Full-featured SIEM with a price tag to match and room for improvement in the support offering
QRadar is being used across our organisation, aggregating logs from all servers and network devices. It provides visibility of potential …
IBM Security QRadar
IBM Security QRadar
Overview
Reviews
Popular Features
View all 13 featuresCentralized event and log data collection (27)
9.4
94%
Event and log normalization/management (47)
9.0
90%
Correlation (27)
8.9
89%
Custom dashboards and workspaces (47)
8.0
80%
Reviewer Pros & Cons
View all pros & consPricing
View all pricingCloud
$800.00
Cloud
per month
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Features Scorecard
Security Information and Event Management (SIEM)
8.7
87%
Product Details
What is IBM Security QRadar?
Threats are increasing in volume and sophistication at a staggering pace. Near real-time monitoring and visibility can help security teams detect threats like ransomware, insider threats, and cloud attacks before they can cause disruption. IBM Security QRadar SIEM can provide centralized visibility and insights across users, endpoints, clouds, applications, and networks – helping to detect, investigate, and respond to threats enterprise wide.
With over a thousand out-of-the-box, real-time security use cases, QRadar SIEM can help security teams work efficiently by turning millions to billions[LH1] of events into a manageable number of prioritized alerts and accelerating investigations with automated, AI-driven enrichment and root cause analysis. The solution is designed to help security teams increase productivity, address critical use cases, and mature security operations with QRadar SIEM.
IBM Security QRadar Competitors
IBM Security QRadar Technical Details
| Deployment Types | SaaS |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
Alternatives
View all alternatives
Frequently Asked Questions
What is IBM Security QRadar?
IBM Security QRadar is security information and event management (SIEM) Software.
What are IBM Security QRadar's top competitors?
Microsoft Sentinel (formerly Azure Sentinel), Splunk Enterprise Security (ES), and LogRhythm NextGen SIEM Platform are common alternatives for IBM Security QRadar.
What is IBM Security QRadar's best feature?
Reviewers rate Centralized event and log data collection highest, with a score of 9.4.
Who uses IBM Security QRadar?
The most common users of IBM Security QRadar are from Enterprises and the Information Technology & Services industry.
Reviews and Ratings
(107)
Ratings
Reviews
(1-25 of 107)- Popular Filters
Companies can't remove reviews or game the system. Here's why
November 09, 2021
Full-featured SIEM with a price tag to match and room for improvement in the support offering
QRadar is being used across our organisation, aggregating logs from all servers and network devices. It provides visibility of potential threats and attacks, and the data is analysed and reported upon daily. Its grouping of security events into "flows" assists greatly with understanding the timeline of a particular set of events. We also integrate the output of other security tools such as Cisco Umbrella and Qualysguard into our QRadar instance to provide a holistic view of our threat landscape.
- Event grouping
- Searching and filtering
- All-in-one appliances for "drop-in" installation and setup
- More responsive support
- Harmonised prices throughout different worldwide markets
- Tidy up UI and make it more intuitive
August 31, 2021
Best SIEM on the market today!
IBM QRadar SIEM provides on-demand analyses of security alerts generated by applications and hardware on our networks. These security tools provide a combination of solutions and functions inside our new line of business.
The IBM QRadar is engineered to work optimally with our other IBM solutions, such as IBM Watson AI. It also enables easier interactions with our other network components inside the corporate.
The IBM QRadar is engineered to work optimally with our other IBM solutions, such as IBM Watson AI. It also enables easier interactions with our other network components inside the corporate.
- IBM brand recognition, better investment case to management
- Watson AI
- Strong support for data monitoring
- Watson AI
- Compatibility with other software makers
July 21, 2021
A SIEM that works
This is our enterprise-wide solution for SIEM. We run this in our IT department and send many different application logs to the SIEM. We use the IBM QRadar tool as one of the applications we display on our 6x6 SOC. The application is fundamental to our security posture, we track log in failures, VPN connections, lateral movement and other key pieces of information that we deem important to cybersecurity.
- Ingest logs from other application
- Clean graphical displays of key security metrics
- Filter data events
- High end analytics
- Correlation of data events across disparate applications
- The tool needs a collaboration feature like an internal chat tool
- Pricing model is very high
- Pricing structure could be simplified
- Enhancements could be faster
July 12, 2021
A Robust Solution
Consulting on the platform.
- Scalable and modular (e.g., distributed architecture)
- Many other IBM products enhance its capability (e.g., Guardium, Watson, QRM, QVM, X-force)
- Full payload inspection and correlation using the QNI feature
- Robust HA capabilities
- Licensing model complexity
- Abundance in documentation makes it a challenge to find relevant guidance
- QVM enhancement many organizations prefer other third-party scanners
IBM QRadar is a frontrunner solution in security information and event management (SIEM) that helps my team to automate threat detection and threat remediation. It reduces false positives detected in the threat log, which helps reduce the manual workload for my team. We can prioritize threat management based on scoring shared by IBM QRadar. Further, the solution offers integration with various third-party tools that help get access to additional capabilities needed for security-specific projects.
- Automation of threat detection
- Reduction in manual workloads by scoring and prioritizing threats
- Reduction of false positives in security report
- Integration with third-party tools
- Access to customer service
- Varied learning resources and active use community
- User experience
- Providing more insights on threats
- Reduced pricing
- Online training
July 01, 2021
Must have SIEM for SOC
It helps me eliminate and reduce manual workload for my team by detecting threats and prioritizing them for further investigation.Integration with quite a lot of other tools, software, and portals. Integration with Xforce Threat Intelligence as well we can integrate plugins from App Exchange platform too.
A Complete tool that includes the Zero Trust cybersecurity model, in addition to being incorporated with many products on the market as well as its easy handling and the components that can be incorporated. This tool has a high level of analysis of the offenses with the use of X-Force and Watson, also the generation of the graphical relationships of these offenses are very structured and allow a greater vision of each event.
- includes the Zero Trust cybersecurity model
- high level of analysis of the offenses with the use of X-Force and Watson
- eliminate and reduce manual workload for my team
- QRadar SIEM facing issue while integrating third party threat tool
- Device automatically un synced from Qradar server, even there is no network issue
- Lack of dashboard functionality unlike Kibana
May 11, 2021
Efficient in SOC
IBM QRadar is mainly used for security and network monitoring in our organization. IBM QRadar is mainly used by the SOC. It has multiple dashboards available which make day-to-day security monitoring easy and efficient. It also makes the process of investigation and data gathering fast, easy and reliable.
- QRadar is best used in large networks - one of the best features is you're able to do a query for a particular subnet range.
- AQL - advanced search queries are easy to understand. This allows you to perform specific searches that really speeds up the investigation process.
- Graphical representation of the volume of events [at] a specific time in relation to an offense/alarm
- I think it would be better in the offense tab to have a right-click filter for the offense description. It's kind of time-consuming to edit the searches as it opens to another page.
December 24, 2019
The force of IBM Qradar
I had the privilege to install and deploy QRadar for my customers, to respond to many problems like managing logs and detecting advanced attacks to the platform. In many cases, people can't see human behaviors. With QRadar UBA, they can finally profile and use UBA capabilities to anticipate and respond to attacks. QRadar has a greater ability to integrate with many other solutions with more than 200 apps developed, and this helps to harmonize customer fabric security.
- Rich functionality.
- Scalable.
- Integration.
- Analyze Flows.
- UBAI Analyses capability.
- Integrations with SOAR and other SIEM platforms.
November 14, 2019
IBM QRadar Review
QRadar is primarily being used by companies to increase the visibility of their operational environment. It is used as the central correlation engine for relevant event sources. It is almost always the central piece of their SOC, assisting the analysts in quickly determining risks to the organization. The deployment footprint varies from client to client driven by required coverage area and cost.
- It is easier to deploy than most SIEM's.
- Its correlation engine in my opinion is the best of any SIEM.
- The GUI when compared to most other SIEM's is easier to work with.
- It is a mature SIEM with a better than average level of support.
- As with all SIEM's that I'm aware of, it relies on supervised machine learning. This is a major weakness in today's threat landscape.
- As with all SIEM's the more event sources it needs to correlate the slower it becomes. This becomes an issue as the deployment footprint increases, a solution needs to be developed to address this limitation.
- The ability to customize the GUI and reporting per user needs some improvement.
November 13, 2019
IBM QRadar in Healthcare Industry Security Implementations
Support and administration is provided by the security department and the configuration was completed by security architects. The platform in general is so vast that it required the collaboration of various members. It's used to correlate and duplicate event logs and serve as the main tool for monitoring and investigation during incident response.
- Support
- Coverage
- Customization
- Implementation granularity
- Ease of use
- Standardization among detection levels between other products
February 21, 2019
Basic features of IBM QRadar
IBM QRadar is an excellent security software. It was recommended to apply in the agribusiness companies that I advise, in order to protect the database of agrochemical products for sale. It is implemented throughout the company, especially in the sales department.
IBM QRadar mainly installed itself in the agro-industry that I usually advise in order to protect against security risks or threats.
Since it is based on cognitive computing solutions, this product is the only one able to cope with the growing sophistication and volume of threats to information security. Since it is characterized by providing present-time analysis of security alerts originating both in the hardware, as well as in the software that is being used in the company, IBM QRadar was installed in the company mainly to protect the database of listing data of the agrochemical products that are commercialized against virus threats that could alter the database.
- All the databases and valuable information of the organizations are increasingly exposed to a great diversity of threats. The more and more expert attackers manage to make the brands of their actions practically inevitable, and QRadar detects in time any anomaly in order to protect companies from these actions. This is carried out through an exhaustive analysis of the information, which allows it to identify in advance those threats and suspicious actions that may affect the data and systems in general.
- In terms of ease of use, QRadar has a somewhat complex architecture that makes it a software product that is not very detailed, as it offers a user interface and a fairly systematic deployment.
- You can send a denial of service. The Linux kernel used by QRadar is vulnerable to a denial of service due to an error in functionality.
February 14, 2019
QRADAR for Brazil.
We use QRADAR in the business area and the IT area. We were looking to solve questions about logs systems that we weren’t monitoring. Now, we have information in real time and we can identify when an irregular operation happens. QRADAR sends information to our analyst and opens incidents.
Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
Another use case that we have is linked with the security team. We monitor external login systems (like webmail) and we can identify when brute force attacks happen. The action for this case is automatic and the offender is blocked.
- Simple to use
- Fast
- Simple infrastructure
- System is stable
- Uses Linux as system operation
- Has a lot of connectors (log sources)
- Doesn't work well in Nutanix virtualization (Acropolis)
February 14, 2019
Simply the best - QRadar
IBM QRadar is being used to monitor the logs of the Cisco Firewall and several AIX Logs.
Business problems addressed include detection of security risk and automation of response to aid in taking prompt action to detect sources of security using log data and new network traffic data, making investigations possible and prompt
- Data visibility
- Only alerts when necessary. Detects threats, identifies and prioritizes potential incidents
- Automates response, contains threat
- Machines require fairly high resources
- The process of setting what is considered an offense is a bit cumbersome.
- Variable login expiration would be appreciated
February 15, 2019
Need Netflow for ??
Our company provides a QRadar plugin that generates NetFlow data for the QRadar net flow dashboard from packet data to enhance network security, management, and analytics
- Net flow dashboard provides clear and concise display of net flow data
- QRadar makes sure that the most important events are highlighted
- Better working with technology partners for QRadar plugins
- Help promoter plugins to QRadar installed base
November 26, 2019
The best SIEM solution in the market, hands down!
My current client uses QRadar in an environment with more than 6000 endpoints (averaging 40K EPS). QRadar monitors all the servers in the environment, including PCI and SOX zones. QRadar is their central security intelligence solution and is used by the SOC team for incident monitoring and daily incident investigations. The tool is also used to provide compliance information for audit teams and acts as a centralized log repository.
- Advanced correlation rules
- Easy to use, in just one day we can train a new SOC analyst
- Good scalability
- Integration with advanced data mining tools (e.g. ELK)
February 14, 2019
QRadar is the best IBM product...period!
We began to use QRadar to identify threats within our organization. Being in the Industrial Construction Industry, it was slow to adopt the need to take threats seriously. As an industry, we began to take the threats more seriously when we realized we are very high up on the target list because of the sensitive information we actually have. QRadar has provided us with a very trusted product for our entire organization that is allowing our Executive Management team to sleep better at night!
- It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
- It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
- By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
- We are too new with the product for me to actually have good feedback on this question
April 10, 2019
Assure great security with IBM QRadar
IBM QRadar is one of the best SIEMs on the market. It is a SIEM solution that provides security, integrity, and resilience to logs collected from critical resources. QRadar provides customizable dashboards, compliance templates, and data archiving. The SIEM offers a full range of security intelligence capabilities for on-premise deployments and the possibility of automation to detect sources of security log data and new network flow traffic. In conclusion, QRadar is a great SIEM solution.
- Good integration of log sources.
- Low level of false positive offenses.
- Collect logs from more than 400+ sources and millions of events per second.
- Intuitive dashboards.
- The solution is a little bit too expensive.
- Create templates for logs from SWIFT.
- Make it more user-friendly.
April 10, 2019
Simple, flexible architecture. Easy deployment. Out of the box rules, offenses and reports
We have used IBM QRadar for more than 8 years. We collect and corelate events from Microsoft Servers, SQL, Oracle, Fortigate, Cisco ASA, Active Directory, Linux, Apache and from many other custom services. The out-of-the-box rules, offences, and reports, made SOC's lives easy and more comfortable. DSM Editor is simple and works with simple regex. Now, we integrate into IBM QRadar, Vulnerability Manager and Risk Manager from IBM. This integration helps us to view the problems with the IT infrastructure and resolve them fast. It's the solution for businesses who want to get rapid deployment and instant log visibility to meet security and compliance requirements.
- Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
- DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
- Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
- Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
- Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
- SE Linux by default is disable
- Metric events can't be disabled
March 19, 2019
IBM Qradar is a great SIEM solution
IBM QRadar is a great SIEM solution. It gives us the ability to correlate data from our critical infrastructure in real-time. This solution helps improve the efficiency of our security team. It is very intuitive and easy to learn.
- Great user interface.
- Easy to use and administer.
- The most comprehensive and powerful SIEM.
- Very stable.
- Can't be integrated with TSM.
- Some searches are not very intuitive.
- It is not possible to export reports from the vulnerability manager add on.
March 13, 2019
QRadar: great SIEM solution
QRadar is used by our Information Security Division. It helps collect logs from all our critical systems and detect important security events. Also, we have created offenses for our cases. Great solution, easy to use, and easy integration with other systems. It is a perfect solution for small and big companies. Integrity of logs is very important!!!
- Easy to use
- Great integration
- Good price
- Predefined parser for SWIFT logs
February 19, 2019
QRadar is pretty good
QRadar is managed or administered by one department but through logging or alerts, emails are sent to multiple other departments.
- Collect logs
- Correlate data
- Send alerts
- Ease of use
- Emailed alerts that are easier to dissect
February 14, 2019
Enterprise-grade security with QRadar
QRadar is being used as one of the platforms to support our security services to our enterprise customers both from a project-based approach and in our managed security services offerings for public, enterprise and mid-market customers, in several countries worldwide
- Interface usability is very intuitive
- The depth and wide coverage of the technical analysis
- The integration with 3rd party platforms
- Seamless integration with some of the cloud platforms
February 14, 2019
Get to the head of the Q
QRadar is being used for incident detection and escalation, as well as reporting of metrics of interest on top of some KPIs for response times.
- Correlation
- Ease of use for data
- Customization for custom applications
- Reporting configuration is still too convoluted
- Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
February 14, 2019
QRadar
We currently use QRadar in a vast array of uses from simple searching to advanced correlation to extensive UBA monitoring
- Correlation
- Vendor support
- Complex data searching
- Customizable UI
- Advanced Reporting
February 13, 2019
Qradar-SPine of Any SOC
We are using IBM Qradar for our many BFSI clients as a SIEM tool, and also for Security Operations Center (SOC) services offered to other clients.
- Custom parser with excellent DSM editor
- Nice dashboard
- Customizable reports
- In the dashboard, the widget size cannot be modified by stretching it in or out.
- AQL decoder