We changed our name from IT Central Station: Here's why
Daniel Sichel
User at a healthcare company with 5,001-10,000 employees
Real User
Top 5
Good visibility of network and endpoints, correlate events to specific point-in-time
Pros and Cons
  • "The ability to transition from microscopic to macroscopic view, instantly, is very good."
  • "I would like to see a better GUI."

What is our primary use case?

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

How has it helped my organization?

This has been indispensable in detecting intrusion attempts and many forms of malicious activity. 

What is most valuable?

This solution provides amazing visibility into the network and endpoints. The ability to correlate point in time and things happening over time is priceless in today's threat environment.

The rules can look for things both from log sources and from data traversing your network which is unique in the SIEM world and makes QRadar a consistent magic quadrant leader.

The QNI file hash in-flight search is helpful.

The ability to transition from microscopic to macroscopic view, instantly, is very good.

What needs improvement?

I would still  like to see a better GUI. improvements have been made but there still a way to go.

There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again.  In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered  carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for  5 or 6 figures in hardware  and software, it aught to keep up with my typing. 

But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

For how long have I used the solution?

I have been using IBM QRadar for more about five years.

What do I think about the scalability of the solution?

Scalability is very good.

What's my experience with pricing, setup cost, and licensing?

This is not a trivial undertaking. You will need at least one experienced user and considerable infrastructure to support this if you use the on-prem version which we did. The cloud version has less overhead but there are some limitations so choose carefully.

Which other solutions did I evaluate?

Other solutions were investigated but none none came close to QRadar's capability.

What other advice do I have?

If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ashok KumarLokhande
Cyber Security Consultant at Omana Airport Management Company
Real User
Top 5
Good monitoring functionality that helps us to identify threats, but dealing with support is a struggle
Pros and Cons
  • "We can easily monitor many things using this tool."
  • "They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."

What is our primary use case?

QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.

How has it helped my organization?

QRadar is helping us to identify ongoing, day-to-day threats. We use it to analyze the risk in our environment, including user behaviors. We can easily monitor many things using this tool.

What is most valuable?

All of the features offered by this product are useful for analysis. Essentially, everything that it offers is critical and we use it.

What needs improvement?

Several things need to be improved.

We have been struggling with the QRadar support team for quite a long time. There are things that they can reproduce in their lab environment and can fix, yet we struggled with them trying to get this done. These issues included things like custom logs. There are many things that they need to improve upon.

This product should support multiple log sources.

They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules.

The risk manager module needs to be improved.

It's not a very user-friendly interface.

For how long have I used the solution?

I have been working with IBM QRadar for seven years.

What do I think about the stability of the solution?

IBM QRadar is quite stable.

What do I think about the scalability of the solution?

We have approximately 50 users and we keep expanding its usage. It is growing on the infrastructure level, as well as the EPS level.

Three or four administrators are all that is required for the maintenance.

I recommend this product for large enterprises.

How are customer service and support?

We have had a lot of trouble with technical support. As of late, they take too long to respond to our issues. For 99% of our issues, they take too long to respond. It's not instant.

Which solution did I use previously and why did I switch?

I do not have any experience with other SIEM solutions. QRadar is the first one for me.

How was the initial setup?

The initial setup is complex because it is not managed properly.

Our implementation strategy is based on it being a distributed environment.

What about the implementation team?

We completed the implementation and deployment ourselves.

Which other solutions did I evaluate?

We did not evaluate other options prior to selecting QRadar.

What other advice do I have?

This is a good product for large enterprises. Smaller companies should implement an open-source solution but for a large enterprise, QRadar is a good product.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,780 professionals have used our research since 2012.
Oscar Orellana
Founder at a university with 11-50 employees
Real User
Top 10
A stable, scalable, and easy-to-use solution that lets you view users' activities
Pros and Cons
  • "The UBA feature is the most valuable because you can see everything about users' activities."
  • "The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."

What is most valuable?

The UBA feature is the most valuable because you can see everything about users' activities. 

What needs improvement?

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

For how long have I used the solution?

I started to use it two to three years ago.

What do I think about the stability of the solution?

Its stability is very good. I don't have any problem with it.

What do I think about the scalability of the solution?

It has good scalability. It is easy to scale, but it is a little bit expensive to scale because you have to pay a lot for everything.

How are customer service and technical support?

Their technical support is good.

Which solution did I use previously and why did I switch?

I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.

How was the initial setup?

It is an easy tool for me, so the initial setup was easy for me, but it might not be easy for everyone. If you compare it with Kibana, QRadar is easier to implement.

The implementation strategy was to follow the users, collect the logs, and then implement QRadar.

What about the implementation team?

We implemented it ourselves.

What's my experience with pricing, setup cost, and licensing?

Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar.

What other advice do I have?

When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use.

I would rate IBM QRadar a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Suraj Jagtap
Senior Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
Feature rich solution recommended for every customer
Pros and Cons
  • "The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
  • "In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."

What is most valuable?

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

What needs improvement?

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature.  Additionally, QRadar has to provide the playbooks designing features.

For how long have I used the solution?

I have been working with IBM QRadar for the last four years.

What do I think about the stability of the solution?

QRadar is very stable in our deployment. I'm not aware of other customer deployments.

What do I think about the scalability of the solution?

IBM QRadar is scalable. We can scale it according to our requirements. We can scale it up, as per our requirement. We can increase the resources, we can increase the storage. We can do everything with QRadar.

How are customer service and technical support?

Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend.

Which solution did I use previously and why did I switch?

We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.

How was the initial setup?

The initial setup for QRadar is easy. It is easy to understand and easy to implement.

What's my experience with pricing, setup cost, and licensing?

As compared to LogRhythm, IBM QRadar's pricing is moderate.

What other advice do I have?

We recommend QRadar. It is a good product, a good solution.

Every customer should go with IBM QRadar.

On a scale of one to ten, I would give IBM QRadar a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees
Real User
Top 20
Easy to use, provides environment visibility, and assists with incident discovery in advance of problems to the business
Pros and Cons
  • "This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
  • "The modularity could be improved."

What is our primary use case?

We are using QRadar as a managed service.

How has it helped my organization?

This product helps us to find security incidents before they become a problem to the business. We are able to attend to them quicker and we can put protection in place so that should they occur again, we are able to deal with them more easily.

What is most valuable?

The most valuable feature is the ease of use.

What needs improvement?

The modularity could be improved.

For how long have I used the solution?

We have been using IBM QRadar for three years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

We have had no issues with scalability and we have approximately 1,500 users. We are not using its full capabilities at the moment because we are still growing. In the next year or two, we will see.

How are customer service and technical support?

I don't deal with IBM directly. Rather, I deal with our service provider and they deal with IBM.

How was the initial setup?

The initial set was very easy for us because we just bought what we were looking for, and not the entire infrastructure.

What about the implementation team?

The company that we subscribe to for this service takes care of the installation, maintenance, and management of it. They give us updates that concern the features we use, so the maintenance doesn't affect us much.

What's my experience with pricing, setup cost, and licensing?

We use QRadar as a managed service and we pay licensing fees to the partner.

What other advice do I have?

This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AndyChan3
General manager at MOL-IT India Pvt. Ltd.
Real User
Top 5Leaderboard
Good detect rate with a small number of false positives, and support resolves issues quickly
Pros and Cons
  • "The detection rate is good and the false positive rate is low."
  • "They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."

What is our primary use case?

We used this product as a SIEM, for information security.

How has it helped my organization?

This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.

What is most valuable?

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

What needs improvement?

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

For how long have I used the solution?

We have used IBM QRadar for approximately two years.

What do I think about the stability of the solution?

I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.

How are customer service and technical support?

Technical support is quick to resolve issues.

Which solution did I use previously and why did I switch?

We developed our own application to use as a SIEM, but we switched to QRadar.

How was the initial setup?

The initial setup is complex and the deployment takes approximately three months.

What's my experience with pricing, setup cost, and licensing?

It would be great if this product were cheaper.

Which other solutions did I evaluate?

We did evaluate other options before selecting this product.

What other advice do I have?

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.

My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solution Security Architect at PT. Sinergy Informasi Pratama
Real User
Top 20
Provides great analysis of event logs, event security; easily manageable with one monitor
Pros and Cons
  • "It can analyze event logs, event security, and give a good consult."
  • "Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."

What is our primary use case?

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

What is most valuable?

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

What needs improvement?

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

For how long have I used the solution?

I've been using this solution for a year. 

What do I think about the stability of the solution?

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

What do I think about the scalability of the solution?

The scalability is easy but it comes at a high price.

How are customer service and support?

IBM in Indonesia provides great support.

How was the initial setup?

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

What's my experience with pricing, setup cost, and licensing?

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

What other advice do I have?

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Ingénieur d'étude R&D at DOGA
Real User
Top 20
Easy to use, helps increase development speed and is stable
Pros and Cons
  • "The solution is relatively easy to use."
  • "The pricing of the solution is a bit high. If they could lower it, that would be ideal."

What is our primary use case?

We primarily use the solution to develop software, for some device controllers.

What is most valuable?

The solution is relatively easy to use.

The product helps increase development speed.

The customization is very good, as are the dashboards and the security.

What needs improvement?

I'm not sure if there are any features missing from the solution. It's pretty complete.

The pricing of the solution is a bit high. If they could lower it, that would be ideal.

For how long have I used the solution?

I've been using the solution for three years or so at this point. It hasn't been too long.

What do I think about the stability of the solution?

The solution is quite stable. It doesn't have bugs or glitches. It doesn't crash on me or freeze. It's reliable.

What do I think about the scalability of the solution?

I only really use the solution myself. I can't speak to the scalability of the solution.

How are customer service and technical support?

I've never had to reach out to technical support. I can't speak to their responsiveness or knowledgeability.

How was the initial setup?

The initial setup was not complex at all. It's pretty straightforward and simple. We didn't face any real issues during the deployment process.

What's my experience with pricing, setup cost, and licensing?

The price can be expensive, however, it's all relative, as it helps speed up development, which can save money for the organization. 

The payments for the product are made on a yearly basis.

What other advice do I have?

I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it.

I would recommend the solution to other organizations, however, if it is right for them depends on their need.

Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.