TrustRadius: an HG Insights company

IBM Security QRadar SIEM

Score8.8 out of 10

292 Reviews and Ratings

Contact

What is IBM Security QRadar SIEM?

IBM Security QRadar is security information and event management (SIEM) Software.

Categories & Use Cases

Media

QRadar SIEM Cloud native- Threat intelligence preview

Key Features

Learn about the best (and worst!) features IBM Security QRadar SIEM has to offer, as determined by TrustRadius' reviewers.
Based on 292 ratings of IBM Security QRadar SIEM's features
View all features

Top Performing Features

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 8.5

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 8

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.6

Areas for Improvement

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.6

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.6

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.3

Reviews

What users are saying about IBM Security QRadar SIEM.
View all reviews

IBM Security QRadar SIEM best SIEM Tool

Incentivized
Verified User
Administrator in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

With the increasing number of cybersecurity threats, our company needed software to help us correlate logs sent from our infrastructure for the purpose of detecting and preventing threats. We chose the IBM Security QRadar SIEM solution as it is the best solution on the market. We send all application and operating system logs from our machines to IBM Security QRadar SIEM, IBM Security QRadar SIEM analyzes them and correlates them to see if there are, for example, incorrect login attempts or other issues. Obviously, the software has to be managed by a team of people to function at its best. But once it's set up properly, you can set alerts that go off in certain situations to alert you via e-mail of problems that are occurring at that time. Really a very good SIEM!

Pros

  • Log correlation to find possible problems
  • Creation and visualization of custom dashboards
  • Handles almost any kind of log source
  • User management

Cons

  • High initial learning curve
  • High product costs for small businesses
  • Managing the product requires a high number of people working on it

Return on Investment

  • Reduced human work in data correlation
  • Saving time and energy in finding anomalies or cyber attacks
  • Dashboards provide a quick overview of cyber attacks

Alternatives Considered

Splunk Enterprise Security (ES) and ManageEngine Log360

Other Software Used

ManageEngine Endpoint Central, Kibana, MobaXTerm

Usability

Analysis and experience with QRadar SIEM

Incentivized
Saulo PradoView profile
/security Specialist in Information Technology at BANCO DO BRASIL S/A (10,001+ employees employees)

Use Cases and Deployment Scope

I use the IBM QRadar SIEM since 2014 and I have had a good experience since then. We have a large number of security assets and QRadar SIEM helps us collect and correlate alerts, events, flows and incidents from multiple vendors. I am part of a SOC team at a financial institution with more than 90k employees, thousands of security devices, thousands of endpoints and without the help of QRadar SIEM it would be impossible to analyze threats, attacks and exploitations.

Pros

  • correlation events
  • search events timing
  • friendly managed rules
  • capability integration vendors
  • service support

Cons

  • Improvement in the process of consuming virtual machine resources
  • improvement in the process of analyzing errors and warnings generated by the system

Return on Investment

  • reduction in incident response time
  • Visibility of normalized data, reducing manual work time for parsing
  • Reduction in the security risk of the environment as a whole

Alternatives Considered

Microsoft Sentinel

Other Software Used

Trellix Endpoint Detection and Response (EDR), Microsoft Sentinel, F5 Big-IP Advanced Web Application Firewall

IBM Qradar evaluation.

Incentivized
Marcos Vinícius CunhaView profile
Information Security in Information Technology at Paraná Banco (501-1000 employees employees)

Use Cases and Deployment Scope

We monitor the organization's various assets (firewall, EDR, WAF, cloud) to maintain a safe and integral environment. The tool correlates events from various existing sources to find anomalies and, if an offense is found, respond to that incident.

Pros

  • Rules based on market framework.
  • User Analytics.
  • Threat Intelligence.

Cons

  • Better executive indicators.
  • Classification of offenses.

Return on Investment

  • Better alerts.
  • Better event analysis.

Alternatives Considered

IBM Security QRadar SIEM and IBM Security QRadar SOAR

Other Software Used

IBM Security QRadar SOAR

An effective and easy SIEM solution

Yaroslav Zuyev
Frontend Developer in Information Technology at Trinetix (501-1000 employees employees)

Use Cases and Deployment Scope

IBM Security QRadar SIEM is user-friendly. It is not a burden to manage offensives because of excellent correlation and the ability to observe any earlier offense from the same attacker. IBM Security QRadar SIEM is versatile. This integrates popular solutions effortlessly. IBM Security QRadar SIEM takes on the management, correlation, and investigation of network and application events. Any harm can be mended without letting go of the profit with this technology. Everything about the network activity is visualized in IBM Security QRadar SIEM.

Pros

  • Visualizes all network activity.
  • Manages, correlates, and investigates network and application events.
  • Observes previous offenses from the same attacker.

Cons

  • Additional features often require more licensing.
  • Overly many filters may not always work together.
  • Difficulty in understanding compared to other SIEMs.

Return on Investment

  • Automated threat response and integration with other security solutions.
  • Easy configuration of log sources.
  • Quick customer service.
  • Simple installation and upgrade process.

Other Software Used

Miro, Adobe Marketo Engage, LogicMonitor

IBM Security QRadar SIEM Review

Incentivized
Verified User
Engineer in Engineering (5001-10,000 employees employees)

Use Cases and Deployment Scope

We use IBM Security QRadar SIEM as a SIEM in a few of our internal customer environments. This helps us provide security monitoring to those environments once we onboard the relevant logs. In each environment we onboard 20+ different hosts and log types and write detections for threat cases that we've identified.

Pros

  • Easy to onboard generic sources
  • Easy to normalize generic sources
  • Easy to write basic detections
  • Maintenance and updates are user friendly

Cons

  • The UI is not pleasant to look at and can be a pain to navigate
  • It's hard to write DSM's for custom log sources
  • Complicated detections (RBA alerting and chaining detections together)

Return on Investment

  • Money saved compared to other SIEMs
  • Reduced manual work on onboarding generic log sources
  • Easy integration with other tools

Alternatives Considered

Splunk Enterprise Security (ES) and Splunk Enterprise

Other Software Used

Splunk Enterprise Security (ES), ExtraHop Reveal(x)

Related Products

Products similar to IBM Security QRadar SIEM that may also meet your needs.
All comparisons
LogRhythm NextGen SIEM Platform
CompareLearn more
Splunk Enterprise Security
CompareLearn more
Microsoft Sentinel
CompareLearn more