We changed our name from IT Central Station: Here's why
ITCS user
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 20
Can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent.
Pros and Cons
  • "Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
  • "AI is superb but need improvements."

What is our primary use case?

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

How has it helped my organization?

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

What is most valuable?

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

What needs improvement?

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

For how long have I used the solution?

One to three years...

What do I think about the stability of the solution?

No issues.

How are customer service and technical support?

Very good

Which solution did I use previously and why did I switch?

Mcafee, switched due to the bad correlation of data.

How was the initial setup?

It was straightforward

Which other solutions did I evaluate?

Splunk and Logrhythm..

What other advice do I have?

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
Top 5Leaderboard
Flexible, easy to use, and scalable
Pros and Cons
  • "The solution is flexible and easy to use."
  • "IBM is going through some problems with its resources currently making its support response time slow."

What is our primary use case?

We are a service provider and we are providing the solution as a managed service for multitenancy security.

What is most valuable?

The solution is flexible and easy to use.

What needs improvement?

IBM is going through some problems with its resources currently making its support response time slow.

For how long have I used the solution?

I have been using the solution for a couple of months.

What do I think about the stability of the solution?

I find the solution reliable. 

What do I think about the scalability of the solution?

The solution is scalable. We have 15 customers using it at the moment.

How are customer service and technical support?

The support could be a lot better by being faster.

Which solution did I use previously and why did I switch?

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

How was the initial setup?

The installation was a little difficult and could be made easier.

Which other solutions did I evaluate?

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

What other advice do I have?

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
Practice Head at a tech services company with 51-200 employees
Real User
Top 20
Flexible correlation, easy to use, and stable
Pros and Cons
  • "It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
  • "The technical support can be improved a little bit, and the price could be cheaper."

What is our primary use case?

We have a POC environment but have not onboard it to any of our clients.

What is most valuable?

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

What needs improvement?

The technical support can be improved a little bit, and the price could be cheaper.

For how long have I used the solution?

I have been using IMB QRadar for one year.

What do I think about the stability of the solution?

IBM QRadar is a stable solution.

How are customer service and technical support?

Technical support needs improvement.

Which solution did I use previously and why did I switch?

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

IBM QRadar is a little bit expensive compared to other products.

What other advice do I have?

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Olakanmi Oluwole
Cyber threat Intelligence Manager at CyberLab Africa
Real User
Top 5
Beneficial log reporting, excellent technical support, but stability needs improvement

What is our primary use case?

We use IBM QRadar for threat protection.

What is most valuable?

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

What needs improvement?

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The stability of the solution could improve.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and technical support?

The technical support is great.…

What is our primary use case?

We use IBM QRadar for threat protection.

What is most valuable?

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

What needs improvement?

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The stability of the solution could improve.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and technical support?

The technical support is great. Additionally, there are plenty of resources available to increase knowledge about the solution.

Which solution did I use previously and why did I switch?

We have used other solutions in the past.

How was the initial setup?

The installation is not very difficult, I did not have any problems.

What about the implementation team?

We used consultants for the implementation. We have five engineers that do the maintenance of this solution.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution.

What other advice do I have?

I would recommend this solution to others.

I rate IBM QRadar a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gian Michele Roletto
SOC Manager at Nais Srl
Real User
Top 5Leaderboard
Feature - rich, well priced and has good support
Pros and Cons
  • "The interface is good."
  • "I would like to see the update process simplified."

What is our primary use case?

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

What is most valuable?

It's a complete platform.

The interface is good.

They have more than 100 features.

What needs improvement?

It is not easy to use.

The updates are not very easy. It is very complex. I would like to see the update process simplified.

When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

For how long have I used the solution?

We have used IBM QRadar within the last twelve months.

What do I think about the stability of the solution?

IBM QRadar is a stable solution.

What do I think about the scalability of the solution?

It's a scalable platform.

How are customer service and support?

Technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?


What's my experience with pricing, setup cost, and licensing?

Pricing is good.

What other advice do I have?

I would rate IBM QRadar an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: As a SOC we are real user of QRadar platform for more then one customers.
Flag as inappropriate
Certified AIX I.T Manager at a financial services firm with 10,001+ employees
Real User
Easy to use and useful for preparing use cases

What is our primary use case?

We primarily use QRadar for monitoring and preparing use cases.  This solution is deployed on-prem. 

What is most valuable?

The most important and valuable feature of QRadar is how useful it is for preparing use cases. It's also easy to use. 

What needs improvement?

The GUI of QRadar should be improved. 

For how long have I used the solution?

I have been using IBM QRadar for one year. 

What do I think about the stability of the solution?

QRadar is stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

I have contacted IBM's technical support—it was great. They are very knowledgeable. 

How was the initial setup?

QRadar is very easy to install, and I…

What is our primary use case?

We primarily use QRadar for monitoring and preparing use cases. 

This solution is deployed on-prem. 

What is most valuable?

The most important and valuable feature of QRadar is how useful it is for preparing use cases. It's also easy to use. 

What needs improvement?

The GUI of QRadar should be improved. 

For how long have I used the solution?

I have been using IBM QRadar for one year. 

What do I think about the stability of the solution?

QRadar is stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

I have contacted IBM's technical support—it was great. They are very knowledgeable. 

How was the initial setup?

QRadar is very easy to install, and I can do it myself. The time period will depend on the organization itself, since it depends on the environment and the number of servers and endpoints. 

What about the implementation team?

I implemented this solution myself. 

What's my experience with pricing, setup cost, and licensing?

I pay for licensing yearly. 

Which other solutions did I evaluate?

I also evaluated a lot of SIEM solutions, but I like LogRhythm and QRadar. 

What other advice do I have?

I rate QRadar an eight out of ten. I would recommend QRadar, as well as LogRhythm, to others considering implementation. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oscar Orellana
Founder at a university with 11-50 employees
Real User
Top 10
Stable, easy to set up, and has good support

What is our primary use case?

This product helps to build a strong architecture, which is important to avoid problems.

What is most valuable?

I think the QDI is very good.

What needs improvement?

The biggest drawback of this solution is the price. The threat detection needs improvement, they have many false positives. It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

For how long have I used the solution?

I have been using IBM QRadar for three years. We are using version 7.4.3

What do I think about the stability of the solution?

It's a stable solution.

How are customer service and technical support?

We have many interactions with L2 support when we needed L3 support.…

What is our primary use case?

This product helps to build a strong architecture, which is important to avoid problems.

What is most valuable?

I think the QDI is very good.

What needs improvement?

The biggest drawback of this solution is the price.

The threat detection needs improvement, they have many false positives.

It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

For how long have I used the solution?

I have been using IBM QRadar for three years.

We are using version 7.4.3

What do I think about the stability of the solution?

It's a stable solution.

How are customer service and technical support?

We have many interactions with L2 support when we needed L3 support. I would rate technical support an eight out of ten.

How was the initial setup?

The initial setup is straightforward. We had no problems.

It took approximately a month to deploy.

What's my experience with pricing, setup cost, and licensing?

This price is a little high, so it's an expensive product. It is a good solution but not a cheap one.

What other advice do I have?

I would rate IBM QRadar a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
AVP - Security at a tech services company with 501-1,000 employees
Real User
Scalable, high visibility, and good technical support

What is our primary use case?

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

What is most valuable?

I have found visibility very helpful for analytics.

What needs improvement?

This solution is on-premise and many customers are moving to the cloud base solution.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

I have not had any complaints from my clients about the stability of the solution.

What do I think about the scalability of the solution?

The solution is scalable. Our customers that are using this…

What is our primary use case?

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

What is most valuable?

I have found visibility very helpful for analytics.

What needs improvement?

This solution is on-premise and many customers are moving to the cloud base solution.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

I have not had any complaints from my clients about the stability of the solution.

What do I think about the scalability of the solution?

The solution is scalable. Our customers that are using this solution are mainly large-sized companies, such as the government.

How are customer service and technical support?

The technical support is very good.

What other advice do I have?

Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services.

I rate IBM QRadar a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.