Try our new research platform with insights from 80,000+ expert users
Cyber threat Intelligence Manager at CyberLab Africa
Real User
Beneficial log reporting, excellent technical support, but stability needs improvement
Pros and Cons
  • "The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
  • "There is a shortage of skilled individuals with knowledge about the solution. There is training required."

What is our primary use case?

We use IBM QRadar for threat protection.

What is most valuable?

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

What needs improvement?

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

For how long have I used the solution?

I have been using this solution for approximately one year.

Buyer's Guide
IBM Security QRadar
June 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,592 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability of the solution could improve.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and support?

The technical support is great. Additionally, there are plenty of resources available to increase knowledge about the solution.

Which solution did I use previously and why did I switch?

We have used other solutions in the past.

How was the initial setup?

The installation is not very difficult, I did not have any problems.

What about the implementation team?

We used consultants for the implementation. We have five engineers that do the maintenance of this solution.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution.

What other advice do I have?

I would recommend this solution to others.

I rate IBM QRadar a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1348482 - PeerSpot reviewer
Practice Head at a tech services company with 51-200 employees
Real User
Flexible correlation, easy to use, and stable
Pros and Cons
  • "It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
  • "The technical support can be improved a little bit, and the price could be cheaper."

What is our primary use case?

We have a POC environment but have not onboard it to any of our clients.

What is most valuable?

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

What needs improvement?

The technical support can be improved a little bit, and the price could be cheaper.

For how long have I used the solution?

I have been using IMB QRadar for one year.

What do I think about the stability of the solution?

IBM QRadar is a stable solution.

How are customer service and technical support?

Technical support needs improvement.

Which solution did I use previously and why did I switch?

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

IBM QRadar is a little bit expensive compared to other products.

What other advice do I have?

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Buyer's Guide
IBM Security QRadar
June 2025
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,592 professionals have used our research since 2012.
reviewer1623684 - PeerSpot reviewer
Security Analyst at a tech services company with 51-200 employees
Real User
Well priced with information granularity, but has lousy tech support and provides false positives of attacks
Pros and Cons
  • "Most valuable features include the granularity of information."
  • "IBM technical support is always terrible."

What is most valuable?

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

What needs improvement?

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

For how long have I used the solution?

I have been using IBM QRadar for five years. 

What do I think about the scalability of the solution?

When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities. 

How are customer service and technical support?

:
IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls. 

I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this. 

How was the initial setup?

The initial setup is quite straitforward and not so difficult. 

What's my experience with pricing, setup cost, and licensing?

The pricing is always fine. 

What other advice do I have?

We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use. 

I rate IBM QRadar as a six or seven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Sr.Network Engineer at NTT Security
Real User
A reliable and scalable solution for network behavior and log analytics
Pros and Cons
  • "The solution is reliable."
  • "I need a solution which will send alerts in the event of any behavior."

What is our primary use case?

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

What is most valuable?

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

What needs improvement?

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

What do I think about the stability of the solution?

The solution is reliable. 

What do I think about the scalability of the solution?

The scalability is fine. 

How are customer service and technical support?

Technical support is okay. We have had no issues with them. 

What's my experience with pricing, setup cost, and licensing?

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

What other advice do I have?


Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Information Security Manager at a tech services company with 1,001-5,000 employees
Real User
Easy to set up but support is lacking
Pros and Cons
  • "The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
  • "The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."

What is our primary use case?

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

What needs improvement?

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

How are customer service and technical support?

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

How was the initial setup?

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

Which other solutions did I evaluate?

I am evaluating Splunk.

What other advice do I have?

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1584831 - PeerSpot reviewer
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees
Real User
Protects our network from various threats
Pros and Cons
  • "The threat hunting capabilities in general are great."

    What is our primary use case?

    We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

    Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

    How has it helped my organization?

    The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.

    What is most valuable?

    The threat hunting capabilities in general are great. 

    What needs improvement?

    I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

    For how long have I used the solution?

    I have been using this solution for two and a half years. 

    What do I think about the stability of the solution?

    This solution is quite stable. 

    How are customer service and technical support?

    We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.

    Which solution did I use previously and why did I switch?

    We used to use Splunk.

    How was the initial setup?

    How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything. 

    Deployment took two to three weeks from beginning to end.

    What's my experience with pricing, setup cost, and licensing?

    The price of this solution is a little high.

    What other advice do I have?

    Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required. 

    Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.

    Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
    PeerSpot user
    reviewer1520922 - PeerSpot reviewer
    Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
    MSP
    Flexible, easy to use, and scalable
    Pros and Cons
    • "The solution is flexible and easy to use."
    • "IBM is going through some problems with its resources currently making its support response time slow."

    What is our primary use case?

    We are a service provider and we are providing the solution as a managed service for multitenancy security.

    What is most valuable?

    The solution is flexible and easy to use.

    What needs improvement?

    IBM is going through some problems with its resources currently making its support response time slow.

    For how long have I used the solution?

    I have been using the solution for a couple of months.

    What do I think about the stability of the solution?

    I find the solution reliable. 

    What do I think about the scalability of the solution?

    The solution is scalable. We have 15 customers using it at the moment.

    How are customer service and technical support?

    The support could be a lot better by being faster.

    Which solution did I use previously and why did I switch?

    We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

    How was the initial setup?

    The installation was a little difficult and could be made easier.

    Which other solutions did I evaluate?

    We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

    What other advice do I have?

    I would recommend this solution to others. We have invested in it and we plan on using it in the future.

    I rate IBM QRadar an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer. Implementer
    PeerSpot user
    reviewer1421823 - PeerSpot reviewer
    Deputy General Manager at a comms service provider with 5,001-10,000 employees
    Real User
    Correlation done well, fair pricing, and knowledgeable technical team
    Pros and Cons
    • "When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
    • "I have noticed the interface has room for improvement."

    What is most valuable?

    We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

    What needs improvement?

    Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

    For how long have I used the solution?

    I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

    How are customer service and technical support?

    The solution has a good technical team.

    How was the initial setup?

    The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

    What's my experience with pricing, setup cost, and licensing?

    When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

    Which other solutions did I evaluate?

    We have compared Securonix and many other solutions to this one.

    What other advice do I have?

    I rate IBM QRadar a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer. partner
    PeerSpot user
    Buyer's Guide
    Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2025
    Buyer's Guide
    Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.