IBM QRadar Reviews

87 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.8 out of 100

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-20 of 20)

Larbi Belmiloud | TrustRadius Reviewer
December 23, 2019

The force of IBM Qradar

Score 9 out of 10
Vetted Review
Review Source
I had the privilege to install and deploy QRadar for my customers, to respond to many problems like managing logs and detecting advanced attacks to the platform. In many cases, people can't see human behaviors. With QRadar UBA, they can finally profile and use UBA capabilities to anticipate and respond to attacks. QRadar has a greater ability to integrate with many other solutions with more than 200 apps developed, and this helps to harmonize customer fabric security.
  • Rich functionality.
  • Scalable.
  • Integration.
  • Analyze Flows.
  • UBAI Analyses capability.
  • Integrations with SOAR and other SIEM platforms.
Some use cases for QRadar include:
  1. Detect advanced attacks with upgraded functionality systems when activating systems and auditing advanced logs on owers server to detect hidden infections.
  2. Detecting and monitoring the behavior of Active directory users to know the possibility of malicious infection.
  3. Analysing third-party applications, and writing parsers quickly.
  4. Investigate threats and write new rules for detecting new and correlated unknown attacks.
Read Larbi Belmiloud's full review
Douglas Concepcion | TrustRadius Reviewer
November 13, 2019

IBM QRadar Review

Score 7 out of 10
Vetted Review
Review Source
QRadar is primarily being used by companies to increase the visibility of their operational environment. It is used as the central correlation engine for relevant event sources. It is almost always the central piece of their SOC, assisting the analysts in quickly determining risks to the organization. The deployment footprint varies from client to client driven by required coverage area and cost.
  • It is easier to deploy than most SIEM's.
  • Its correlation engine in my opinion is the best of any SIEM.
  • The GUI when compared to most other SIEM's is easier to work with.
  • It is a mature SIEM with a better than average level of support.
  • As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
  • As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
  • The ability to customize the GUI and reporting per user needs some improvement.
QRadar is well suited for any SOC and it would always be my first recommendation for this kind of deployment.
The biggest issue it has is cost, for small to midsize companies looking to deploy it. It very quickly becomes cost-prohibitive. Another issue it and every SIEM that I'm aware of needs to address is east to west traffic visibility. Flows by default only give you at most sixty data points, which is not enough in today's world.
Read Douglas Concepcion's full review
Samuel Hadid | TrustRadius Reviewer
November 13, 2019

IBM QRadar in Healthcare Industry Security Implementations

Score 8 out of 10
Vetted Review
Verified User
Review Source
Support and administration is provided by the security department and the configuration was completed by security architects. The platform in general is so vast that it required the collaboration of various members. It's used to correlate and duplicate event logs and serve as the main tool for monitoring and investigation during incident response.
  • Support
  • Coverage
  • Customization
  • Implementation granularity
  • Ease of use
  • Standardization among detection levels between other products
IBM QRadar is great for large-scale architectures or implementation, not a very good option for short-scale architecture in small companies. This product offers a great capacity for both monitoring and enforcement. All devices' logs of the security implementation can be integrated with QRadar to have further control of security devices.
Read Samuel Hadid's full review
Anonymous | TrustRadius Reviewer
November 26, 2019

The best SIEM solution in the market, hands down!

Score 10 out of 10
Vetted Review
Verified User
Review Source
My current client uses QRadar in an environment with more than 6000 endpoints (averaging 40K EPS). QRadar monitors all the servers in the environment, including PCI and SOX zones. QRadar is their central security intelligence solution and is used by the SOC team for incident monitoring and daily incident investigations. The tool is also used to provide compliance information for audit teams and acts as a centralized log repository.
  • Advanced correlation rules
  • Easy to use, in just one day we can train a new SOC analyst
  • Good scalability
  • Integration with advanced data mining tools (e.g. ELK)
If you have a small-to-large company looking for a SIEM solution that "does the job" and is easy to deploy/use, QRadar is your tool. If you're looking for a complex solution that supports integration with data-mining solutions (e.g. ELK), then you may need a different solution. Overall, QRadar fits the needs of 99% of the companies. It is one of the easiest SIEM solutions to deploy and use.
Read this authenticated review
Ruben Albornoz | TrustRadius Reviewer
February 21, 2019

Basic features of IBM QRadar

Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is an excellent security software. It was recommended to apply in the agribusiness companies that I advise, in order to protect the database of agrochemical products for sale. It is implemented throughout the company, especially in the sales department.

IBM QRadar mainly installed itself in the agro-industry that I usually advise in order to protect against security risks or threats.

Since it is based on cognitive computing solutions, this product is the only one able to cope with the growing sophistication and volume of threats to information security. Since it is characterized by providing present-time analysis of security alerts originating both in the hardware, as well as in the software that is being used in the company, IBM QRadar was installed in the company mainly to protect the database of listing data of the agrochemical products that are commercialized against virus threats that could alter the database.
  • All the databases and valuable information of the organizations are increasingly exposed to a great diversity of threats. The more and more expert attackers manage to make the brands of their actions practically inevitable, and QRadar detects in time any anomaly in order to protect companies from these actions. This is carried out through an exhaustive analysis of the information, which allows it to identify in advance those threats and suspicious actions that may affect the data and systems in general.
  • In terms of ease of use, QRadar has a somewhat complex architecture that makes it a software product that is not very detailed, as it offers a user interface and a fairly systematic deployment.
  • You can send a denial of service. The Linux kernel used by QRadar is vulnerable to a denial of service due to an error in functionality.
The use and application of IBM QRadar is very appropriate in organizations where it integrates features for the handling of incidents, vulnerability detection and generation of compliance reports. In the case of the agribusiness company where it was applied, it was used in order to detect possible virus threats in product database sales, under a Linux environment.

QRadar defines risk management strategies, contributing to creating security policies adapted to the particular context, needs, and business activities; the goal is to build a robust and functional security system.
Read Ruben Albornoz's full review
Izidio Loyola Andolfato da Rosa | TrustRadius Reviewer
February 14, 2019

QRADAR for Brazil.

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use QRADAR in the business area and the IT area. We were looking to solve questions about logs systems that we weren’t monitoring. Now, we have information in real time and we can identify when an irregular operation happens. QRADAR sends information to our analyst and opens incidents.


Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
  • Simple to use
  • Fast
  • Simple infrastructure
  • System is stable
  • Uses Linux as system operation
  • Has a lot of connectors (log sources)
  • Doesn't work well in Nutanix virtualization (Acropolis)
It is very appropriate for using collection logs from infrastructure, security systems and S.O.
Read Izidio Loyola Andolfato da Rosa's full review
David Bories | TrustRadius Reviewer
February 14, 2019

Simply the best - QRadar

Score 10 out of 10
Vetted Review
Review Source

IBM QRadar is being used to monitor the logs of the Cisco Firewall and several AIX Logs.

Business problems addressed include detection of security risk and automation of response to aid in taking prompt action to detect sources of security using log data and new network traffic data, making investigations possible and prompt

  • Data visibility
  • Only alerts when necessary. Detects threats, identifies and prioritizes potential incidents
  • Automates response, contains threat
  • Machines require fairly high resources
  • The process of setting what is considered an offense is a bit cumbersome.
  • Variable login expiration would be appreciated

1. IBM QRadar is suited for a scenario where there is limited administrative support.

2. Where there are multiple log sources

3. Where there are multiple clients accessing from several locations

4. Highly secure sites / Sites where security is very important

5. Can't think of any scenario where it is less appropriate - maybe a single home system

Read David Bories's full review
Bruce Perlmutter | TrustRadius Reviewer
February 15, 2019

Need Netflow for ??

Score 9 out of 10
Vetted Review
Verified User
Review Source
Our company provides a QRadar plugin that generates NetFlow data for the QRadar net flow dashboard from packet data to enhance network security, management, and analytics
  • Net flow dashboard provides clear and concise display of net flow data
  • QRadar makes sure that the most important events are highlighted
  • Better working with technology partners for QRadar plugins
  • Help promoter plugins to QRadar installed base
Where concise clear display of events and net flow is required
Read Bruce Perlmutter's full review
Anonymous | TrustRadius Reviewer
February 14, 2019

QRadar is the best IBM product...period!

Score 9 out of 10
Vetted Review
Verified User
Review Source
We began to use QRadar to identify threats within our organization. Being in the Industrial Construction Industry, it was slow to adopt the need to take threats seriously. As an industry, we began to take the threats more seriously when we realized we are very high up on the target list because of the sensitive information we actually have. QRadar has provided us with a very trusted product for our entire organization that is allowing our Executive Management team to sleep better at night!
  • It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
  • It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
  • By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
  • We are too new with the product for me to actually have good feedback on this question
QRadar has been very good at helping to detect threats within the infrastructure of our organization. It does not however handle client threats as well and that was my biggest misconception when we were going through acquiring the product.
Read this authenticated review
Anonymous | TrustRadius Reviewer
April 10, 2019

Assure great security with IBM QRadar

Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is one of the best SIEMs on the market. It is a SIEM solution that provides security, integrity, and resilience to logs collected from critical resources. QRadar provides customizable dashboards, compliance templates, and data archiving. The SIEM offers a full range of security intelligence capabilities for on-premise deployments and the possibility of automation to detect sources of security log data and new network flow traffic. In conclusion, QRadar is a great SIEM solution.
  • Good integration of log sources.
  • Low level of false positive offenses.
  • Collect logs from more than 400+ sources and millions of events per second.
  • Intuitive dashboards.
  • The solution is a little bit too expensive.
  • Create templates for logs from SWIFT.
  • Make it more user-friendly.
In my opinion, IBM QRadar SIEM is a fit great for big enterprises with more than 100 log sources. SIEM collects in secure mode logs from different sources. Great integration with different log sources. Easy to select and analyze logs. Good dashboards and graphics. QRadar offers incident forensics integration—very good functionality.
Read this authenticated review
Anonymous | TrustRadius Reviewer
April 10, 2019

Simple, flexible architecture. Easy deployment. Out of the box rules, offenses and reports

Score 10 out of 10
Vetted Review
Verified User
Review Source
We have used IBM QRadar for more than 8 years. We collect and corelate events from Microsoft Servers, SQL, Oracle, Fortigate, Cisco ASA, Active Directory, Linux, Apache and from many other custom services. The out-of-the-box rules, offences, and reports, made SOC's lives easy and more comfortable. DSM Editor is simple and works with simple regex. Now, we integrate into IBM QRadar, Vulnerability Manager and Risk Manager from IBM. This integration helps us to view the problems with the IT infrastructure and resolve them fast. It's the solution for businesses who want to get rapid deployment and instant log visibility to meet security and compliance requirements.
  • Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
  • DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
  • Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
  • Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
  • Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
  • SE Linux by default is disable
  • Metric events can't be disabled
IBM QRadar is perfect if you have Security Operation Center, also it's a great solution to keep logs integrity and safety. User behavior helps to identify some anomalies. Parsing, Rules, Offences, and Reports for Active Directory logs are very deep and granular. On the other hand, Network Activity disappointed me a little and the dashboard it's kind of poor compared to other solutions.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 19, 2019

IBM Qradar is a great SIEM solution

Score 10 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar is a great SIEM solution. It gives us the ability to correlate data from our critical infrastructure in real-time. This solution helps improve the efficiency of our security team. It is very intuitive and easy to learn.
  • Great user interface.
  • Easy to use and administer.
  • The most comprehensive and powerful SIEM.
  • Very stable.
  • Can't be integrated with TSM.
  • Some searches are not very intuitive.
  • It is not possible to export reports from the vulnerability manager add on.
This SIEM solution is perfect for collecting events from all of our critical sources (applications, databases, file server).
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 13, 2019

QRadar: great SIEM solution

Score 10 out of 10
Vetted Review
Verified User
Review Source
QRadar is used by our Information Security Division. It helps collect logs from all our critical systems and detect important security events. Also, we have created offenses for our cases. Great solution, easy to use, and easy integration with other systems. It is a perfect solution for small and big companies. Integrity of logs is very important!!!
  • Easy to use
  • Great integration
  • Good price
  • Predefined parser for SWIFT logs
Great SIEM solution. I strongly recommend. You can integrate IBM QRadar SIEM to collect logs from active directories, Exchange, SWIFT, core-banking, internet banking, DLP, proxy, and firewalls. It's easy to assure the integrity of logs and create offenses to monitor important and critical events from all critical systems, services, and devices from your organisation.
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 18, 2019

QRadar is pretty good

Score 8 out of 10
Vetted Review
Verified User
Review Source
QRadar is managed or administered by one department but through logging or alerts, emails are sent to multiple other departments.
  • Collect logs
  • Correlate data
  • Send alerts
  • Ease of use
  • Emailed alerts that are easier to dissect
QRadar is very good at collecting logs and providing integrations with other security products.
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 14, 2019

Enterprise-grade security with QRadar

Score 8 out of 10
Vetted Review
Review Source
QRadar is being used as one of the platforms to support our security services to our enterprise customers both from a project-based approach and in our managed security services offerings for public, enterprise and mid-market customers, in several countries worldwide
  • Interface usability is very intuitive
  • The depth and wide coverage of the technical analysis
  • The integration with 3rd party platforms
  • Seamless integration with some of the cloud platforms
QRadar is an excellent enterprise-grade security platform
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 14, 2019

Get to the head of the Q

Score 8 out of 10
Vetted Review
Review Source
QRadar is being used for incident detection and escalation, as well as reporting of metrics of interest on top of some KPIs for response times.
  • Correlation
  • Ease of use for data
  • Customization for custom applications
  • Reporting configuration is still too convoluted
  • Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
Bad for payload searching across multiple months.

Great for correlation.
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 14, 2019

QRadar

Score 10 out of 10
Vetted Review
Review Source
We currently use QRadar in a vast array of uses from simple searching to advanced correlation to extensive UBA monitoring
  • Correlation
  • Vendor support
  • Complex data searching
  • Customizable UI
  • Advanced Reporting
Large scale correlation and real time monitoring are QRadar strengths
Read this authenticated review
Anonymous | TrustRadius Reviewer
February 13, 2019

Qradar-SPine of Any SOC

Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using IBM Qradar for our many BFSI clients as a SIEM tool, and also for Security Operations Center (SOC) services offered to other clients.
  • Custom parser with excellent DSM editor
  • Nice dashboard
  • Customizable reports
  • In the dashboard, the widget size cannot be modified by stretching it in or out.
  • AQL decoder
  • Well suited to Banking, Financial Services, and Insurance (BFSI) industry
  • End user interface is not friendly or intuitive
Read this authenticated review
Anonymous | TrustRadius Reviewer
April 04, 2017

Qradar - Big League SIEM Solution

Score 9 out of 10
Vetted Review
Verified User
Review Source
Qradar is a premium SIEM solution for medium and large businesses. Used to correlate and triage security events across the entire landscape, security teams are able to quickly respond to threats. Often times, information security departments are so inundated with raw data that things certainly get lost in the shuffle. With Qradar, all of this data is combined and processed allowing a fast view into the important things.
  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.
  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
Due to the strength, robustness, and cost of a solution like this, I believe it is best suited for large businesses and enterprises. While a medium sized business would find value for sure, this system is not for the faint of heart or pocketbook. Qradar is well suited for environments with a lot of incoming data where manual analysis might not be an option.
Read this authenticated review
Anonymous | TrustRadius Reviewer
June 21, 2017

IBM QRadar - A go-to SIEM product

Score 7 out of 10
Vetted Review
Verified User
Review Source
IBM QRadar SIEM was the preferred choice for enterprise clients across all the business departments who wanted to get rapid deployment and instant log visibility to meet security and compliance requirements.
  • Simple, flexible architecture
  • Easy deployment
  • Out of the box content good enough to have quick wins
  • Event log parsing
  • Correlation engine needs more dynamism and flexibility
Best suited for a unified architecture for small to medium enterprises.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (20)
9.4
Correlation (20)
9.8
Event and log normalization (20)
9.4
Deployment flexibility (20)
8.9
Integration with Identity and Access Management Tools (19)
8.5
Custom dashboards and views (20)
8.9
Host and network-based intrusion detection (18)
8.6

About IBM QRadar

IBM Security QRadar is security information and event management (SIEM) Software.

IBM QRadar Technical Details

Operating Systems: Unspecified
Mobile Application:No