IBM Security QRadar

IBM Security QRadar

Customer Verified
Top Rated
About TrustRadius Scoring
Score 8.4 out of 100
Top Rated
IBM Security QRadar

Overview

What is IBM Security QRadar?

IBM Security QRadar is security information and event management (SIEM) Software.
Read more

Recent Reviews

Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of IBM Security QRadar, and make your voice heard!

Return to navigation

Pricing

View all pricing

Cloud

$800.00

Cloud
per month

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.ibm.com/qradar/security…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Demos

IBM QRadar: The Intelligent SIEM
01:53
Return to navigation

Product Details

What is IBM Security QRadar?

IBM Security QRadar XDR is a threat detection and response solution that works to eliminate threats faster.

IBM Security QRadar helps security teams detect, understand and prioritize threats that matter most to the business. The solution ingests asset, cloud, network, endpoint, and user data, correlates it against vulnerability information and threat intelligence, and applies advanced analytics to identify and track the most serious threats as they progress through the kill chain.

Once a credible threat is identified, AI-powered investigations provide rapid, intelligent insights into the root cause and scope of the threat, with the goal of enabling organizations to support their first-line security analysts, accelerate security operations processes and reduce the impact of incidents. An open, connected approach helps organizations manage increasing number of cloud applications.

With QRadar, the user can integrate EDR, SIEM, NDR, SOAR and Threat Intelligence, while leaving data where it is for a complete XDR approach, connecting existing tools and automating SOC using IBM and open third-party integrations.

Threat intel is fed from the IBM X-Force Threat Intelligence platform, which enables sharing of research on security threats, aggregation of intelligence, and collaboration with peers.

The QRadar XDR is a suite of threat detection and response products that includes:

  • IBM QRadar XDR Connect, connects tools, automates your SOC and streamlines workflows.
  • IBM QRadar SIEM is intelligent security analytics for actionable insight into the most critical threats.
  • IBM QRadar NDR detects hidden threats on the network.
  • IBM QRadar SOAR responds to security incidents with confidence, consistency and collaboratively.

IBM Security QRadar Features

  • Supported: Open architecture to deploy on premises, on cloud, or as a service.
  • Supported: Investigation speed faster by 60x with automated triage and contextual intelligence
  • Supported: Better visibility by removing silos and unifying input and shared insights
  • Supported: Integrate with existing tools to leave data where it is and leveraging current environment.

IBM Security QRadar Video

See how IBM QRadar helps security teams accurately detect and prioritize threats across the enterprise. QRadar provides intelligent insights that enable teams to accelerate security operations processes to reduce the impact of incidents. Visit our web page to learn more or request a demo: https://ibm.co/2LeRvgY

IBM Security QRadar Integrations

IBM Security QRadar Competitors

IBM Security QRadar Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

IBM Security QRadar is security information and event management (SIEM) Software.

Microsoft Sentinel, Splunk Enterprise Security (ES), and LogRhythm NextGen SIEM Platform are common alternatives for IBM Security QRadar.

Reviewers rate Support Rating highest, with a score of 9.4.

The most common users of IBM Security QRadar are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (172)

Ratings

Reviews

(1-25 of 51)
Companies can't remove reviews or game the system. Here's why
Tobin Mathew | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
First of all, this is the one and all SIEM Solution used in my 7 years Career. IBM Security QRadar is the product that changed my life from a Cyber Security Analyst to an Admin.

We have more than 10+ Clients already and are onboarding new clients in a couple of months.
IBM Security QRadar is one of the top leaders compared to other Solutions in the market.
I had experience with Splunk, LogR, etc... but IBM Security QRadar is the Very user-friendly SIEM ever seen.

I will surely recommend this to my colleagues and new clients
  • Offense Monitoring
  • Use case development
  • Third-party Application Integration from Xchange
  • Custom Log Source Integration
  • Auto-Scaling of Disk when it's in a critical condition-Manual intervention is needed to fix the issue when there is a disk space issue
  • Data Node Improvement in processing capabilities
  • Custom Script usage in the system is not allowed
Well suited for me - Very user-friendly and more custom application has to integrate to explore more.
For Case management, most of them use third-party ticketing solutions for better SLA monitoring. There is no mechanism to find the SLA currently.
Pritam Saha | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
It's an all in one solution for organization of internal and external security. IBM Q Radar is the best for web application software Security Information Management for any kind of big & small type organizations. Q Radar event management system supports the ecosystem of information security it manages everything of client based information systems. IBM Q Radar have the best incident response integration it reports everything about client and accounting based system
  • SIEM
  • Incident Management
  • Information Security
  • Data collection system needs some improvements
IBM Security QRadar is well suited for Threat Intelligence and Threat Analysis. I fall in love with their multiple deployment features It has the most powerful AI for secure and protect organization very confidential and important data. Big or Small organizations analyze & reviews their intelligence information data. Finally their hybrid cloud system it stores every confidential threat about the system client used.
Their support team is very fast they solved problems within the time. TIME SAVER
Joanne Brown | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Qradar is special because it creates peace of mind by keeping threats away, threat detection and analysis is automated and for that reason this software was implemented in our enterprise system as it allowed less risk than other less capable and high generation software of false positives. IBM Security QRadar was implemented with the help of the technical support team as it was a bit difficult at first to do it alone as we didn't want to make any mistakes, we adapted it to our entire business and threat detection and protection environment and the results they are spectacular, it does not slow down our system and minimizes the risk of threats entering our system.
  • Quick scans that prevent threats from entering our system and putting our data at risk.
  • It allows great automation power to detect threats, incidents are reduced.
  • It allows us to adapt to our immediate objectives, since it is customizable, increases security and is easy to configure.
  • It allows us to save a lot of time, increases fluidity and stops risks in time.
  • At first it can be a bit confusing, but by solving all the doubts with the technical support team everything will be perfect, you will be able to achieve security benefits that are not achieved with other similar software.
I highly recommend IBM Security QRadar, I also give it 10 points, as it is an easy-to-implement protection system, it has good bases for automatically detecting threats and solving problems, it integrates very well with other software, the response is immediate to potential risks, is inexpensive to implement, and offers good benefits.
The technical support team is the best of everything, as they are trained, the solutions are intuitive, they generate rapid progress in our objectives and reduce the time of configuration and customization that we are doing, the solution they provide is fast and intuitive.
Danielle Palmer | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
IBM Security QRadar is the best for automatic threat detection, it is a highly automated process, since it is in charge of carrying out exhaustive analyzes to protect our data system and act in time before there are major problems in our system. The implementation was successful, it did not take long. The response to threats is very fast, it allows us detailed and complete reports to see what the errors were, luckily we have QRadar, since the previous system was a bit incompetent and did not solve our threat detection problems.
  • It is a simplified and automated system to detect threats, it minimizes our risks of manual detection and prevents serious incidents by protecting our data automatically.
  • The creation of the threat search is very simple, it does not require spending long hours of training.
  • Ransomware detection fluency, detects fast and prevents serious disasters, resolution and detection is fast.
  • Protection of our system at all times.
  • No bugs or glitches so far as the shortcomings we were missing were fixed by IBM Security QRadar as it allowed for a more reliable and secure environment on our system.
It is a powerful software when it comes to detecting threats, it does not require a super genius to configure it, the response to any detection that occurs is immediate, it prevents greater evils, false positives do not exist with IBM Security QRadar. The reports and the entire set of functions that this software has allow us to establish high security parameters so that no threat tries to damage our data.
It is a work team that is always alert, if there is any doubt on our part we can ask questions and receive satisfactory and very fast answers, we are very happy to have an attentive technical support team and problem solver like the one IBM Security has QRadar.
Ray John | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
There’s nothing overwhelming like manually searching for threats on the company system. I use IBM Security QRadar to automate data investigation, detection and remediation across all environments (cloud, on-premise and endpoints).
  • Extend threat detection across all attack surface (network, endpoints and cloud workloads).
  • Allocates built-in AI and playbooks that automate threat investigation and remediation.
  • Remove data silos by unifying shared insights with input which speed up response on threats.
  • Availability of robust backend integration capability that help connect with external apps and APIs.
  • Doesn’t incorporate advanced queries such as ML and statistical analysis.
IBM Security QRadar allows me to automate over 75% of security management processes which helps save time. Managing logs through DSM and auto-discover has been seamless for me.
I haven’t interacted with IBM support much, but the few times that I submitted my ticket, they respond rapidly with links to help resolve bugs quickly.
Thandolwethu Arno | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We use IBM Security Qradar Enterprise IT Product to gather acute visibility in an effort to promptly detect, investigate and remedy threats. We use it as a SIEM tool, which includes SSO, Alerting, Reporting, Decryption, Governance, Scalability, Data Context, File Analysis, Risk Analysis, Incident Logs, Incident Logs, Email Analysis, Linux Analysis, and API Monitoring, among others. It guarantees efficiency in prioritizing the threats across the dashboard.
  • Threat Intelligence.
  • Vulnerability Assessment.
  • Data Examination.
  • Advanced Analytics.
  • Incident management.
  • So far I don't have any complain since the vendor implemented all crucial features during its development.
My highest rating is based on IBM Security Qradar Enterprise and how fast it responds to any threat, data examining, incidents alert, vulnerability analysis, asset management, activity monitoring, resources usage, incidents logs and reports, and others it supports.
IBM security radar XDR for security information and events management is a superb tool because its technical support team resolves any issue that you would alert them to 24/7/365. Besides, it has simple setups and plugins since Self-explanatory to new users. It has a friendly user interface too.
Score 8 out of 10
Vetted Review
Verified User
Highly powerful and well-equipped tool for security monitoring and also providing an analysis. Pulse and the use case manager features are very user-friendly and easy to manage. We set up security rules, specific use cases, and alerts applicable to specific scenarios. All the security information is collected centrally and thus giving us the best usage of the tool. If you analyze the dashboard, all the need-to-know information is readily available at a glance. We monitor the network activity and log activity in real-time with ease via QRadar.
  • Automatically flags devices and systems that are compromised by multiple sources over the network.
  • A simple search method and the ability to view search results in both logs and graphical views for better analysis.
  • Integration of almost all types of devices.
  • Helps in threat detection and response, helping to remediate the threat.
  • Product upgrade to a new a version is a lengthy and a tough task.
  • Search query sometimes fail when loading logs.
In this modern day and age, security is a crucial subject. IBM QRadar addresses this hectic concern in a very convenient manner. The very friendly user interface and the included dashboard of the product make it very smooth to handle this product. Compared to alternatives in the market, QRadar has a lot of potentials. This a very smart product and can make very time-worthy suggestions based on its observations. Given that you stick to specific rules and regulations, QRadar will make your life much easier.
Though I have not been directly involved with support, I have been informed that customer support is ready enabled to assist us. And also, the forums help out the users massively to overcome any issues.
Score 8 out of 10
Vetted Review
Verified User
It is true that getting insight across multiple security environments can be tough. However, with IBM Qradar, we see all the events related to a particular threat in a single place and eliminate the manual tasks so that analysis can focus on response and investigation.
  • The tool scans the process and network vulnerability data to identify the security risks in the network.
  • The tool performs in-depth network forensics and replays full network sessions.
  • Gives a threat score and category to each identified IP address or URL, which helps us prioritize threats and offer better analysis.
  • Bulky user interface.
  • Cloning of tasks is lacking.
  • Slows down server startup.
Integrating IBM Qradar into your system would definitely help you to secure all the data channels. The tool is one of the best security solutions today.
Their team of experts provides timely support.
Score 9 out of 10
Vetted Review
Verified User
QRadar was selected to address a gap with the current security incident and event management tool that we could not address with that platform. Through the evaluation of QRadar we were able to identify how we could simplify our deployment, integrate with additional tools and improve our overall workflow with regards to Security Operations.
  • Alerting and reporting.
  • Integrations with other tools and partners.
  • Ease of use/deployment.
  • Licensing models - move away from the consumption based models.
The development of a security operations center's incident response process is where QRadar shines. The platform allows the analyst to review, react and respond to the possible issue within the same tool. This cuts down the dwell time of threat actors and the overall delay in response to possible incidents significantly.

Very little interaction with support but what we have seen has been very good.
Muhammed Ali CETİN | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
IBM Qradar's been used as compliance in our company and also trying to overcome all the security related problems. briefly, onboarding any security-related data, consolidating, and creating detection rules on top of that. We also integrated with QNI for flow data to unleash grey part which is not visible enough with legacy data sources. IBM Qradar is user-friendly and easy to deploy and with auto-discover data management is never been so easy as that. any LogOps project steps can easily run on Qradar.
  • Autodiscover for data sources
  • Data onboarding
  • Creating detection rules
  • API integration
  • Should onboard any type of data.
  • Dashboarding and advanced queries like statistical analysis and ML features.
  • Parsing and filter out.
  • License model.
  • Instead of java, could be written C to get more efficient and faster environment.
  • Enrichment of data on data pipeline.
  • Replication and loadbalancing on Datanodes and EventProcesssors.
- Log management is never been easy, with auto-discover and DSM features, adding log sources is so easy and user-friendly.
- UI is so simple and user-friendly, if you haven't experienced it yet you still can understand it within a second and create searches.
- Deployment of architecture. well structured.
- Alerting and correlation rules are well suited as well.
One of the best support that I've seen in vendors. they are well equipped and knowledgeable about security and their product. If you go with a problem, %100 sure that they will get back to you in several minutes. What's more, if IBM is located in the Country, support and customer success much much better.
Score 10 out of 10
Vetted Review
Verified User
IBM Security QRadar enables me to unfold known and unknown threats on endpoints, users, and cloud assets.
  • Has built-in analytics which detect threats automatically.
  • Support external STIX which makes it easy and effective to integrate external apps.
  • Automate threat detection through AI.
  • I have nothing that I encounter as a flaw when using this platform.
IBM Security QRadar fits threat investigation, detection, and remediation procedures without involving manual processes. I highly endorse this tool to all prospects looking to investigate logs and network flows for known and unknown threats.
Support at IBM is five-star and barely requires a second alert since they respond rapidly to opened cases.
Score 10 out of 10
Vetted Review
Verified User
We adopted this technology due to its capability of defending our critical data from novel, rapidly evolving cyber threats and inside threats, whether malicious or non-malicious. This self-learning technology is able to detect and report ransomware actively attacking our network from within, which none of our security tools were able to spot. Genuinely anomalous activity is reported to the IT security team, allowing us to carry out further investigation and mitigate any risk posed.
  • Improved understanding of user and device behavior.
  • Alerts to threats as they occur, allowing efficient risk mitigation.
  • Complete, 24/7 network visibility.
  • Staff must be extremely familiar with networking to continually tune the software for false positives.
This technology is capable of real-time threat detection because it quickly learns the network's pattern by modeling the behaviors of each user and device as well as the network as a whole. The IT security team will be more confident in the knowledge that potential threats from inside and even the unknown won't go unnoticed.
Provides resources for technical help, case policies, and other information for customer assistance on their support page. Their support is a global team and I can even upload diagnostics files and screen captures when opening a case with the Support Team.
Alesia Lunsford | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Threats are the worst enemy in any business. IBM Security QRadar enables us to rapidly investigate, detect and remediate threats on cloud and on-premises platforms.
  • Automates threat detection and remediation.
  • Has clean UI.
  • Cost effective.
  • Offers comprehensive tutorials.
  • No mobile app and on-premise versions.
IBM Security QRadar has advanced analytics and threat intelligence capabilities that automate the search, detection, and remediation of threats on all corporate services.
How my ticket is rapidly responded to advances my trust towards IBM services. Their support is exceptional!.
Ethan Owen | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
IBM Security QRadar is employed across all business units in my current firm to automate threat detection and elimination on systems, networks, and endpoints.
  • It has built-in playbooks such as root-cause analysis and MITRE ATT&CK mapping which automate threat investigation and detection.
  • It enhances visibility by removing silos, unifying inputs and sharing insights.
  • Has robust backed integration capability that makes it effective to integrate with external tools.
  • Poor version control sustain bugs for an extended duration.
  • Too many features to fully customize.
Endpoint threats vulnerability in an organization can lead to deteriorating reputation and losses. IBM Security QRadar searches and remediates sophisticated threats rapidly through automated triage, AI, and contextual intelligence.
IBM offers the best technical support since they allow users to open cases that are rapidly resolved by their success team available 24/7 time.
Score 10 out of 10
Vetted Review
Verified User
A Complete tool that includes the Zero Trust cybersecurity model, in addition to being incorporated with many products on the market as well as its easy handling and the components that can be incorporated. This tool has a high level of analysis of the offenses with the use of X-Force and Watson, also the generation of the graphical relationships of these offenses are very structured and allows a greater vision of each event.
  • Full payload inspection and correlation using the QNI feature
  • Robust HA capabilities
  • Scalable and modular (e.g., distributed architecture)
  • Licensing model complexity
  • QVM enhancement many organizations prefer other third-party scanners
In my last 3-4 years of exposure to QRadar as SIEM, I would say it is the best. We are able to see all traffic detailed on a single pane of glass. The only thing is like any other SIEM you need to know what to do with all information, otherwise, it could be useless so definitely training is needed.
EVERY TIME WE NEED SUPPORT, WE ARE PROMPTLY ATTENDED TO! QUALITY GETS A LOT OF ATTENTION AND IS SOMETHING YOU DON'T SEE
Samuel Stratemeyer | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
There’s nothing challenging and can lead to losses like working in an environment prone to threats in line of business. IBM Security QRadar in my current firm is used nearly close to all business units. It analyzes company assets, endpoints, networks, and users to investigate, monitor, and detect known and unknown threats.
  • Has a simple to use search filter that streamlines procedures when looking for deeper files.
  • Enhances continuous monitoring across on-premise and cloud environments.
  • Onboards custom logs rapidly from all ETL services.
  • It has room for additional integration with other threat intelligence platforms.
  • There should be more enterprise-grade cloud services built-in on IBM Security QRadar to accelerate implementation and reduce operational costs.
To all sorts of corporations from small, mid-sized, and large to global enterprises, IBM Security QRadar is a remarkable tool that is worth incorporating into their system. It allows us to keep track of every trend and activity on company servers and hosts to maintain risk-free working areas.
On my end, I give IBM support 10 out of 10 since they resolve issues with high IQ be it technical or technical they have support agents that suit all our issues upon request or contact.
Rehan Allahwala | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Enhancing safe working environments isn’t an option rather but a priority. IBM Security QRadar helps us analyze networks, endpoints corporate users, and assets in real-time to detect and resolve threats automatically.
  • Enables integration with other threat intelligence tools via STIX.
  • Onboards custom logs from external data sets for real-time data monitoring.
  • Enhances intelligent insights across multi-cloud and on-promise repositories.
  • Graphics and charts UI is a bit confusing for beginners due to lack of enough tutorials.
IBM Security QRadar is employed across all company units to gain insights into logs by collecting data with REST API across all cloud services. Infused threat intelligence and advanced analytics help detect threats by investigating logs in real-time.
I haven’t interacted with IBM support team, but the success team at IBM responded rapidly to my ticket when I was facing an issue with 2021 version.
April 08, 2022

IBM Qradar Review

Score 9 out of 10
Vetted Review
Verified User
Qradar helps me and our clients get reliable and well-performing SIEM functionalities. We have created a broad spectrum of use-cases to cover the detection of various security threats with ease. The support team was always helpful if we had questions about the product and we could resolve all issues that came up so far really fast.
  • SIEM functionalities.
  • Offense rule creation.
  • Log searching.
  • Possibility to edit multiple rules at once is missing.
  • There should be more build-in notifications options than just E-Mail and local notifications.
IBM Qradar is best suited for medium to large businesses that want to have a singular platform to gain insight into what all of their hosts and servers are doing exactly at the moment. They can also create complex rules to get alerts („offenses“) based on various log parameters for security or observability use cases.
Pushpendra Bhardwaj | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
I have used IBM Security QRadar for security and threat detection in existing systems in my organization. It provides quick investigation and automatic root cause analysis. It is helpful in securing the servers as well as systems in my company by detecting the hidden threats in the network and minimizing the disruption quickly. I also give the alert of threats and investigate by itself.
  • Excellent ransomware detection
  • Protection against business email compromises
  • Excellent protection against server attacks
  • Complicate for beginners, prior knowledge is required to operate.
  • Pricing model could be cheaper
  • Threat analysis is could be simplified
IBM Security QRadar helped my organization to protect the local systems as well the server against vulnerable threats and cyber attacks. It also provides an automatic threat detection feature to simplify and fasten the process. It also helped my company to generate a simplified risk analysis report.
Paul Murphy | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
IBM Security QRadar enables collaboration across the entire team in a consistent manner based on the data generated in cyber threat reports, intelligence actions are automated and are always enhanced with new security-optimized additions as well as the wide number of possible integrations, the response time to different threats is also reduced and this is specifically due to the reports that IBM Security QRadar generates. The deployment of the integration is fast, safe, and simple, in general, it complies with everything shown in the 14-day free trial that they offered us, we have been using this tool for more than three years and we know that it is the most suitable.
  • Automated intelligence advances threat detection.
  • It helps to have consistent collaboration across the team.
  • It lacks advanced customization features.
  • Managing the database of threat reports is not easy.
A tool to simplify processes should be like IBM Security QRadar to have confidence that good results will be achieved in a scalable way, honestly, it is one of the best in the industry based on the results obtained to date, I cannot speak positively of the usability in general thanks to the fact that it is really complex in the initial stage of the implementation and also remains complex for some users, honestly, I like it and it is necessary IBM Security QRadar, it can improve a little, but in general lines, it is the perfect one.
Amber Graham Bell | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
IBM Security QRadar has orchestration capabilities as well as automation that can create playbooks for robust incident visibility. SOAR facilitates the tracking of incidents before they occur or cause damage, we have to strictly comply with the audit dates and we can achieve this thanks to the implementation of IBM Security QRadar. Being able to respond to security breaches has also motivated my team to deploy this IBM product to back up data breach threats.
  • Orchestration and automation capabilities.
  • Real-time reporting of incidents and data breach attempts.
  • Not the most intuitive product on the market.
Avoiding data breach threats, meeting audit deadlines, having robust automation and orchestration features, and perhaps having a robust high-end security product like IBM Security QRadar is a strong reason for the entire team to You agree that this security system must continue to be implemented and for security reasons, we must expand its use.
Rachael Clarinda Donald Wilson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Integration with our infrastructure is possibly one of the most favorable reasons for optimizing security before threats, incidents are solved with precise data in relation to the characteristics of the threats detected. IBM Security QRadar enables consistent team-wide collaboration, allows for convenient integrations with AppHost, and has excellent playbooks to help you respond faster to potential vulnerabilities.
  • Proper integrations with AppHost.
  • Playbooks are customizable.
  • IBM Security QRadar has the most advanced security features and also has 100% customizable playbooks, this is enough to ensure that vulnerabilities are fixed.
Extensive customization of playbooks might be one of the many reasons to think positively about IBM Security QRadar, it's also very easy to get a view of all the threats happening (it shows every detail), I also recommend IBM Security QRadar to fix any suspicious aspect that companies may notice in their infrastructure. The monitoring of security metrics helps to improve business decision-making, this means that there is a better development.
Score 8 out of 10
Vetted Review
Verified User
We are using Qradar as a soc service as Managed service partner managing soc with 500 eps even count, Major problem with the system is disconnection of device from Qradar console with having network issues as switch usually generating few logs and in the interval of 7-8 days, some of the devices removed automatically from the console and no alert triggered in this case. We have manually re-configure the Syslog configuration to map this device. Integration with DLP is quite difficult and does fine any significant impact for integration with DLP. Overall product is good for medium enterprise organizations as firewall level Threats & fast positive alert detection rates ate very high in terms of another tool. Scope: Real-time monitoring 24*7 related to network threat protection, any kind of unauthorized access, abnormal behavior detection, etc…
  • Automative of Threat protection
  • advanced search queries are easy to understand. This allows you to perform specific searches that really speed up the investigation process.
  • Device must be connected once configuration completed to integrate with console,
  • Licensing model: the EPS (events per second) cap limits the number of logs that can be ingested in Qradar Can produce a lot of false positives
  • Pricing structure should be cheeper and enhancement could be faster
Detection of false-positive alert is high and responsive integration of the device is quite difficult
Eduardo Ramirez | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Mainly IBM Security QRadar at Tristate is for SIEM, but also we use features for early threat detection.
  • 100% SIEM
  • Robust, logging collector
  • Good integration, through API with other platforms
  • I think API could be easier, I mean for non API experts.
  • Also I think upgrades can be more friendly for non Red Hat experts!!!
In my last 3-4 years of exposure to QRadar as SIEM, I would say it is the best. We are able to see all traffic detailed on a single pane of glass. The only thing is like any other SIEM you need to know what to do with all information, otherwise, it could be useless so definitely training is needed.
Score 7 out of 10
Vetted Review
Verified User
QRadar is being used across our organisation, aggregating logs from all servers and network devices. It provides visibility of potential threats and attacks, and the data is analysed and reported upon daily. Its grouping of security events into "flows" assists greatly with understanding the timeline of a particular set of events. We also integrate the output of other security tools such as Cisco Umbrella and Qualysguard into our QRadar instance to provide a holistic view of our threat landscape.
  • Event grouping
  • Searching and filtering
  • All-in-one appliances for "drop-in" installation and setup
  • More responsive support
  • Harmonised prices throughout different worldwide markets
  • Tidy up UI and make it more intuitive
It works well in medium-to-large companies who have the budget for such a full-featured product. It may be less suitable for small-to-medium enterprises with tighter margins and a more controlled security budget, though the QRadar Community Edition could provide a more cost-effective solution. It's also well-suited to organisations with a diverse technology estate as it integrates well with many popular hardware and software offerings.
Return to navigation