Try our new research platform with insights from 80,000+ expert users
reviewer1318914 - PeerSpot reviewer
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
Not user friendly, doesn't integrate well, and has terrible technical support
Pros and Cons
  • "The solution can scale."
  • "The solution is clunky."

What is our primary use case?

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

How has it helped my organization?

It helped our organization in the sense that having it was better than nothing. However, I did not enjoy the product overall and I advised we switch to something else.

What is most valuable?

The user behavior analytics as part of our deployment was okay, even though it was clunky.

The solution can scale.

What needs improvement?

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.

The solution is clunky. 

The interface could be much better.

The integration capabilities within the product are not that great.

Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for about two years at this point. My team has been using it for two to three years, so we have a total of about five years of experience in all.

What do I think about the stability of the solution?

I wouldn't describe the solution as stable. 

It was really buggy. Like other app integrations, it wasn't straightforward. It was pretty clunky. We tried to integrate Qualys with it and it wasn't effective. To integrate anything took quite a bit of time and energy. It wasn't easy. When it did, it didn't work properly. It wasn't really pulling in the data correctly.

What do I think about the scalability of the solution?

Scalability was hard as it was on-prem. We needed to add more modules, and had to add more of the servers to stack it. It wasn't that a simple task at all. I wouldn't say that it scales well, although technically, you can scale it.

When we were using the solution, we had ten to 15 users on it. They were anyone from Information Security Engineers to regular IT admins.

How are customer service and support?

Technical support was awful. We often didn't even have any assistance available to us. On a scale from one to ten, I'd rate them at a three. We were very unsatisfied with the level of support we received. They just simply weren't helpful when it came down to it.

Which solution did I use previously and why did I switch?

The organization didn't previously use a different solution before choosing QRadar.

We actually switched to LogRhythm as I didn't like how the solution was working for the organization.

How was the initial setup?

I didn't handle the initial setup. It was handled before I arrived at the organization.

What other advice do I have?

I'm not sure of which version of the solution we're using.

I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. 

Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC.

Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel
Real User
Good reporting and integration is easy, but searching is slow and the dashboard needs to be improved
Pros and Cons
  • "Integration is very easy and the reporting is good."
  • "The dashboard is pathetic and it takes a long time to perform a search."

What is our primary use case?

This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.

What is most valuable?

Integration is very easy and the reporting is good.

What needs improvement?

This is a good product, although it does require some fine-tuning.

The dashboard is pathetic and it takes a long time to perform a search.

The graphics need to be improved.

Providing good support is something that they need to work on.

It would be helpful if IBM published more use cases.

For how long have I used the solution?

We have been using QRadar UBA since 2016.

How are customer service and technical support?

The issue that I have with technical support is related to their large pool of resources. If you are lucky then you get good support, but sometimes you get pathetic support. Suppose you open a ticket, there are times where it will be very good, but the quality is intermittent.

Which solution did I use previously and why did I switch?

I have experience working with Splunk and I find that the searching capabilities are better with it. Also, the processing time in Splunk is better. With QRadar UBA, when you have three, four, or five rules together, it takes more time to respond.

How was the initial setup?

The complexity and length of time required for the initial setup depend on the requirements. There are some out-of-the-box features that can be implemented right away, but some equipment is not supported directly, so you need to write a DSM (device support module).

Implementing a DSM takes some time, although it will depend on the log source. If the log source is fully compatible then it will be very quick. However, if it is not compatible then you will need to do some scripting and other work.

What's my experience with pricing, setup cost, and licensing?

The price of this product is high.

What other advice do I have?

QRadar is not perfect. It's a good security monitoring product that can provide threat intelligence, but it cannot do it alone. You need to integrate with many other things, such as IBM Orchestrator. Also, you need to have X-Force. After these kinds of things are integrated, it works a little bit better.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
IBM Security QRadar
March 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
reviewer774660 - PeerSpot reviewer
Manager-Cloud Security Operations at a retailer with 10,001+ employees
Real User
It is really helpful to us from the compliance point of view.
Pros and Cons
  • "It is really helpful to us from the compliance point of view."
  • "The initial setup is not complex or difficult."
  • "The tech support is not that good."

What is our primary use case?

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it. 

How has it helped my organization?

It is really helpful to us from the compliance point of view. Whenever we had an external lawyer come in, he used to ask us for the data retention and log retention. So, QRadar could put out reports that could audit for us within the log collections. It was very helpful for us to meet compliance requirements.

In addition, it is a helpful solution for forensic analysis. It will easily perform Google type searches and get the logs searched easily. This is really helpful for us, and gives us a quicker investigation.

What is most valuable?

The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.

What needs improvement?

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is very good. There is not a single point lacking in terms of stability. And, I have never faced technical issues.

What do I think about the scalability of the solution?

The scalability is good, especially with the introduction of data nodes. As of now, it is not a problem.

How are customer service and technical support?

The tech support is not that good. They often rely on their learned knowledge base, instead of getting their hands dirty upon the actual case issues. They just think of the traditional approach of "OK, try this, or that." Obviously, we already know which steps to follow, we need for them to come up with some out-of-the-box solutions. This delays the process of finding a solution to the problem. Unfortunately, this happens a lot.

Which solution did I use previously and why did I switch?

I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.

How was the initial setup?

The initial setup was straightforward. It was not complex or difficult. It is not complicated.

What's my experience with pricing, setup cost, and licensing?

The cost of this product is expensive.

What other advice do I have?

If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex.

When deciding on a solution, we always consider:

  • Cost-benefit
  • Shelf-life of the solution
  • Security of the solution
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Vulnerability Manager at a tech services company with 51-200 employees
Reseller
The threat protection network is the most valuable feature
Pros and Cons
  • "The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
  • "The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
  • "I would like to see a more user-friendly product."

How has it helped my organization?

Normally, an offense comes in and an offense is something negative, it triggers when certain events don't comply with the rules, to put it plainly, it is something that will have impacted your environment very negatively. Once it comes through, you can then see from the QRadar log sources, who or what triggered the offense.

For example, if an IP is browsing somewhere where it shouldn't be browsing. Let's say that one of your log sources reported it back to QRadar. You can see if the IP that browsed on certain websites where it shouldn't be browsing. When you right-click and go to the threat protection network, that will normally show you who is browsing, where that IP is coming from, what type of website it is browsing, and if it is good or bad. If it's bad, it will give you recommendations on how to resolve the issue.

What is most valuable?

The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.

What needs improvement?

I would like to see a more user-friendly product. I would like them to make it more user-friendly. At this stage, you need to use a lot of regular expressions to do your searches.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

In the first year I used it, there were a few stability problems. In the previous three years, there haven’t been any major stability issues.

What do I think about the scalability of the solution?

I've seen no scalability issues in any of the environments where I am working at the moment. I've seen how it handles a lot of load. I'm talking about a 5,000-user environment. It can handle a lot of logs and events coming through simultaneously.

If you spec it properly, with the proper hardware requirements, then it doesn’t crash. I've seen how people give it way less specs than it should have, then it does crash. But that was the fault on the users’ side, and not the fault of the product.

How is customer service and technical support?

I would give technical support a rating of an eight out of 10. When they help you with a call for a problem with the product, which I've had twice, the next day, they roll out an update worldwide for all their products to be patched on that problem.

They lose too much time, in my opinion. Normally, you struggle a bit to get a hold of them and get to the correct person to assist you. Even though this isn't a very big delay, it usually takes about an hour. However, in my company, an hour can make a very big difference in my life. For example, it will take me about an hour to an hour and a half to get support from them. I'm a person who loves to get it done now. So if you don't mind waiting about an hour, then it can be very good support. When you log a call with IBM, it takes them about an hour to start working on the problem.

How was the initial setup?

The setup was very straightforward. It's basically, "next, next, type in machine details and next”, then you are finished.

What's my experience with pricing, setup cost, and licensing?

IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.

Which other solutions did I evaluate?

I wasn't completely part of the whole process when they chose a product. I know they evaluated AlienVault, which unfortunately, I do not have any experience with, neither was I part of the whole processes. I'm not able to provide pointers as to why the company chose IBM QRadar. I believe it's because we are a partner with them.

What other advice do I have?

Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Partner.
PeerSpot user
it_user631671 - PeerSpot reviewer
Information Security Analyst at a media company with 1,001-5,000 employees
Real User
It takes log files from different viewpoints and puts them together in one place. I would like to see better support.

What is most valuable?

The most valuable feature is the co-ordination of the data it has, such as getting all sorts of log files from different viewpoints and putting it together in one place, so that the incident responders can get all the data they need to see the bigger picture.

How has it helped my organization?

We get more insights into the company's assets and vulnerabilities.

What needs improvement?

It is hard to tell which areas have room from improvement because we always think of new features and inform them to IBM, which they include in the next patch.

We recently went to an IBM conference to look into the Watson feature and see what they could do for us.

I would like to see better support. Their support is good, but I would say, they could do better.

What do I think about the stability of the solution?

For us, it's kind of wonky because we always try to be bleeding edge and always try to do updates. So, we're always pushing the system to its limit. It's pretty stable, but we always have open issues with it, with IBM.

What do I think about the scalability of the solution?

The scaling was done pretty well with IBM and the architecture teams. I think our system has scaled appropriately.

How are customer service and technical support?

The technical support really depends on who you get, at the time you call. There are good guys and bad guys. I can't really say. On a scale of 1 to 5, I would give them a 4/5 rating from our experience. We have a pretty good relationship with them.

Which solution did I use previously and why did I switch?

When I started out, this product was already bought and implemented by my company.

How was the initial setup?

The setup was a mixture of both, i.e., simple and complex.

It was complex because I had never dealt with it before. I had never set up a system like that. At the end, it got better.

What other advice do I have?

You should totally go for it. I've seen a couple systems out there, but I think IBM QRadar is one of the better solutions available.

Professionalism and to always be there when I call are the most important criteria when selecting a vendor. With IBM it's pretty good. We have our sales guy, who is always on top of everything.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Manager at a financial services firm with 1,001-5,000 employees
Real User
It has higher availability than other tools and can consolidate all alerts and detections, but its scalability has room for improvement
Pros and Cons
  • "What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
  • "You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."

What is our primary use case?

My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard.

My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities.

My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.

What is most valuable?

What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools. It consolidates all alerts and detections from the other tools, but my team has to check each tool. As my company lacks the manpower to do that, my team has to do monitoring while working on making each function clear.

What needs improvement?

As a product, IBM QRadar User Behavior Analytics does everything mentioned on the datasheet for my company's version. Still, compatibility is a problem because my company needs to use an updated version of the tool. That version doesn't integrate with many new-generation tools, so this is an area for improvement.

You can scale IBM QRadar User Behavior Analytics, but it has room for improvement.

For how long have I used the solution?

I've been using IBM QRadar User Behavior Analytics for years.

What do I think about the stability of the solution?

IBM QRadar User Behavior Analytics has been stable, and my team has made no significant changes since 2015. The team is working on utilizing it most efficiently.

What do I think about the scalability of the solution?

The scalability of IBM QRadar User Behavior Analytics is a six out of ten.

How are customer service and support?

My company doesn't get support from IBM because it's on a perpetual usage type of contract. My team can configure IBM QRadar User Behavior Analytics but cannot contact IBM for help.

When I used to get technical support for IBM QRadar User Behavior Analytics, I'd say it was a seven out of ten.

What other advice do I have?

The version of IBM QRadar User Behavior Analytics, which my company uses, is a little outdated from 2013. That version doesn't have the log collection feature.

My rating for the version of IBM QRadar User Behavior Analytics I'm using is a seven overall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Yaw Agyare - PeerSpot reviewer
Managing Director at Volta River Authority
Real User
Great predictive analysis capabilities and provides good visibility
Pros and Cons
  • "We find predictive analysis capabilities valuable."
  • "The solution should include remote action capabilities."

What is our primary use case?

Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.

What is most valuable?

We find predictive analysis capabilities valuable.

What needs improvement?

The solution should include remote action capabilities.

For how long have I used the solution?

We have been using the solution for approximately three years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. Over 1,000 people in our organization use the solution.

How was the initial setup?

The initial setup is moderate, and it is neither easy nor difficult. However, it took approximately one week to complete the implementation.

What about the implementation team?

We implemented it through a vendor team.

Which other solutions did I evaluate?

We chose this solution because it was provided to us through software as a service.

What other advice do I have?

I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability. I recommend the solution to new users considering it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 20
Scalable, easy to use, but lacking features and modern user interface
Pros and Cons
  • "IBM QRadar User Behavior Analytics's most important feature is its ease of use."
  • "IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."

What is our primary use case?

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

How has it helped my organization?

When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

What is most valuable?

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

What needs improvement?

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

For how long have I used the solution?

I have been using IBM QRadar User Behavior Analytics for approximately three years.

What do I think about the stability of the solution?

IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

What do I think about the scalability of the solution?

The scalability of IBM QRadar User Behavior Analytics is good. 

We have two people using this solution. We do not have plans to increase usage.

How are customer service and support?

We use a consultancy company for support and are not directly connected to IBM support.

How was the initial setup?

The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

What about the implementation team?

We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

What was our ROI?

I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

What's my experience with pricing, setup cost, and licensing?

IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

I rate the price of IBM QRadar User Behavior Analytics a four out of five.

What other advice do I have?

IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

I rate IBM QRadar User Behavior Analytics a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.