I use IBM Security QRadar to collect logs, analyze them, and share details. When I began investigating incidents and working with the SOC team, I was using IBM Security QRadar.

IBM Security QRadar has been a game-changer for our SOC at Kantar. It pulls everything together—logs from endpoints, networks, you name it—letting us spot threats faster and cut down response times by about 40% on stuff like phishing alerts and endpoint issues across our 6,000 machines.

IBM Security QRadar offers a wide range of powerful features. During phishing-related investigations, it greatly assists from an analyst’s investigation point of view. A core capability of IBM Security QRadar is visibility — it collects and normalizes logs and network flow events from multiple tools. It can ingest logs from almost any source. Its advanced, modular architecture supports real-time log collection from diverse systems, making it well-suited for environments using platforms such as CrowdStrike, Microsoft Defender, Trend Micro, and Symantec.

These features are highly beneficial in our environment because, from a security perspective, proper log collection and management are crucial. QRadar streamlines SOC operations by automating alert triggers and providing unified visibility across multiple environments, which enhances our team’s ability to handle phishing and EDR alerts effectively. The shift handover capability is another valuable feature of IBM Security QRadar. Real-time log normalization and its advanced analytics engine help reduce high-risk alerts and false positives by up to 50%.

From an analyst’s perspective, threat hunting and groundwork during rotational shifts, combined with SOAR playbook automation, enable efficient endpoint isolation and quarantine actions. IBM Security QRadar also features a custom rules engine that allows analysts to create dynamic rules using AQL, targeting niche threats such as suspicious domains, all without vendor lock-in. Unlike rigid EDR policies, its petabyte-scale indexing efficiently handles massive event-per-second (EPS) volumes without performance degradation, making it ideal for expanding enterprise environments compared to lighter SIEM solutions.

IBM Security QRadar needs improvement in several areas. It should be better integrated with AI, as L1 analysts often deal with noisy rules that require constant fine-tuning. Smarter, out-of-the-box analytics — comparable to CrowdStrike’s low false-positive performance — would significantly enhance efficiency. Additionally, a more intuitive and customizable dashboard would provide better visibility, making it easier to identify available options and streamline operations.

The QRadar mobile app also requires upgrades, as it currently lags behind with limited incident (offense) visibility and lacks push alerts for high-severity events. This becomes challenging during shift rotations. Adding an option for bulk offense closure with multi-select capabilities and predefined reason templates would save time, as manual tagging is currently cumbersome. These improvements are essential for optimizing the overall analyst experience.

I have used IBM Security QRadar for more than two years.

QRadar scales like a champ for our setup—handles petabyte-scale data

Good

Yeah, before QRadar, we were piecing things together with a mix of Microsoft Defender for logs from endpoints and some basic syslog forwarding from Trend Micro Deep Security, but it wasn't a full SIEM—just siloed tools that made correlation a nightmare.

complex

consultant

I can say that almost 35% of time is reduced, specifically 30 to 35% time reduction.

We looked at Splunk and Azure Sentinel as main alternatives before landing on QRadar—Splunk for its search power and Sentinel since we're heavy on Azure.

I recommend IBM Security QRadar because it is a trusted IBM product that many organizations and financial institutions use for its strong visibility and analytical capabilities. I have had a great experience working with IBM Security QRadar. From what I know, most SOC professionals agree that once you gain experience with QRadar, adapting to any other SIEM tool becomes much easier. Overall, I would rate my experience with IBM Security QRadar highly due to its robust features and wide industry adoption.

My main use case for IBM Security QRadar is building a SOC with IBM Security QRadar as a SIEM.

I use IBM Security QRadar in my SOC operations as an information security management, security and event management tool, to correlate events and build use cases for incident response.

My main use case helps us to deep dive into the logs and correlate events from many other products like firewalls, endpoints, and also a lot of products.

The best features IBM Security QRadar offers include vulnerability management, a powerful integration, and being a stable product. The vulnerability management feature helps to build an asset library for our organization, and with integrations, we can integrate this vulnerability with other ticketing systems to discover new vulnerabilities and build a patch management for it.

IBM Security QRadar has positively impacted my organization by allowing me to get offenses and threats into our organization, helping me to discover the real threats attacking our organization. The real threats that IBM Security QRadar helps us with are provided as offenses, real offenses with real examples that allow us to discover new offenses and assist in closing these offenses.

IBM Security QRadar can be improved; perhaps IBM support needs improvement in fast response and also the team response.

I have been using IBM Security QRadar for about nine years.

IBM Security QRadar is stable.

IBM Security QRadar's scalability is great; you can have a new collector to deploy if you have increased EPS per second.

Customer support for IBM Security QRadar needs improvement.

I have not used a different solution before IBM Security QRadar; this is my first use.

I have seen a return on investment; I can share that it includes time saved, money saved, and fewer employees needed.

My experience with pricing, setup cost, and licensing is great compared to the other vendor.

I did not evaluate other options before choosing IBM Security QRadar.

IBM Security QRadar is stable and has great support.

I advise others looking into using IBM Security QRadar that it is really helpful for building a SOC and to get a deep dive into your real threats at the earliest time. I have given this product a review rating of 10.

I’m working with the on-prem version of IBM Security QRadar. We initially deployed it with the help of IBM’s professional services for a client, but now we handle deployments ourselves. The process is quite straightforward for us because we gained knowledge from our first implementation and used the available documentation. Deployment takes a couple of hours the first time, including configuration and integration with third-party devices. I usually work with a colleague, so two people handle the deployment. Our environment is well-suited for this, and we’re using it on a virtual appliance. The experience has been smooth and efficient.

We are promoting QRadar to various financial institutions, including banks and microfinances, as a superior option compared to other vendors like Fortinet. While some institutions are using other solutions, we are encouraging them to switch to QRadar for better security.

We monitor tweets and other activities on the IBM Security QRadar portal. Once, we noticed unusual traffic patterns, like tweets triggering alerts, and we blocked that traffic. We also detected some security issues on the APM through the portal, which was a great experience. As for integration, we’ve successfully integrated QRadar with other security products like Cisco, Fortinet, and Check Point. Initially, we worked with IBM’s professional services to guide us through the integration process, and after that, we were able to follow their steps to integrate third-party devices ourselves.

QRadar has a significant impact on operational costs for clients. For example, we’re recommending QRadar to several banks due to its effectiveness in handling high traffic and preventing scams. The banks we’ve worked with are very satisfied and are encouraging others to deploy QRadar as well.

I think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems.

In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption.

I have been using IBM Security Qradar for last one years.

As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money.

Overall, I would rate IBM QRadar as a ten.