, it's much better than other products.
In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.

Team Lead - Information Security at a computer software company with 10,001+ employees
Easy to set up and reliable, with a simple user-interface
Pros and Cons
- "We've found the solution to be scalable."
- "The IBM support can be better."
What is our primary use case?
The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.
What is most valuable?
The simple user access model, or the user interface, is something that is very helpful.
The initial setup is not too difficult.
So far, we have found the product to be stable.
We've found the solution to be scalable.
What needs improvement?
The IBM support can be better. It's an aspect that needs improvement.
In future iterations, I'd like to see an advance in office management, the out-of-the-box use cases that are provided. That needs to be part of the requirement.
What do I think about the stability of the solution?
It's a stable solution. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
The solution scales well.
We have 45,000 users on the solution right now.
We do plan to increase usage soon.
How are customer service and support?
We've dealt with technical support in the past and it was lacking.
They have provided dedicated time to us, to work on the issue that we are observing right now.
Which solution did I use previously and why did I switch?
We did not use a different solution. We chose this due to the fact that it's an industry-accepted solution. The use cases are easy to configure in multiple things that we considered important while taking the solution.
How was the initial setup?
The deployment was easy. It wasn't overly complex.
It took me around six months to do the implementation.
What about the implementation team?
We handled the deployment with the assistance of a vendor partner.
What's my experience with pricing, setup cost, and licensing?
I can't speak to the exact pricing. I've never looked at its commercial costs.
Which other solutions did I evaluate?
We did consider other options before choosing this product.
What other advice do I have?
We are a preferred partner of IBM.
I'd rate the solution at a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
IBM Security QRadar
March 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Solution Security Architect at PT. Sinergy Informasi Pratama
Provides great analysis of event logs, event security; easily manageable with one monitor
Pros and Cons
- "It can analyze event logs, event security, and give a good consult."
- "Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
What is our primary use case?
This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.
What is most valuable?
The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.
What needs improvement?
The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified.
For how long have I used the solution?
I've been using this solution for a year.
What do I think about the stability of the solution?
I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance.
What do I think about the scalability of the solution?
The scalability is easy but it comes at a high price.
How are customer service and support?
IBM in Indonesia provides great support.
How was the initial setup?
The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.
What's my experience with pricing, setup cost, and licensing?
SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product.
What other advice do I have?
I recommend this solution because I think they provide great support from the sales and technical perspective.
I rate the solution nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
Flexible, easy to use, and scalable
Pros and Cons
- "The solution is flexible and easy to use."
- "IBM is going through some problems with its resources currently making its support response time slow."
What is our primary use case?
We are a service provider and we are providing the solution as a managed service for multitenancy security.
What is most valuable?
The solution is flexible and easy to use.
What needs improvement?
IBM is going through some problems with its resources currently making its support response time slow.
For how long have I used the solution?
I have been using the solution for a couple of months.
What do I think about the stability of the solution?
I find the solution reliable.
What do I think about the scalability of the solution?
The solution is scalable. We have 15 customers using it at the moment.
How are customer service and technical support?
The support could be a lot better by being faster.
Which solution did I use previously and why did I switch?
We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.
How was the initial setup?
The installation was a little difficult and could be made easier.
Which other solutions did I evaluate?
We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.
What other advice do I have?
I would recommend this solution to others. We have invested in it and we plan on using it in the future.
I rate IBM QRadar an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
General manager at a tech services company with 201-500 employees
Good detect rate with a small number of false positives, and support resolves issues quickly
Pros and Cons
- "The detection rate is good and the false positive rate is low."
- "They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
What is our primary use case?
We used this product as a SIEM, for information security.
How has it helped my organization?
This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.
What is most valuable?
The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.
QRadar is quite flexible. Out of ten, I would rate flexibility a nine.
What needs improvement?
They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.
A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.
For how long have I used the solution?
We have used IBM QRadar for approximately two years.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.
How are customer service and technical support?
Technical support is quick to resolve issues.
Which solution did I use previously and why did I switch?
We developed our own application to use as a SIEM, but we switched to QRadar.
How was the initial setup?
The initial setup is complex and the deployment takes approximately three months.
What's my experience with pricing, setup cost, and licensing?
It would be great if this product were cheaper.
Which other solutions did I evaluate?
We did evaluate other options before selecting this product.
What other advice do I have?
Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.
My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at a tech services company with 11-50 employees
Alerts us about events in our network environment and has superb functionality
Pros and Cons
- "IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
- "The quoting and the dashboard session could be improved. It should be more user-friendly."
What is our primary use case?
We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.
How has it helped my organization?
We have integrated IBM QRadar with our firewall and some services that we use. When the logs are about to get full of SQL, IBM QRadar makes a notification. The admin knows that they're about to get full so he just goes and clears them out. That is when we usually use IBM QRadar. On our firewall, when the issue notifications are generated, we don't usually open the firewall but QRadar alerts us about what went down in our environment.
What is most valuable?
The most valuable feature of IBM QRadar is its slow control and even activation. I also like the post notifications on the screen.
What needs improvement?
The quoting and the dashboard session could be improved. It should be more user-friendly.
Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
IBM QRadar is very stable. It doesn't have many errors.
What do I think about the scalability of the solution?
IBM QRadar is easy to scale. We can integrate other devices if we want to. We could go to distributed architecture instead, but we like this product. It doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks.
Our organization has staff in the software department that manages IBM QRadar for us. The security division just manages the login. Overall, only two to three staff are required for the management of IBM QRadar. They are more than enough to control the situation because most of it is easy. We definitely have plans to increase our current usage of the solution in the future.
How are customer service and technical support?
Technical support from IBM is not that good here in this region. It's quite helpful to have local support. They don't have much expertise in this product.
We usually have to go to IBM to resolve the issues if we have them because the overall product is a bit complex. There are not many local resources here in this region with expertise in IBM QRadar.
How was the initial setup?
The initial setup is straightforward. It's very easy. I think anyone can install it within minutes. The deployment of IBM QRadar takes around 20 to 25 minutes if you have a good hard drive.
What about the implementation team?
We deployed IBM QRadar ourselves. We have technicians. We bill the client and do the installation on our own, along with other IBM products
What's my experience with pricing, setup cost, and licensing?
We do licensing on a yearly basis. It's for deployment. If the client wants more services, we support the license. There are no other costs for the product.
Which other solutions did I evaluate?
When I joined the company we were already partners with IBM. I didn't have much experience with other products.
What other advice do I have?
I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar.
IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Member at CIFAL Argentina
The scalability is awesome, because QRadar includes other solutions in the same console
Pros and Cons
- "The scalability is awesome, because QRadar includes other solutions in the same console."
- "The user interface needs improvement."
How has it helped my organization?
QRadar improved risk assessment and vulnerability, plus reduced staff.
What is most valuable?
The threat protection integration with other vendors.
What needs improvement?
The user interface needs improvement.
Network Breach
We have not suffered a network breach.
Events per Day
Our deployment collects nearly a 100 events a day. We often wield a backlog.
What do I think about the stability of the solution?
Stability is great.
What do I think about the scalability of the solution?
The scalability is awesome, because QRadar includes other solutions in the same console.
How is customer service and technical support?
I have not used technical support.
How was the initial setup?
I was not involved in the initial setup.
Which other solutions did I evaluate?
We evaluated Check Point, but went with IBM because of price.
What other advice do I have?
Most important criteria when selecting a vendor: Our customers need a cross of different units which make up a better solution for them.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
System Engineer (Cybersecurity) at Omgea Exim Ltd
A scalable solution with great event and flow collectors
Pros and Cons
- "The event collector, flow collector, PCAP and SOAR are valuable."
- "The solution is expensive compared to other products."
What is most valuable?
The event collector, flow collector, PCAP and SOAR are valuable.
What needs improvement?
Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.
For how long have I used the solution?
We have been using IBM QRadar for the last five years.
What do I think about the stability of the solution?
I rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I rate the scalability an eight out of ten. We deploy to many customers and have completed many POCs. We have a four-person team.
How are customer service and support?
The technical support is good, but they are not prompt. I rate them a five out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
I rate the initial setup a ten out of ten. It is deployed on-premises and takes about two to three days to deploy the full environment readiness. But the device integration, rules screening and log onboarding take too long, about three to four months. The deployment was completed in-house.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive compared to other products, and I rate the pricing a five out of ten.
What other advice do I have?
I rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner/Reseller

Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?