TrustRadius: an HG Insights company

IBM Security QRadar SIEM

Score8.8 out of 10

292 Reviews and Ratings

Get a Demo

Contact about IBM Security QRadar SIEM

Please fill out the form below to get in touch.

IBM

Connect with IBM

What are you interested in?

Already have an account?

You hereby consent to have TrustRadius share the information supplied on this form with IBM so that IBM and TrustRadius may contact you in regard to the information requested.

What is IBM Security QRadar SIEM?

IBM Security QRadar is security information and event management (SIEM) Software.

Categories & Use Cases

Media

QRadar SIEM Cloud native- Threat intelligence preview

Key Features

Learn about the best (and worst!) features IBM Security QRadar SIEM has to offer, as determined by TrustRadius' reviewers.
Based on 292 ratings of IBM Security QRadar SIEM's features
View all features

Top Performing Features

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 8.4

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 8

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.5

Areas for Improvement

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.9

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 8.2

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.6

Reviews

What users are saying about IBM Security QRadar SIEM.
View all reviews

IBM Qradar evaluation.

Incentivized
Marcos Vinícius CunhaView profile
Information Security in Information Technology at Paraná Banco (501-1000 employees employees)

Use Cases and Deployment Scope

We monitor the organization's various assets (firewall, EDR, WAF, cloud) to maintain a safe and integral environment. The tool correlates events from various existing sources to find anomalies and, if an offense is found, respond to that incident.

Pros

  • Rules based on market framework.
  • User Analytics.
  • Threat Intelligence.

Cons

  • Better executive indicators.
  • Classification of offenses.

Return on Investment

  • Better alerts.
  • Better event analysis.

Alternatives Considered

IBM Security QRadar SIEM and IBM Security QRadar SOAR

Other Software Used

IBM Security QRadar SOAR

IBM Security QRadar SIEM best SIEM Tool

Incentivized
Verified User
Administrator in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

With the increasing number of cybersecurity threats, our company needed software to help us correlate logs sent from our infrastructure for the purpose of detecting and preventing threats. We chose the IBM Security QRadar SIEM solution as it is the best solution on the market. We send all application and operating system logs from our machines to IBM Security QRadar SIEM, IBM Security QRadar SIEM analyzes them and correlates them to see if there are, for example, incorrect login attempts or other issues. Obviously, the software has to be managed by a team of people to function at its best. But once it's set up properly, you can set alerts that go off in certain situations to alert you via e-mail of problems that are occurring at that time. Really a very good SIEM!

Pros

  • Log correlation to find possible problems
  • Creation and visualization of custom dashboards
  • Handles almost any kind of log source
  • User management

Cons

  • High initial learning curve
  • High product costs for small businesses
  • Managing the product requires a high number of people working on it

Return on Investment

  • Reduced human work in data correlation
  • Saving time and energy in finding anomalies or cyber attacks
  • Dashboards provide a quick overview of cyber attacks

Alternatives Considered

Splunk Enterprise Security (ES) and ManageEngine Log360

Other Software Used

ManageEngine Endpoint Central, Kibana, MobaXTerm

Usability

IBM Security QRadar SIEM Review

Incentivized
Verified User
Analyst in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

With IBM Security QRadar SIEM, my team can identify, respond and contain many threats in our environment, because the SIEM IBM QRADAR brings insights about our security. Is easy to looking for any indicators compromise and other kinds of the artifacts. Anyone can perform a search on the console web and use many filter to perform a custom filters.

Pros

  • Investigations is easy
  • Agents to collect infos is great
  • Stability is good

Cons

  • Some updates cause errors
  • Unsupport for high traffics on http receiver protocol
  • Need a big configuration of hardware

Return on Investment

  • Enrich incident events
  • High cost with virtual machines
  • Reducing time for detect threats

Alternatives Considered

IBM Security QRadar SOAR

Other Software Used

Trend Micro Vision One

IBM Security QRadar SIEM

Incentivized
Verified User
Consultant in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

We use IBM Security QRadar SIEM to help us quickly analyze and respond to potential security incidents. Today it is an indispensable solution for our SOC. By having a centralized interface like IBM Security QRadar SIEM, we are able to investigate and identify with much more precision the various events related to certain suspicious behaviors.

Pros

  • The interface in general is clean and complete.
  • There is a satisfactory number of plugins approved for integrations with other vendors. Through DSM Universal, we have the possibility of integrating with any other solution that has these resources (information collection through API).
  • With the UBA feature, we get an excellent behavioral view of the end user.
  • The architecture is very scalable.

Cons

  • A greater number of DSMs available.
  • The frequency of available updates, I know that in some cases this is good, but when we have a large environment, IBM Security QRadar SIEM upgrades take hours to complete and I see that we always have unnecessary bugs in each version. Not that this interrupts the service, but it is somewhat annoying.
  • Support for third-party applications, IBM is not responsible for the third-party applications that run in its environment, so when we have a problem, we need to contact the suppliers. This is something that I believe should improve, since IBM approves all applications and makes it available in its store, so this "between manufacturers" contact should be more direct between those responsible and not depend on customers.

Return on Investment

  • Reduction in analysis time for SOC analysts.
  • Greater precision in analyses.

Other Software Used

IBM Security QRadar SOAR

Analysis and experience with QRadar SIEM

Incentivized
Saulo PradoView profile
/security Specialist in Information Technology at BANCO DO BRASIL S/A (10,001+ employees employees)

Use Cases and Deployment Scope

I use the IBM QRadar SIEM since 2014 and I have had a good experience since then. We have a large number of security assets and QRadar SIEM helps us collect and correlate alerts, events, flows and incidents from multiple vendors. I am part of a SOC team at a financial institution with more than 90k employees, thousands of security devices, thousands of endpoints and without the help of QRadar SIEM it would be impossible to analyze threats, attacks and exploitations.

Pros

  • correlation events
  • search events timing
  • friendly managed rules
  • capability integration vendors
  • service support

Cons

  • Improvement in the process of consuming virtual machine resources
  • improvement in the process of analyzing errors and warnings generated by the system

Return on Investment

  • reduction in incident response time
  • Visibility of normalized data, reducing manual work time for parsing
  • Reduction in the security risk of the environment as a whole

Alternatives Considered

Microsoft Sentinel

Other Software Used

Trellix Endpoint Detection and Response (EDR), Microsoft Sentinel, F5 Big-IP Advanced Web Application Firewall

Related Products

Products similar to IBM Security QRadar SIEM that may also meet your needs.
All comparisons
LogRhythm NextGen SIEM Platform
CompareLearn more
Splunk Enterprise Security
CompareLearn more
Microsoft Sentinel
CompareLearn more