Try our new research platform with insights from 80,000+ expert users
IBM Security QRadar Logo

IBM Security QRadar pros and cons

Vendor: IBM
4.0 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

IBM Security QRadar offers robust integration capabilities and scalability for efficient support across various enterprises. Its User Behavior Analytics and advanced threat detection enhance security. However, integration challenges with non-IBM products and high pricing concern tech buyers. Implementation complexity and storage limitations require skilled personnel, while technical support often lags. Despite machine learning benefits, performance issues with large log volumes pose operational challenges.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

IBM Security QRadar excels in integrating with other solutions, enhancing its functionality.
The scalability of IBM Security QRadar is highly praised, as it supports a wide range of enterprise sizes.
It is noted for its excellent threat detection and vulnerability management capabilities.
IBM Security QRadar's real-time threat detection and prioritization provide substantial value to organizations.
IBM Security QRadar's User Behavior Analytics and artificial intelligence integration significantly enhance its capability to detect and respond to threats.

CONS

IBM Security QRadar's technical support is criticized for being slow and not efficient, particularly when resolving complex issues, often requiring escalation beyond Level 1 staff.
The implementation and configuration of IBM Security QRadar are considered challenging and resource-intensive.
Enhancements for log integration and storage management in IBM Security QRadar are needed, especially to handle various application logs and to improve storage when thresholds are exceeded.
There is a need for IBM Security QRadar to improve collaboration and integration with other vendors and services, as integration issues often arise, particularly with non-American vendors.
Cost and licensing models for IBM Security QRadar are deemed high compared to competitors, prompting some users to explore alternative SIEM solutions.
 

IBM Security QRadar Pros review quotes

reviewer1827399 - PeerSpot reviewer
Jul 29, 2024
The most valuable feature of the solution is its ability to rectify a situation involving any anomalies expeditiously.
Read full review
ST
Aug 6, 2021
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.
Read full review
AS
Jan 14, 2021
We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.
Read full review
Buyer's Guide
IBM Security QRadar
October 2025
Free Report: IBM Security QRadar Reviews and More
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.
DOWNLOAD NOW
872,922 professionals have used our research since 2012.
MM
Aug 1, 2024
Regarding the tool's ability to maintain high-security standards, I rate it ten out of ten.
Read full review
reviewer1598412 - PeerSpot reviewer
Sep 7, 2021
What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.
Read full review
Artur Marzano - PeerSpot reviewer
Nov 20, 2020
The rule engine is very easy to use — very flexible.
Read full review
reviewer1609413 - PeerSpot reviewer
Jun 24, 2021
Customer service is very good and very helpful.
Read full review
reviewer1409433 - PeerSpot reviewer
May 12, 2022
There are other third-party plugins that we can use.
Read full review
it_user1369023 - PeerSpot reviewer
Dec 1, 2020
It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool.
Read full review
MC
Oct 1, 2025
The integration of third-party technologies with IBM Security QRadar is one of the high points they have; they integrate with almost anybody, anywhere, and there's an integrator tool for almost anything.
Read full review
Show 10 more reviews (out of 172)
 

IBM Security QRadar Cons review quotes

reviewer1827399 - PeerSpot reviewer
Jul 29, 2024
Communication between the silos sometimes becomes an issue, making it an area where improvements are required.
Read full review
ST
Aug 6, 2021
I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that.
Read full review
AS
Jan 14, 2021
There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.
Read full review
Buyer's Guide
IBM Security QRadar
October 2025
Free Report: IBM Security QRadar Reviews and More
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.
DOWNLOAD NOW
872,922 professionals have used our research since 2012.
MM
Aug 1, 2024
The solution does not support the integration of flat file databases.
Read full review
reviewer1598412 - PeerSpot reviewer
Sep 7, 2021
The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue.
Read full review
Artur Marzano - PeerSpot reviewer
Nov 20, 2020
The user interface is a bit clunky, a bit hard to find what you need.
Read full review
reviewer1609413 - PeerSpot reviewer
Jun 24, 2021
The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix.
Read full review
reviewer1409433 - PeerSpot reviewer
May 12, 2022
The AQL queries could be better.
Read full review
it_user1369023 - PeerSpot reviewer
Dec 1, 2020
A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.
Read full review
MC
Oct 1, 2025
We are considering some roadmaps to get out of IBM Security QRadar right now; that's the truth.
Read full review
Show 10 more reviews (out of 171)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
User Entity Behavior Analytics (UEBA)
Endpoint Detection and Response (EDR)
Security Orchestration Automation and Response (SOAR)
Managed Detection and Response (MDR)
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs IBM Security QRadar Logo
CrowdStrike Falcon vs IBM Security QRadar
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Microsoft Defender for Endpoint vs IBM Security QRadar Logo
Microsoft Defender for Endpoint vs IBM Security QRadar
Fortinet FortiEDR vs IBM Security QRadar Logo
Fortinet FortiEDR vs IBM Security QRadar
Dynatrace vs IBM Security QRadar Logo
Dynatrace vs IBM Security QRadar
Datadog vs IBM Security QRadar Logo
Datadog vs IBM Security QRadar
Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Darktrace vs IBM Security QRadar Logo
Darktrace vs IBM Security QRadar
SentinelOne Singularity Complete vs IBM Security QRadar Logo
SentinelOne Singularity Complete vs IBM Security QRadar
Microsoft Defender XDR vs IBM Security QRadar Logo
Microsoft Defender XDR vs IBM Security QRadar
Cortex XDR by Palo Alto Networks vs IBM Security QRadar Logo
Cortex XDR by Palo Alto Networks vs IBM Security QRadar
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Grafana Loki vs IBM Security QRadar Logo
Grafana Loki vs IBM Security QRadar
Tanium vs IBM Security QRadar Logo
Tanium vs IBM Security QRadar
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
User Entity Behavior Analytics (UEBA)
Endpoint Detection and Response (EDR)
Security Orchestration Automation and Response (SOAR)
Managed Detection and Response (MDR)
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs IBM Security QRadar Logo
CrowdStrike Falcon vs IBM Security QRadar
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Microsoft Defender for Endpoint vs IBM Security QRadar Logo
Microsoft Defender for Endpoint vs IBM Security QRadar
Fortinet FortiEDR vs IBM Security QRadar Logo
Fortinet FortiEDR vs IBM Security QRadar
Dynatrace vs IBM Security QRadar Logo
Dynatrace vs IBM Security QRadar
Datadog vs IBM Security QRadar Logo
Datadog vs IBM Security QRadar
Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Darktrace vs IBM Security QRadar Logo
Darktrace vs IBM Security QRadar
SentinelOne Singularity Complete vs IBM Security QRadar Logo
SentinelOne Singularity Complete vs IBM Security QRadar
Microsoft Defender XDR vs IBM Security QRadar Logo
Microsoft Defender XDR vs IBM Security QRadar
Cortex XDR by Palo Alto Networks vs IBM Security QRadar Logo
Cortex XDR by Palo Alto Networks vs IBM Security QRadar
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Grafana Loki vs IBM Security QRadar Logo
Grafana Loki vs IBM Security QRadar
Tanium vs IBM Security QRadar Logo
Tanium vs IBM Security QRadar
See all alternatives
Related questions
  • 49
Which would you recommend to your boss, IBM QRadar or Splunk?
  • 104
What SOC product do you recommend?
  • 57
Has anyone got experience in deployment of a SIEM solution?
  • 62
IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
  • 40
What is your opinion of IBM QRadar?
  • 54
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
  • 53
Why do most companies prefer IBM QRadar?
  • 145
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 64
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 78
What are the main differences between Nessus and Arcsight?