No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer1846212 - PeerSpot reviewer
IM Operations Manager at a tech services company with 1,001-5,000 employees
Real User
Apr 27, 2022
Reliable, suitable for large enterprises, but could be more user-friendly
Pros and Cons
  • "IBM QRadar Advisor with Watson is a stable solution."
  • "IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the phishing attacks that we are seeing prevalent in the market, and the use cases are very practical, offering quite a bit of protection."
  • "IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
  • "It is not a reporting tool. It is the worst possible tool to ever expect any reporting."

What is our primary use case?

IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.  

What needs improvement?

IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.

Massive improvement is required in reporting. IBM QRadar Advisor with Watson is not a tool that is known for its reporting capability. It's a highly operational tool that you use for monitoring, you can sit and you can watch your alerts, whether it's flows or EPS, and you set up your playbooks directly. It is not a reporting tool. It is the worst possible tool to ever expect any reporting. It's unfortunate it's not a great reporting tool.

In a future release, there could be a bit more intelligence in terms of predictive accuracy and overall predictions. I haven't been too close in the last two, three, or four months, but I certainly would expect that their technology would be simplified to provide predictive analytics as opposed to retrospective looking back and analyzing past historic data.

For how long have I used the solution?

I have been using IBM QRadar Advisor with Watson for approximately 10 years.

What do I think about the stability of the solution?

IBM QRadar Advisor with Watson is a stable solution.

Buyer's Guide
IBM Security QRadar
June 2026
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,147 professionals have used our research since 2012.

What do I think about the scalability of the solution?

IBM QRadar Advisor with Watson is best suited for large enterprises.

How are customer service and support?

The support from IBM is not great at all. They can offer much better aftermarket support. They don't respond in a timely manner and it's such a challenge to have IBM respond. You have to follow their due diligence process when logging a call on their portal, you need access to their portal, and you have to provide detailed logs, et cetera. If their problem is always about integration, they have to get to the vendors. They can always enhance their support.

I would rate the support from IBM QRadar Advisor with Watson a two out of five.

They do respond but it depends on many factors, such as urgency. When we had an issue with Microsoft integration it took us six weeks to have a solution to the problem.

How was the initial setup?

IBM QRadar Advisor with Watson's initial setup is not straightforward. You have to set up your network infrastructure, IP range, and firewalls, and make sure everything is secure. There's nothing easy about that.

What about the implementation team?

You need application and hardware leads, firewall administrators, network engineers, and server administrators to complete the implementation.

What other advice do I have?

My advice to others is to shop around because IBM QRadar Advisor with Watson is not for small enterprises, it's aimed at your larger environments that have a multitude of infrastructure and networks that are hybrid across different environments. It integrates into quite a few tools, such as your email system, and file systems. 

This tool is not for everybody. IBM doesn't have the sort of tool that helps a five, ten, or twenty user environment. This is not advisable to go and invest in the solution. There are other tools that you could possibly look at that do probably some of the functions in terms of monitoring your playbooks and integration points that are a little bit easier to map to. However, that is not a tool for every organization out there. The solution is targeting major enterprises.

I rate IBM QRadar Advisor with Watson a seven out of ten.

There are quite a few areas they could improve, such as they have a lot of technical manual configs and orchestration could be better.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Muhammad Ali Aziz - PeerSpot reviewer
Senior Manager Cyber Security Services & Solutions at Trillium
Real User
Apr 6, 2022
A User Behavior Analytics (UBA) solution with useful out-of-the-box rules and use cases, but functionality should be more integrated
Pros and Cons
  • "I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
  • "IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."

What is most valuable?

I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.

What needs improvement?

IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on. 

For how long have I used the solution?

We have been using IBM QRadar User Behavior Analytics for about four years.

What do I think about the stability of the solution?

Stability is good, but the investigation system should be better.

What do I think about the scalability of the solution?

IBM QRadar User Behavior Analytics is scalable. You have the EPS and closed license. I think scalability is not an issue because it is available on both the hardware and the software. You can install the software plans if you want, and there is also a hardware plan.

How are customer service and support?

Their technical support is good. I have not faced any issues before, and the technical support is good.

What other advice do I have?

I will recommend this solution to potential users.

On a scale from one to ten, I would give IBM QRadar User Behavior Analytics a seven. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
IBM Security QRadar
June 2026
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,147 professionals have used our research since 2012.
reviewer1305144 - PeerSpot reviewer
Technical Presales at a tech services company with 1,001-5,000 employees
MSP
Mar 1, 2022
Scalable with excellent security analytics
Pros and Cons
  • "This solution has excellent security analytics."
  • "I would recommend this solution to everyone considering using it."
  • "I think that the search speed of this solution could be improved."

What is our primary use case?

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

What is most valuable?

This solution has excellent security analytics.

What needs improvement?

I think that the search speed of this solution could be improved.

What do I think about the scalability of the solution?

This is a scalable solution, we have customers who have scaled.  

How was the initial setup?

The initial setup is very easy and takes just one day.

What other advice do I have?

I would recommend this solution to everyone considering using it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at a tech services company with 11-50 employees
Real User
Top 5
Feb 15, 2022
Beneficial portfolio, reliable, and integrates well
Pros and Cons
  • "IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
  • "The solution could improve by having more out-of-the-box use cases."

What is our primary use case?

IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.

What is most valuable?

IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration.

What needs improvement?

The solution could improve by having more out-of-the-box use cases.

For how long have I used the solution?

I have been using IBM QRadar User Behavior Analytics for approximately two years.

What do I think about the stability of the solution?

IBM QRadar User Behavior Analytics is stable.

What do I think about the scalability of the solution?

I have found IBM QRadar User Behavior Analytics to be scalable.

We have approximately 15 clients using this solution.

How are customer service and support?

The support is satisfactory.

How was the initial setup?

The implementation was not easy and was not difficult, it was in the middle.

The full implementation can take approximately two to three months.

What about the implementation team?

We have three people that are supporting IBM QRadar User Behavior Analytics.

What's my experience with pricing, setup cost, and licensing?

There is an annual license required for this solution.

What other advice do I have?

I rate IBM QRadar User Behavior Analytics an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1136397 - PeerSpot reviewer
Team Lead - Information Security at a computer software company with 10,001+ employees
Real User
Feb 6, 2022
Easy to set up and reliable, with a simple user-interface
Pros and Cons
  • "We've found the solution to be scalable."
  • "The simple user access model, or the user interface, is something that is very helpful."
  • "The IBM support can be better. It's an aspect that needs improvement."

What is our primary use case?

The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.

What is most valuable?

The simple user access model, or the user interface, is something that is very helpful.

The initial setup is not too difficult. 

So far, we have found the product to be stable. 

We've found the solution to be scalable.

What needs improvement?

The IBM support can be better. It's an aspect that needs improvement. 

In future iterations, I'd like to see an advance in office management, the out-of-the-box use cases that are provided. That needs to be part of the requirement.

What do I think about the stability of the solution?

It's a stable solution. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The solution scales well.

We have 45,000 users on the solution right now. 

We do plan to increase usage soon. 

How are customer service and support?

We've dealt with technical support in the past and it was lacking. 

They have provided dedicated time to us, to work on the issue that we are observing right now.

Which solution did I use previously and why did I switch?

We did not use a different solution. We chose this due to the fact that it's an industry-accepted solution. The use cases are easy to configure in multiple things that we considered important while taking the solution.

How was the initial setup?

The deployment was easy. It wasn't overly complex.

It took me around six months to do the implementation. 

What about the implementation team?

We handled the deployment with the assistance of a vendor partner. 

What's my experience with pricing, setup cost, and licensing?

I can't speak to the exact pricing. I've never looked at its commercial costs. 

Which other solutions did I evaluate?

We did consider other options before choosing this product.

What other advice do I have?

We are a preferred partner of IBM.

I'd rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
UzairKhan - PeerSpot reviewer
Business General Manager at Mutex Systems
Reseller
Top 5
Feb 5, 2022
Good logging, reporting, support, and integration with GRD
Pros and Cons
  • "The most valuable feature is the integration with the GRD, for banking."
  • "Overall, IBM QRadar is very good but no product is perfect."
  • "The advanced planning management (APM) features should be included."

What is our primary use case?

We are a solution provider and QRadar is one of the products that we implement for our customers.

The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.

The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.

Endpoints are not included for most of the clients.

What is most valuable?

The most valuable feature is the integration with the GRD, for banking.

What needs improvement?

The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.

What do I think about the stability of the solution?

We have not faced any issues in terms of stability.

What do I think about the scalability of the solution?

This is a scalable product. 

How are customer service and support?

The support from IBM is okay. I would rate them a four out of five.

How was the initial setup?

The initial setup is not very complex. My team has hands-on experience with the product, which is perhaps why they do not complain about its complexity.

The distributor helped us a lot, which is something that we appreciate.

What about the implementation team?

We implement this product for our clients.

Which other solutions did I evaluate?

There are competing products but IBM is a well-known brand so for the most part, we offer IBM QRadar to our clients.

What other advice do I have?

Overall, IBM QRadar is very good but no product is perfect.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Implementer
PeerSpot user
reviewer1022949 - PeerSpot reviewer
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Real User
Jan 26, 2022
Stable SIEM that offers strong visibility
Pros and Cons
  • "It is a very good SIEM."
  • "I think it's a very stable product that provides much more visibility than the other product."
  • "I am unable to pick one, every component is valuable."
  • "I would like for Yara to be supported by all components."
  • "Customer support needs some improvement as there have been a few cases where we were unable to reach them in time."

What is our primary use case?

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

What is most valuable?

I am unable to pick one, every component is valuable. It is a very good SIEM.

What needs improvement?

I would like for Yara to be supported by all components. 

For how long have I used the solution?

I have been working with this product for the last five years.

What do I think about the stability of the solution?

I think it's a very stable product that provides much more visibility than the other product.

What do I think about the scalability of the solution?

You can scale the architecture of the QRadar easily by adding licenses.

Small to medium-sized organizations would require one to two people for maintenance while man power for large organizations would be determined by the architecture. 

How are customer service and support?

Customer support needs some improvement as there have been a few cases where we were unable to reach them in time.

How was the initial setup?

I didn't find it to be complex. I think IBM QRadar has a more user-friendly GUI that helps your team work easily within it. Deployment for an all in one will take four to five hours but can vary depending on environment size.

What about the implementation team?

Our in-house team assists our customers with deployment. Our customers are the main POC and we are able to deploy into their environment, make necessary integrations, and create the rules.

What's my experience with pricing, setup cost, and licensing?

Licensing can be costly depending on your architecture.

What other advice do I have?

You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. 

The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases.

I would rate this an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1026825 - PeerSpot reviewer
Certified AIX I.T Manager at a financial services firm with 10,001+ employees
Real User
Jan 6, 2022
Easy to use and useful for preparing use cases
Pros and Cons
  • "The most important and valuable feature of QRadar is how useful it is for preparing use cases."
  • "The GUI of QRadar should be improved."

What is our primary use case?

We primarily use QRadar for monitoring and preparing use cases. 

This solution is deployed on-prem. 

What is most valuable?

The most important and valuable feature of QRadar is how useful it is for preparing use cases. It's also easy to use. 

What needs improvement?

The GUI of QRadar should be improved. 

For how long have I used the solution?

I have been using IBM QRadar for one year. 

What do I think about the stability of the solution?

QRadar is stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

I have contacted IBM's technical support—it was great. They are very knowledgeable. 

How was the initial setup?

QRadar is very easy to install, and I can do it myself. The time period will depend on the organization itself, since it depends on the environment and the number of servers and endpoints. 

What about the implementation team?

I implemented this solution myself. 

What's my experience with pricing, setup cost, and licensing?

I pay for licensing yearly. 

Which other solutions did I evaluate?

I also evaluated a lot of SIEM solutions, but I like LogRhythm and QRadar. 

What other advice do I have?

I rate QRadar an eight out of ten. I would recommend QRadar, as well as LogRhythm, to others considering implementation. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
it_user1749921 - PeerSpot reviewer
Head Of Sales at Cascade Solutions Inc
Real User
Jan 4, 2022
Modular product that sets up a clear roadmap
Pros and Cons
  • "Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
  • "From a sales perspective, IBM QRadar is very competitive when it comes to prices."
  • "Each module requires a separate license and a separate cost."
  • "However, when it comes to IBM, they consider each module as a separate license with a separate cost."

What is most valuable?

From a sales perspective, IBM QRadar is very competitive when it comes to prices. It's a flexible and valuable product. It has a good edge in the region and good references as well. You can easily capitalize and upsell on whatever you sold previously.  It's a modular product, so you can set up a roadmap and plan for your customers. This is one of the main advantages of QRadar.

What needs improvement?

Right now, there are a lot of solutions in the market that consider themselves next-gen SIEM solutions, like AzureVM. IBM QRadar can be revised considering the competition, market segment, references, and the maintenance of the landscape.

Some modules can be shared as embedded within the same solution because this would be a compelling edge versus others. When it comes to other products, like LogRhythm for example, they can consider the SOAR and the threat Intel embedded with the SIEM Solution licenses. However, when it comes to IBM, they consider each module as a separate license with a separate cost. So it doesn't make sense to compete if the customer isn't convinced with IBM, because you'd have tough competition when it comes to financials.

For how long have I used the solution?

I have been using QRadar for more than five to six years.

What do I think about the stability of the solution?

IBM QRadar is a stable product.

What other advice do I have?

I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer952638 - PeerSpot reviewer
Information Security Leader at a computer software company with 1,001-5,000 employees
Real User
Nov 29, 2021
Manage and review incidents easily
Pros and Cons
  • "The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
  • "The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."

What is our primary use case?

We use IBM QRadar for user behavior analytics and incident handling.

What is most valuable?

The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.

What needs improvement?

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

For how long have I used the solution?

I have been using IBM QRadar for four years.

What do I think about the scalability of the solution?

We have three customers using it and these customers have 100 to 300 users.

How are customer service and support?

Getting support sometimes takes time.

How was the initial setup?

The initial setup was quite straightforward.

We had the complete deployment and it was up and running in half a day.

What about the implementation team?

You can implement it by yourself.

What other advice do I have?

I would recommend IBM QRadar to other people who want to start using it.

On a scale of one to ten, I would give QRadar a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros sharing their opinions.