IBM QRadar

IBM QRadar Reviews

Do you work for this company? Learn how we help vendors

Ratings and Reviews
(1-25 of 106)

Companies can't remove reviews or game the system. Here's why
July 21, 2021

A SIEM that works

Score 10 out of 10
Vetted Review
Verified User
Review Source
This is our enterprise-wide solution for SIEM. We run this in our IT department and send many different application logs to the SIEM. We use the IBM QRadar tool as one of the applications we display on our 6x6 SOC. The application is fundamental to our security posture, we track log in failures, VPN connections, lateral movement and other key pieces of information that we deem important to cybersecurity.
  • Ingest logs from other application
  • Clean graphical displays of key security metrics
  • Filter data events
  • High end analytics
  • Correlation of data events across disparate applications
  • The tool needs a collaboration feature like an internal chat tool
  • Pricing model is very high
  • Pricing structure could be simplified
  • Enhancements could be faster
This is by far the best SIEM on the market. The tool does exactly what it is designed to do and is really good at it. The tool is fantastic at acting as the front end for all of your security stack. We use it constantly throughout the day.
July 12, 2021

A Robust Solution

Muhannad Zarour | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Consulting on the platform.
  • Scalable and modular (e.g., distributed architecture)
  • Many other IBM products enhance its capability (e.g., Guardium, Watson, QRM, QVM, X-force)
  • Full payload inspection and correlation using the QNI feature
  • Robust HA capabilities
  • Licensing model complexity
  • Abundance in documentation makes it a challenge to find relevant guidance
  • QVM enhancement many organizations prefer other third-party scanners
Any organizations may benefit from IBM QRadar regardless of size, as offerings are available for all sizes and deployment types, including cloud (e.g., QRoC). But the organization needs to invest heavily in competency (e.g., skilled people, training).
Score 9 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar SIEM provides on-demand analyses of security alerts generated by applications and hardware on our networks. These security tools provide a combination of solutions and functions inside our new line of business.

The IBM QRadar is engineered to work optimally with our other IBM solutions, such as IBM Watson AI. It also enables easier interactions with our other network components inside the corporate.
  • IBM brand recognition, better investment case to management
  • Watson AI
  • Strong support for data monitoring
  • Watson AI
  • Compatibility with other software makers
IBM QRadar is a solid platform that we use to build a corporate-wide response system and threat detection. IBM QRadar contains extensive ready-to-use templates and blueprints for faster turnaround use cases. QRadar has an extensive set of service providers that help organizations like us to procure and run a large deployment base, tune and monitor every aspect of our deployments.
Score 8 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is a frontrunner solution in security information and event management (SIEM) that helps my team to automate threat detection and threat remediation. It reduces false positives detected in the threat log, which helps reduce the manual workload for my team. We can prioritize threat management based on scoring shared by IBM QRadar. Further, the solution offers integration with various third-party tools that help get access to additional capabilities needed for security-specific projects.

  • Automation of threat detection
  • Reduction in manual workloads by scoring and prioritizing threats
  • Reduction of false positives in security report
  • Integration with third-party tools
  • Access to customer service
  • Varied learning resources and active use community
  • User experience
  • Providing more insights on threats
  • Reduced pricing
IBM QRadar is among the most comprehensive tools I've used for my security. The tool is well engineered and provides robust capabilities for managing threat intelligence. The solution also offers cloud deployments that are useful while our teams have shifted to remote working. Integration with IBM's Watson AI bolsters its automation and threat detection capabilities, leveraging artificial intelligence and machine learning algorithms. The solution offers numerous integrations to help increase capabilities and synchronize with our existing security tools.
  • Online training
Score 9 out of 10
Vetted Review
Verified User
Review Source
It helps me eliminate and reduce manual workload for my team by detecting threats and prioritizing them for further investigation.Integration with quite a lot of other tools, software, and portals. Integration with Xforce Threat Intelligence as well we can integrate plugins from App Exchange platform too.
A Complete tool that includes the Zero Trust cybersecurity model, in addition to being incorporated with many products on the market as well as its easy handling and the components that can be incorporated. This tool has a high level of analysis of the offenses with the use of X-Force and Watson, also the generation of the graphical relationships of these offenses are very structured and allow a greater vision of each event.
  • includes the Zero Trust cybersecurity model
  • high level of analysis of the offenses with the use of X-Force and Watson
  • eliminate and reduce manual workload for my team
  • QRadar SIEM facing issue while integrating third party threat tool
  • Device automatically un synced from Qradar server, even there is no network issue
  • Lack of dashboard functionality unlike Kibana
The most powerful tab of Qradar is to make custom rules where you can configure alerts for SOC analyst to identify threats or any policy violations within your environment. But It's logs parsing engine must be some maturity to parse raw events received from different log sources. Most of the time you need to manually write regex to extract the desired data.


May 11, 2021

Efficient in SOC

Score 9 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is mainly used for security and network monitoring in our organization. IBM QRadar is mainly used by the SOC. It has multiple dashboards available which make day-to-day security monitoring easy and efficient. It also makes the process of investigation and data gathering fast, easy and reliable.
  • QRadar is best used in large networks - one of the best features is you're able to do a query for a particular subnet range.
  • AQL - advanced search queries are easy to understand. This allows you to perform specific searches that really speeds up the investigation process.
  • Graphical representation of the volume of events [at] a specific time in relation to an offense/alarm
  • I think it would be better in the offense tab to have a right-click filter for the offense description. It's kind of time-consuming to edit the searches as it opens to another page.
IBM QRadar is suited for large networks as it has the capability to minimize the work of the analysts in locating particular traffic from a host. Comparing it to other SEIM solutions I've used, QRadar has one of the best functionalities both for security and network monitoring. As a security analyst, QRadar is easy to understand and has the capability to display all the needed information for the investigations I'm performing.
December 24, 2019

The force of IBM Qradar

Score 9 out of 10
Vetted Review
Reseller
Review Source
I had the privilege to install and deploy QRadar for my customers, to respond to many problems like managing logs and detecting advanced attacks to the platform. In many cases, people can't see human behaviors. With QRadar UBA, they can finally profile and use UBA capabilities to anticipate and respond to attacks. QRadar has a greater ability to integrate with many other solutions with more than 200 apps developed, and this helps to harmonize customer fabric security.
  • Rich functionality.
  • Scalable.
  • Integration.
  • Analyze Flows.
  • UBAI Analyses capability.
  • Integrations with SOAR and other SIEM platforms.
Some use cases for QRadar include:
  1. Detect advanced attacks with upgraded functionality systems when activating systems and auditing advanced logs on owers server to detect hidden infections.
  2. Detecting and monitoring the behavior of Active directory users to know the possibility of malicious infection.
  3. Analysing third-party applications, and writing parsers quickly.
  4. Investigate threats and write new rules for detecting new and correlated unknown attacks.
I've had many issues with QRadar, and the support would hear and respond to my question all the time (more so than in the case of IBM Resilient support). They were very quick to respond, were helpful, and provided remote access.
November 14, 2019

IBM QRadar Review

Douglas Concepcion | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Reseller
Review Source
QRadar is primarily being used by companies to increase the visibility of their operational environment. It is used as the central correlation engine for relevant event sources. It is almost always the central piece of their SOC, assisting the analysts in quickly determining risks to the organization. The deployment footprint varies from client to client driven by required coverage area and cost.
  • It is easier to deploy than most SIEM's.
  • Its correlation engine in my opinion is the best of any SIEM.
  • The GUI when compared to most other SIEM's is easier to work with.
  • It is a mature SIEM with a better than average level of support.
  • As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
  • As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
  • The ability to customize the GUI and reporting per user needs some improvement.
QRadar is well suited for any SOC and it would always be my first recommendation for this kind of deployment.
The biggest issue it has is cost, for small to midsize companies looking to deploy it. It very quickly becomes cost-prohibitive. Another issue it and every SIEM that I'm aware of needs to address is east to west traffic visibility. Flows by default only give you at most sixty data points, which is not enough in today's world.
QRadar being a mature product has many different information resources to tap in too, and the quality of the IBM engineers is usually higher than most other vendors.
Samuel Hadid | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Support and administration is provided by the security department and the configuration was completed by security architects. The platform in general is so vast that it required the collaboration of various members. It's used to correlate and duplicate event logs and serve as the main tool for monitoring and investigation during incident response.
  • Support
  • Coverage
  • Customization
  • Implementation granularity
  • Ease of use
  • Standardization among detection levels between other products
IBM QRadar is great for large-scale architectures or implementation, not a very good option for short-scale architecture in small companies. This product offers a great capacity for both monitoring and enforcement. All devices' logs of the security implementation can be integrated with QRadar to have further control of security devices.
Support people were always available and polite with all admin members. We would get very frequent emails and calls from them while were working in the implementation and go live, and once the product was already in place they were great at monitoring our environment and letting us know of any important findings.
Score 10 out of 10
Vetted Review
Verified User
Review Source
My current client uses QRadar in an environment with more than 6000 endpoints (averaging 40K EPS). QRadar monitors all the servers in the environment, including PCI and SOX zones. QRadar is their central security intelligence solution and is used by the SOC team for incident monitoring and daily incident investigations. The tool is also used to provide compliance information for audit teams and acts as a centralized log repository.
  • Advanced correlation rules
  • Easy to use, in just one day we can train a new SOC analyst
  • Good scalability
  • Integration with advanced data mining tools (e.g. ELK)
If you have a small-to-large company looking for a SIEM solution that "does the job" and is easy to deploy/use, QRadar is your tool. If you're looking for a complex solution that supports integration with data-mining solutions (e.g. ELK), then you may need a different solution. Overall, QRadar fits the needs of 99% of the companies. It is one of the easiest SIEM solutions to deploy and use.
Sometimes the support doesn't know what they are doing. You have to be lucky to get an engineer that actually knows a lot about QRadar.
Ruben Albornoz | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is an excellent security software. It was recommended to apply in the agribusiness companies that I advise, in order to protect the database of agrochemical products for sale. It is implemented throughout the company, especially in the sales department.

IBM QRadar mainly installed itself in the agro-industry that I usually advise in order to protect against security risks or threats.

Since it is based on cognitive computing solutions, this product is the only one able to cope with the growing sophistication and volume of threats to information security. Since it is characterized by providing present-time analysis of security alerts originating both in the hardware, as well as in the software that is being used in the company, IBM QRadar was installed in the company mainly to protect the database of listing data of the agrochemical products that are commercialized against virus threats that could alter the database.
  • All the databases and valuable information of the organizations are increasingly exposed to a great diversity of threats. The more and more expert attackers manage to make the brands of their actions practically inevitable, and QRadar detects in time any anomaly in order to protect companies from these actions. This is carried out through an exhaustive analysis of the information, which allows it to identify in advance those threats and suspicious actions that may affect the data and systems in general.
  • In terms of ease of use, QRadar has a somewhat complex architecture that makes it a software product that is not very detailed, as it offers a user interface and a fairly systematic deployment.
  • You can send a denial of service. The Linux kernel used by QRadar is vulnerable to a denial of service due to an error in functionality.
The use and application of IBM QRadar is very appropriate in organizations where it integrates features for the handling of incidents, vulnerability detection and generation of compliance reports. In the case of the agribusiness company where it was applied, it was used in order to detect possible virus threats in product database sales, under a Linux environment.

QRadar defines risk management strategies, contributing to creating security policies adapted to the particular context, needs, and business activities; the goal is to build a robust and functional security system.
February 14, 2019

QRADAR for Brazil.

Izidio Loyola Andolfato da Rosa | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use QRADAR in the business area and the IT area. We were looking to solve questions about logs systems that we weren’t monitoring. Now, we have information in real time and we can identify when an irregular operation happens. QRADAR sends information to our analyst and opens incidents.

Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
  • Simple to use
  • Fast
  • Simple infrastructure
  • System is stable
  • Uses Linux as system operation
  • Has a lot of connectors (log sources)
  • Doesn't work well in Nutanix virtualization (Acropolis)
It is very appropriate for using collection logs from infrastructure, security systems and S.O.
February 14, 2019

Simply the best - QRadar

Score 10 out of 10
Vetted Review
Reseller
Review Source

IBM QRadar is being used to monitor the logs of the Cisco Firewall and several AIX Logs.

Business problems addressed include detection of security risk and automation of response to aid in taking prompt action to detect sources of security using log data and new network traffic data, making investigations possible and prompt

  • Data visibility
  • Only alerts when necessary. Detects threats, identifies and prioritizes potential incidents
  • Automates response, contains threat
  • Machines require fairly high resources
  • The process of setting what is considered an offense is a bit cumbersome.
  • Variable login expiration would be appreciated

1. IBM QRadar is suited for a scenario where there is limited administrative support.

2. Where there are multiple log sources

3. Where there are multiple clients accessing from several locations

4. Highly secure sites / Sites where security is very important

5. Can't think of any scenario where it is less appropriate - maybe a single home system

February 15, 2019

Need Netflow for ??

Score 9 out of 10
Vetted Review
Verified User
Review Source
Our company provides a QRadar plugin that generates NetFlow data for the QRadar net flow dashboard from packet data to enhance network security, management, and analytics
  • Net flow dashboard provides clear and concise display of net flow data
  • QRadar makes sure that the most important events are highlighted
  • Better working with technology partners for QRadar plugins
  • Help promoter plugins to QRadar installed base
Where concise clear display of events and net flow is required
Score 9 out of 10
Vetted Review
Verified User
Review Source
We began to use QRadar to identify threats within our organization. Being in the Industrial Construction Industry, it was slow to adopt the need to take threats seriously. As an industry, we began to take the threats more seriously when we realized we are very high up on the target list because of the sensitive information we actually have. QRadar has provided us with a very trusted product for our entire organization that is allowing our Executive Management team to sleep better at night!
  • It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
  • It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
  • By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
  • We are too new with the product for me to actually have good feedback on this question
QRadar has been very good at helping to detect threats within the infrastructure of our organization. It does not however handle client threats as well and that was my biggest misconception when we were going through acquiring the product.
Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is one of the best SIEMs on the market. It is a SIEM solution that provides security, integrity, and resilience to logs collected from critical resources. QRadar provides customizable dashboards, compliance templates, and data archiving. The SIEM offers a full range of security intelligence capabilities for on-premise deployments and the possibility of automation to detect sources of security log data and new network flow traffic. In conclusion, QRadar is a great SIEM solution.
  • Good integration of log sources.
  • Low level of false positive offenses.
  • Collect logs from more than 400+ sources and millions of events per second.
  • Intuitive dashboards.
  • The solution is a little bit too expensive.
  • Create templates for logs from SWIFT.
  • Make it more user-friendly.
In my opinion, IBM QRadar SIEM is a fit great for big enterprises with more than 100 log sources. SIEM collects in secure mode logs from different sources. Great integration with different log sources. Easy to select and analyze logs. Good dashboards and graphics. QRadar offers incident forensics integration—very good functionality.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We have used IBM QRadar for more than 8 years. We collect and corelate events from Microsoft Servers, SQL, Oracle, Fortigate, Cisco ASA, Active Directory, Linux, Apache and from many other custom services. The out-of-the-box rules, offences, and reports, made SOC's lives easy and more comfortable. DSM Editor is simple and works with simple regex. Now, we integrate into IBM QRadar, Vulnerability Manager and Risk Manager from IBM. This integration helps us to view the problems with the IT infrastructure and resolve them fast. It's the solution for businesses who want to get rapid deployment and instant log visibility to meet security and compliance requirements.
  • Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
  • DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
  • Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
  • Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
  • Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
  • SE Linux by default is disable
  • Metric events can't be disabled
IBM QRadar is perfect if you have Security Operation Center, also it's a great solution to keep logs integrity and safety. User behavior helps to identify some anomalies. Parsing, Rules, Offences, and Reports for Active Directory logs are very deep and granular. On the other hand, Network Activity disappointed me a little and the dashboard it's kind of poor compared to other solutions.
Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is a great SIEM solution. It gives us the ability to correlate data from our critical infrastructure in real-time. This solution helps improve the efficiency of our security team. It is very intuitive and easy to learn.
  • Great user interface.
  • Easy to use and administer.
  • The most comprehensive and powerful SIEM.
  • Very stable.
  • Can't be integrated with TSM.
  • Some searches are not very intuitive.
  • It is not possible to export reports from the vulnerability manager add on.
This SIEM solution is perfect for collecting events from all of our critical sources (applications, databases, file server).
Score 10 out of 10
Vetted Review
Verified User
Review Source
QRadar is used by our Information Security Division. It helps collect logs from all our critical systems and detect important security events. Also, we have created offenses for our cases. Great solution, easy to use, and easy integration with other systems. It is a perfect solution for small and big companies. Integrity of logs is very important!!!
  • Easy to use
  • Great integration
  • Good price
  • Predefined parser for SWIFT logs
Great SIEM solution. I strongly recommend. You can integrate IBM QRadar SIEM to collect logs from active directories, Exchange, SWIFT, core-banking, internet banking, DLP, proxy, and firewalls. It's easy to assure the integrity of logs and create offenses to monitor important and critical events from all critical systems, services, and devices from your organisation.
February 19, 2019

QRadar is pretty good

Score 8 out of 10
Vetted Review
Verified User
Review Source
QRadar is managed or administered by one department but through logging or alerts, emails are sent to multiple other departments.
  • Collect logs
  • Correlate data
  • Send alerts
  • Ease of use
  • Emailed alerts that are easier to dissect
QRadar is very good at collecting logs and providing integrations with other security products.
Score 8 out of 10
Vetted Review
Reseller
Review Source
QRadar is being used as one of the platforms to support our security services to our enterprise customers both from a project-based approach and in our managed security services offerings for public, enterprise and mid-market customers, in several countries worldwide
  • Interface usability is very intuitive
  • The depth and wide coverage of the technical analysis
  • The integration with 3rd party platforms
  • Seamless integration with some of the cloud platforms
QRadar is an excellent enterprise-grade security platform
February 14, 2019

Get to the head of the Q

Score 8 out of 10
Vetted Review
Reseller
Review Source
QRadar is being used for incident detection and escalation, as well as reporting of metrics of interest on top of some KPIs for response times.
  • Correlation
  • Ease of use for data
  • Customization for custom applications
  • Reporting configuration is still too convoluted
  • Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
Bad for payload searching across multiple months. Great for correlation.
February 14, 2019

QRadar

Score 10 out of 10
Vetted Review
Reseller
Review Source
We currently use QRadar in a vast array of uses from simple searching to advanced correlation to extensive UBA monitoring
  • Correlation
  • Vendor support
  • Complex data searching
  • Customizable UI
  • Advanced Reporting
Large scale correlation and real time monitoring are QRadar strengths
February 13, 2019

Qradar-SPine of Any SOC

Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using IBM Qradar for our many BFSI clients as a SIEM tool, and also for Security Operations Center (SOC) services offered to other clients.
  • Custom parser with excellent DSM editor
  • Nice dashboard
  • Customizable reports
  • In the dashboard, the widget size cannot be modified by stretching it in or out.
  • AQL decoder
  • Well suited to Banking, Financial Services, and Insurance (BFSI) industry
  • End user interface is not friendly or intuitive
Score 9 out of 10
Vetted Review
Verified User
Review Source
Qradar is a premium SIEM solution for medium and large businesses. Used to correlate and triage security events across the entire landscape, security teams are able to quickly respond to threats. Often times, information security departments are so inundated with raw data that things certainly get lost in the shuffle. With Qradar, all of this data is combined and processed allowing a fast view into the important things.
  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.
  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
Due to the strength, robustness, and cost of a solution like this, I believe it is best suited for large businesses and enterprises. While a medium sized business would find value for sure, this system is not for the faint of heart or pocketbook. Qradar is well suited for environments with a lot of incoming data where manual analysis might not be an option.

IBM QRadar Scorecard Summary

Feature Scorecard Summary

Security Information and Event Management (SIEM) (13)
86%
8.6
Centralized event and log data collection (26)
93%
9.3
Correlation (26)
89%
8.9
Event and log normalization/management (26)
92%
9.2
Deployment flexibility (26)
88%
8.8
Integration with Identity and Access Management Tools (24)
83%
8.3
Custom dashboards and workspaces (26)
79%
7.9
Host and network-based intrusion detection (24)
82%
8.2
Data integration/API management (6)
83%
8.3
Behavioral analytics and baselining (6)
80%
8.0
Rules-based and algorithmic detection thresholds (6)
88%
8.8
Response orchestration and automation (4)
77%
7.7
Reporting and compliance management (5)
92%
9.2
Incident indexing/searching (6)
85%
8.5

What is IBM QRadar?

IBM Security QRadar is security information and event management (SIEM) Software.

IBM QRadar Pricing

More Pricing Information

SaaS Editions Pricing
Pricing DetailsTerms
Cloud$800.00per month

IBM QRadar Technical Details

Deployment TypesSaaS
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

What is IBM QRadar?

IBM Security QRadar is security information and event management (SIEM) Software.

What is IBM QRadar's best feature?

Reviewers rate Centralized event and log data collection highest, with a score of 9.3.

Who uses IBM QRadar?

The most common users of IBM QRadar are from Enterprises and the Information Technology & Services industry.