Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.
IT Security and Business Development Manager at a computer software company with 51-200 employees
Enables us to ensure that the data being transferred from one company to another is done securely but it needs better cloud security
Pros and Cons
- "The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
- "Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
What is our primary use case?
How has it helped my organization?
The security has improved my organization.
What is most valuable?
The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.
What needs improvement?
If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email.
Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them.
If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers.
We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.
Buyer's Guide
IBM Security QRadar
August 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
865,295 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
Stability is very good. It's better than it used to be.
What do I think about the scalability of the solution?
Scalability is very good.
Everyone has used this solution for security purposes. We use it daily.
How are customer service and support?
The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two.
How was the initial setup?
The initial setup is fine. The moment we send the packets for an update it's easy but then there are challenges for the users. We have actually changed the hardware, so it got updated. We have to check if the problems are due to the hardware or due to the software.
The initial setup normally will take a day. it depends on the number of users. We have 300 users on the system which took around ten days.
We require five to ten staff members for deployment and maintenance.
Which other solutions did I evaluate?
Before we went with IBM, we didn't look at other solutions but recently I looked into switching to Palo Alto and also evaluated Fortinet.
What other advice do I have?
I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it.
I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Senior Cybersecurity Consultant at CIA Botswana
Enables our clients to detect threats and vulnerabilities in real time
Pros and Cons
- "Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
- "The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
What is our primary use case?
Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.
How has it helped my organization?
Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast.
What is most valuable?
The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.
What needs improvement?
The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.
The configuration steps are not easy to follow compared to NetWitness.
What do I think about the scalability of the solution?
Scalability is good. I have plans to increase usage it just depends on the contracts. If I get more contracts I get more people. Most clients want to manage security and so they would want to outsource their expertise. If they outsource their expertise that means I have to recruit more people.
How are customer service and technical support?
Their technical support is pretty good.
How was the initial setup?
The initial setup was easy. It usually takes around three months or so. In terms of the implementation strategy, once we get the correct events sorted, the strategy is to connect enough events sources so that they give you an efficient solution.
We require five to ten people for setup and maintenance.
What about the implementation team?
I'm the consultant so we do the implementation ourselves.
What's my experience with pricing, setup cost, and licensing?
The licensing depends on the customer. The pricing is good.
What other advice do I have?
I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller.
Buyer's Guide
IBM Security QRadar
August 2025

Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
865,295 professionals have used our research since 2012.
Security Consultant at Varutra Consulting
The product is easy to use, but it needs a comprehensive PDF user guide
Pros and Cons
- "The stability is good."
- "The scalability is good."
- "I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
What is our primary use case?
We use it to detect security incidents.
What is most valuable?
- IBM Resilient Incident
- IBM Threat Intelligence
- IBM QRadar is easy to use.
What needs improvement?
The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects.
They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
The scalability is good.
How are customer service and technical support?
I haven't contact the technical support yet.
What about the implementation team?
We have a security consultant for our deployments.
We haven't deployed yet, but our client has deployed IBM QRadar. We have been monitoring it, creating rules, and fine tuning it. These are my responsibility with respect to QRadar.
I did not get opportunity or experience to deploy the QRadar into the client's environment.
Which other solutions did I evaluate?
We are recommending IBM QRadar, SolarWinds, and ArcSight to our clients.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Security Engineer at dig8labs
Custom parsing tool makes customization easy, and UI is friendly
Pros and Cons
- "The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
- "The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
How has it helped my organization?
The features make my work easier.
What is most valuable?
The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.
Customizing it is very easy and it has a user-friendly interface.
What needs improvement?
The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.
For how long have I used the solution?
More than five years.
What do I think about the scalability of the solution?
The scalability is good. I'm quite satisfied with it.
How are customer service and technical support?
Technical support is the area IBM should work on. Support is not that responsive. If I open a support ticket, it takes three to four days for them to respond. They take that much time.
Which solution did I use previously and why did I switch?
I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.
How was the initial setup?
The initial setup was very straightforward. I didn't have to do anything once I installed it and configured it. It was very simple. Other solutions I have worked on, such as McAfee and LogRhythm, are a bit complex. This one is very easy to install and configure.
The deployment takes one to two months, max. The implementation strategy is totally dependent on the number of EPS, the requirements, and the types of log sources. We collect this information and then create our strategy.
I have been an engineer in many firms. I have deployed it by myself. One expert can deploy it. If there are 100,000 EPS you'll need more resources. If you have 5,000 to 10,000 EPS, one person can do it.
What's my experience with pricing, setup cost, and licensing?
IBM has subscriptions plans that run for one year.
What other advice do I have?
Overall, it's much better than other products.
In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner.
Senior Server Security Engineer at a consultancy with 11-50 employees
Has great scalablity, if you use APS 25 GPS license you can change to 3000 EPS anytime
Pros and Cons
- "IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
- "I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
What is our primary use case?
Our primary use case of this solution is to identify threats.
How has it helped my organization?
We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is.
What is most valuable?
This solution has many valuable features but I especially like the Log Manager feature.
What needs improvement?
I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.
IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
IBM QRadar is stable and scalable.
What do I think about the scalability of the solution?
Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.
How are customer service and technical support?
We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support.
How was the initial setup?
The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions.
It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.
What about the implementation team?
We deploy it for our clients.
What's my experience with pricing, setup cost, and licensing?
Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.
What other advice do I have?
I would rate it an eight out of ten. Not a ten because of the complex interface.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller.
Easy to use and helps me analyze incidents that occur
Pros and Cons
- "They should provide more manual examples online so that I can learn it myself."
What is our primary use case?
I use it to analyze incidents.
What is most valuable?
I like the API and it's easy to use.
What needs improvement?
They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement.
For how long have I used the solution?
More than five years.
How was the initial setup?
We require eight staff members for the maintenance.
What's my experience with pricing, setup cost, and licensing?
It's too expensive.
What other advice do I have?
I would rate it an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Field Manager at a security firm with 11-50 employees
Good scalability and straightforward setup, all in all, a good solution
Pros and Cons
- "It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
- "I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
What is our primary use case?
It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.
What needs improvement?
I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution.
What do I think about the scalability of the solution?
It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.
How was the initial setup?
The initial setup was straightforward. The deployment time depends on each customer. We have customers who have different infrastructures and their deployments are quite different. If we rack and stack it, around two, three days, maximum a week, but configuration and optimization take up to somewhere between six months and one year.
What other advice do I have?
I would rate it an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller.
Cyber Security Team Leader at a tech services company with 501-1,000 employees
Enables us to add extensions that provide valuable test ports but is not the best solution on the market
Pros and Cons
- "The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
- "Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
What is our primary use case?
Our primary use case of this solution is for our customer's operations.
What is most valuable?
The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.
What needs improvement?
I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel.
I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions.
For how long have I used the solution?
Less than one year.
What do I think about the scalability of the solution?
We've only been using it for eight months so we haven't scaled much during this time but it seems to be very scalable. We use it a minimum of eight hours a day.
Which solution did I use previously and why did I switch?
We used ArcSight.
What about the implementation team?
We did the integration ourselves. It was straightforward.
What's my experience with pricing, setup cost, and licensing?
It is cheaper than ArcSight.
What other advice do I have?
I would rate this solution a six out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: August 2025
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Fortinet FortiEDR
Dynatrace
Microsoft Sentinel
Splunk Enterprise Security
Darktrace
SentinelOne Singularity Complete
Microsoft Defender XDR
Cortex XDR by Palo Alto Networks
Elastic Security
Grafana Loki
Trellix Endpoint Security Platform
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?