IBM Security QRadar Reviews

Vendor: IBM

4.0 out of 5

208 reviews
91% willing to recommend

6,319 followers

What is IBM Security QRadar?

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

Get the IBM Security QRadar Buyer's Guide and find out what your peers are saying about IBM Security QRadar, CrowdStrike Falcon, Wazuh and more!

IBM Security QRadar is the #1 ranked solution in top User Entity Behavior Analytics (UEBA) solutions, #4 ranked solution in top Security Information and Event Management (SIEM) solutions, #4 ranked solution in SOAR tools, #6 ranked solution in Log Management Software, #9 ranked solution in top Managed Detection and Response (MDR) solutions, #10 ranked solution in XDR Security products, and #17 ranked solution in EDR tools. PeerSpot users give IBM Security QRadar an average rating of 8.0 out of 10. IBM Security QRadar is most commonly compared to CrowdStrike Falcon: IBM Security QRadar vs CrowdStrike Falcon. IBM Security QRadar is popular among the large enterprise segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 24% of all views.

Helped 850,900 peers since 2012

Featured IBM Security QRadar reviews

Md. Shahriar Hussain

Information Security Analyst at Banglalink

There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Read full review

VuralSanal

Network and Security Architect at Deutsche Telekom

I think there is room for improvement with correlations in QRadar, especially in terms of customer logs. We receive logs from different types of devices and need a way to correlate them effectively. This would help identify critical or high-priority alarms in QRadar. Perhaps we are missing parameters in QRadar and need to double-check to enhance functionality.

Read full review

Maaz Khalid

Manager SOC at Rewterz

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days. When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment. We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems. We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services. The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

Read full review

IBM Security QRadar mindshare

Product category:

As of May 2025, the mindshare of IBM Security QRadar in the Security Information and Event Management (SIEM) category stands at 8.4%, down from 9.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on IBM Security QRadar reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	May 13, 2025	Download
Product	Reviews, tips, and advice from real users	May 13, 2025	Download
Comparison	IBM Security QRadar vs Splunk Enterprise Security	May 13, 2025	Download
Comparison	IBM Security QRadar vs Wazuh	May 13, 2025	Download
Comparison	IBM Security QRadar vs Microsoft Sentinel	May 13, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	126 interviews Add to research
Wazuh	3.7	13.9%	79%	46 interviews Add to research

Valuable Features

IBM Security QRadar is valued for ease of use, scalability, and integration. Users appreciate its real-time detection, log management, and data correlation capabilities. The platform's ability to create custom rules, seamless integration with third-party tools, and powerful dashboard features are highlighted. Its compliance monitoring, threat protection, and comprehensive security intelligence are also lauded. User behavior analytics and the integration of Watson AI further enhance its appeal for efficient threat detection and response.

"I would rate IBM Security QRadar nine out of ten."
"The dashboard is easy to use and easy to understand what's going on and what the alerts mean."
"My overall rating for this solution is nine out of ten."

Room for Improvement

IBM Security QRadar needs enhancements in user interface, integration, threat detection, and automated responses. The deployment process is complex, requiring multiple Java versions, and lacks support for many third-party tools. The pricing is high, and technical support requires improvement. Enhanced dashboard visualization and standard configurations for regulatory requirements are desired. Improved APIs for better integration and additional reporting templates would benefit users. Upgrades are cumbersome and cloud compatibility is limited.

"The costing part could be improved."
"There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement."
"We sometimes experience downtime, but it depends on the version. There is some variability."

ROI

IBM Security QRadar has been beneficial for many users, providing a good return on investment and valuable data. It is budget-friendly compared to other options and requires fewer resources to operate. Some users report significant long-term gains, likening it to an investment in security. While some haven't calculated exact returns, many have observed value from its deployment, appreciating its efficient resource management and ability to quickly address security incidents.

Pricing

IBM Security QRadar's pricing varies based on Events Per Second (EPS) but is generally considered high, particularly for small enterprises. Plural users note the licensing model can be complex, including recurring costs and additional fees for certain features. However, despite these costs, organizations find value in its capabilities and efficiency, often comparing it favorably to solutions like Splunk. Cost negotiations and discounts may be available, especially for larger enterprise clients.

"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace."
"The tool's price is high."

Popular Use Cases

IBM Security QRadar is primarily used for security monitoring, threat detection, and incident response. Users employ it for log management, user behavior analytics, and compliance with PCI and HIPAA. It allows integration with numerous security tools and provides real-time monitoring capabilities. Organizations benefit from its ability to manage logs from multiple devices like firewalls, routers, and switches. It supports threat analysis, user activity monitoring and assists in maintaining a proactive security posture.

Service and Support

IBM Security QRadar's customer service is generally regarded positively, though experiences with technical support vary. Support is available in multiple regions. While some rate their experience high, others note variability in responsiveness and knowledge depending on the agent. Common concerns include slow escalation and response times, reliance on lower-tier support, and the need for more local expertise. Many users prefer self-resolution through online resources due to these challenges.

Deployment

Many users describe IBM Security QRadar's initial setup as straightforward, likening it to installing an operating system. Some find it complex, requiring experienced personnel, especially when integrating various log sources and configuring complex environments. Users appreciate its automated log source detection and rapid deployment capability but note that customization and fine-tuning can extend setup duration. Deployment varies widely, from a few hours to several months, depending on organizational needs and infrastructure complexity.

Scalability

IBM Security QRadar demonstrates effective scalability, adapting well to varying organizational needs. Its distributed architecture allows for easy management and upgrades. Expanding requires simply licensing updates or hardware additions. There are minimal issues when properly configured with adequate specifications. Many organizations, from small to large enterprises, benefit from QRadar's flexibility. Additionally, its ability to manage increased loads, such as events per second, supports a range of user environments and geographic expansions.

Stability

IBM Security QRadar is generally considered stable, with most users reporting minimal problems. Stability issues often arise from misconfiguration or excessive log volume rather than QRadar itself. High availability configurations enhance robustness, though some users have faced issues during updates. Proper deployment and sizing are crucial for optimal performance. Users note that while patching can occasionally introduce minor disruptions, technical support is responsive. Instances of QRadar crashing or freezing are rare, ensuring reliability for users.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our IBM Security QRadar Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Educational Organization

24%

Computer Software Company

14%

Financial Services Firm

10%

Government

Manufacturing Company

University

Healthcare Company

Comms Service Provider

Energy/Utilities Company

Retailer

Real Estate/Law Firm

Construction Company

Media Company

Insurance Company

Non Profit

Hospitality Company

Outsourcing Company

Transportation Company

Performing Arts

Wholesaler/Distributor

Consumer Goods Company

Recreational Facilities/Services Company

Legal Firm

Pharma/Biotech Company

Compare IBM Security QRadar with alternative products

Learn more about IBM Security QRadar

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats.

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

Data processing and capture on any security event
Disaster recovery options and high availability
Scalability for large enterprises
SoftLayer cloud installation capability
Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

IBM Security QRadar was previously known as IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson.