Listing Thumbnail

    IBM Security QRadar Suite Software: SIEM & SOAR

     Info
    Deployed on AWS
    The threat detection and response suite built to help your security teams outsmart threats with speed, accuracy and efficiency. IBM Security QRadar SIEM (Classic) and QRadar SOAR are customer deployed software.

    Overview

    Threats are increasing in volume and sophistication at a staggering pace. Real-time monitoring and visibility are required to detect threats like ransomware, insider threats, and cloud attacks before they cause disruption.

    IBM Security® QRadar® Suite is a modernized threat detection and response solution designed to unify the security analyst experience and accelerate their speed across the full incident lifecycle. The portfolio is embedded with enterprise-grade AI and automation to dramatically increase analyst productivity, helping resource-strained security teams work more effectively across core technologies.

    IBM Security QRadar SIEM (Classic): Market-leading Security Information and Event Management (SIEM) solution enables you to run your business in the cloud and on premises with visibility and security analytics built to rapidly investigate and prioritize critical threats.

    IBM Security QRadar SOAR: Recent winner of a Red Dot Design Award for interface and user experience, QRadar SOAR helps organizations automate and orchestrate incident response workflows and ensure their specific processes are followed in a consistent, optimized and measurable way.

    For more information, visit https://www.ibm.com/qradar 

    For customized QRadar SIEM (Classic) / QRadar SOAR pricing or if you are interested in additional product capabilities such as Threat Intelligence, Data Explorer, or EDR - contact your IBM Sales Representative or email us at SecurityOrdersAWS@wwpdl.vnet.ibm.com .

    Highlights

    • Find the right size for your solution and estimate your IBM QRadar SIEM (Classic Software) price: https://www.ibm.com/qradar/security-qradar-siem/pricing?mpid=aws
    • Gain centralized visibility across AWS and hybrid cloud environments via a single pane of glass. Leverage deep integrations with AWS security services including AWS Security Hub, CloudTrail, GuardDuty, Network Firewall, WAF, Amazon Detective, CloudWatch, VPC Flow Logs and more.
    • Correlate data across users, networks, and AWS native services to gain deep insights into key threats including cloud misconfigurations, policy changes and suspicious user activity. Connect related events to ensure teams only receive a single alert for an incident.

    Details

    Delivery method

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    IBM Security QRadar Suite Software: SIEM & SOAR

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (2)

     Info
    Dimension
    Description
    Cost/12 months
    QRadar SIEM
    500 Events Per Second, 10000 Flows Per Minute
    $12,074.40
    QRadar SOAR
    2 Authorized Users
    $22,704.00

    Vendor refund policy

    All orders are non-cancellable and all fees and other amounts that you pay are non-refundable. If you have purchased a multi-year subscription, you agree to pay the annual fees due for each year of the multi-year subscription term.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    For Sales Inquiries Contact: SecurityOrdersAWS@wwpdl.vnet.ibm.com  To contact IBM Security QRadar Suite Software support:

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    100
    In Log Analysis
    Top
    25
    In Data Security and Governance
    Top
    10
    In Data Analysis

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    1 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Threat Detection and Analytics
    Advanced security information and event management (SIEM) solution with real-time monitoring and threat detection capabilities
    Cloud Security Integration
    Deep integration with AWS security services including Security Hub, CloudTrail, GuardDuty, Network Firewall, and VPC Flow Logs
    Incident Response Automation
    Enterprise-grade AI and automation to orchestrate and streamline incident response workflows across security technologies
    Event Correlation
    Ability to correlate data across users, networks, and cloud services to provide comprehensive threat insights and minimize alert fatigue
    Multi-Environment Monitoring
    Unified security analytics platform supporting monitoring and visibility across cloud and on-premises infrastructure
    Log Aggregation and Monitoring
    Monitors entire IT environment by ingesting logs from CloudTrail, GuardDuty, EC2 network traffic, multiple AWS accounts, cloud services, on-premises networks, and remote endpoints
    Threat Detection Analytics
    Utilizes user and attacker behavior analytics with 900+ out-of-the-box detections and community threat intelligence to minimize false alarms
    Compliance Monitoring
    Supports log, event, and File Integrity Monitoring (FIM) requirements for compliance frameworks like PCI, HIPAA, and GDPR
    Advanced Defense Mechanisms
    Implements layered security defenses through honeypots, honey credentials, and honey files to detect potential intrusions
    Investigation Capabilities
    Provides detailed log timelines and automated response workflows to cut investigation times and enable rapid incident response
    Log Analysis
    Real-time security log processing and analysis of terabytes of raw logs per day using cloud-native architecture
    Detection Methodology
    Detection-as-code implementation using Python programming language for threat detection rules
    Cloud Log Integration
    Native integrations with AWS log sources including S3, CloudTrail, and VPC Flow Logs
    Security Data Lake
    Transforms raw log data into structured security data lake for comprehensive threat investigation and incident response
    Scalable Architecture
    Highly scalable data lake infrastructure designed for processing and querying large volumes of security logs efficiently

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.5
    1 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    100%
    0%
    0%
    0%
    1 AWS reviews
    |
    20 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Mauricio Campiglia

    Has supported threat monitoring and data collection but needs to improve usability and feature growth

    Reviewed on Oct 01, 2025
    Review provided by PeerSpot

    What is our primary use case?

    We use IBM Security QRadar  to monitor, and it's our main source of information. It's our main SIEM  platform for our SOC, and we've collected everything on that platform.

    We don't use IBM Security QRadar 's Risk Manager; mainly, it was our main tool to collect information and conduct some analytics on logs and events. That's the primary use case we've been utilizing.

    What is most valuable?

    The best features of IBM Security QRadar are that it's pervasive. You can have IBM Security QRadar in the dust quite easily, and almost everybody knows the platform. Almost nobody's going to say you bought the wrong SIEM  if you buy IBM Security QRadar.

    The integration of third-party technologies with IBM Security QRadar is one of the high points they have. They integrate with almost anybody, anywhere. There's an integrator tool for almost anything. Everybody talks with IBM Security QRadar because they were the SIEM name of the game, at least in this country. So the integration part is one of their key advantages.

    Long ago, IBM Security QRadar enabled us to have some analytics pre-thought for us. When we started with our SOC, we used some log collectors and other tools, and IBM Security QRadar gave us the advantage of having some analytics pre-considered for us. However, that was long ago. It has become just a log and events collector and our main repository of security events.

    What needs improvement?

    As far as reliability, security, and how it operates, I think it's because they hit first on the market, and then they built upon that, our name alongside the IBM name. Those are the reasons. It's quite awkward to use the platform; it's not intuitive, the learning curve is quite deep, and I really don't understand why it was so pervasive. However, if you have to sell managed security services to some people that use a SIEM, more than half the time you end up with an IBM Security QRadar platform on the other side. The other half you end up with WSO2, at least in Latin America.

    I haven't tried IBM Security QRadar's AI and machine learning capabilities for threat detection and response fully enough to evaluate them yet.

    We've been building our SOAR  capabilities with other tools, and we haven't used IBM Security QRadar's Analytics Engine for automating SOC tasks.

    We are not using it as we used to, and I think that advantage is fading out, particularly after the selling of the product to Palo Alto. We are considering some roadmaps to get out of IBM Security QRadar right now; that's the truth.

    For how long have I used the solution?

    We have been using IBM Security QRadar since pre-pandemic; I think maybe 10 to 12 years right now.

    How are customer service and support?

    I find IBM support to be nice. However, as a former IBMer, I may have had some advantages in getting support because I had some contacts. The support information is correct; you get to the information and access the technical documents you need because the information is there, and they used to care about their product. I don't know how it's going to be once the program is fully under Palo Alto's management.

    For the support team, I would rate IBM support an eight, a solid eight. With the support we used to have within IBM, it was good.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    Setting up IBM Security QRadar is difficult; it has a deep learning curve for the analysts, and there are several hurdles to handle to get IBM Security QRadar running on your infrastructures. On the other hand, once you connect the dots, they keep sending the information, and you can continue getting those events.

    What's my experience with pricing, setup cost, and licensing?

    The pricing, setup cost, or licensing with IBM Security QRadar was costly. It was costly mainly for the things we used to use it for. The customers used to pay the price, but it was one of the problems to onboard some people with IBM Security QRadar. It was costly mainly because of the value you can get right now compared to other solutions.

    What other advice do I have?

    We are thinking about moving outside of IBM Security QRadar ecosystem due to cost and the belief that some functionalities of new SIEM platforms are surpassing IBM Security QRadar. We think they are not keeping pace with SIEM, which makes it harder for them to differentiate their product or compete against others that are cheaper and easier to deploy.

    If you had asked me this question five or seven years ago, I would have given it a solid 10, maybe a nine, but today I believe they are losing track of that. The overall rating for IBM Security QRadar is seven out of ten.

    We were partners when they were under IBM. We've been in an IBM program of MSSP  for Latin America, so we were partners of IBM Security QRadar when it was within IBM. However, with the selling to Palo Alto this year, we lost that partnership and are now just customers of a reseller.

    We operate the platform for our customers. We don't have IBM Security QRadar for our own use.

    Jwal Patel

    User-friendly interface facilitates quick adaptation and effective threat response

    Reviewed on Aug 29, 2025
    Review from a verified AWS customer

    What is our primary use case?

    For incident investigating, IBM Security QRadar  is used for logs and management. We get all the traffic from there, which gets logged in our system, and then we investigate it.

    What is most valuable?

    There are many things I appreciate about IBM Security QRadar . I haven't used any other SIEM  before IBM Security QRadar, so for me, it is perfect. Sometimes it takes time to load queries, but other than that, it performs excellently.

    I would assess IBM Security QRadar's AI and machine learning capabilities as very helpful for threat detection and response. You have to fine-tune it sometimes with your own investigation, as sometimes they give false alerts about our system.

    You have to put your own exceptions inside it, and then they won't give you another ticket about those false incidents.

    What needs improvement?

    Sometimes it takes time to load queries, but other than that, it performs excellently.

    For how long have I used the solution?

    Personally, I have been using IBM Security QRadar for four months, but my company has been using it for three years.

    How are customer service and support?

    I would rate their support an 8.5 with IBM. The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it. If there is something bad going on or something faulty with IBM Security QRadar, when you reach out to them, they reply in 10 to 20 minutes.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I haven't used any other SIEM  before IBM Security QRadar.

    What other advice do I have?

    I deal with products such as IBM or Elastic solutions. I have experience with IBM Security QRadar, but not with Elastic; however, we are trying to get into Elastic.

    We use many different cloud providers as our main cloud provider. AWS  is one of those. We did not purchase the IBM Security QRadar product through AWS Marketplace ; that's handled by our IT team.

    I work in a dealership industry, specifically in home hardware. It is easy to use; I wasn't familiar with it, but after getting one-on-one training with my senior, I was able to use it very efficiently and learned it quickly.

    We use IBM Security QRadar's Risk Manager, but I don't use it directly as it's related to my senior. I investigate it, but those procedures are based on my senior's decisions. I have not used IBM Security QRadar's analytics engine for automating SOC tasks.

    The integration of third-party technologies with IBM Security QRadar's open architecture is good; it integrates with other solutions efficiently. I have used it with many different platforms such as SentinelOne and ExtraHop, and it integrates effectively.

    My company are customers with IBM. The overall rating for IBM Security QRadar is 9 out of 10.

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Mahmoud Younes

    Reliable installation and diverse use cases provide strong value

    Reviewed on May 20, 2025
    Review provided by PeerSpot

    What is our primary use case?

    Most of the use cases are based on MITRE ATT&CK, such as phishing email, DDoS attack, privilege escalation, all MITRE ATT&CKs with scanning the environments, using suspicious activity internal to our network. We have thousands of use cases covering different domains at network levels.

    We have use cases covering security controls and firewalls. We also have use cases that cover Active Directory, server events, and Citrix. Because we are working in a telecom company, we are covering 5G and 4G logs.

    What is most valuable?

    The aggregations are valuable when creating use cases with aggregations, which is beneficial for us.

    For automation, we are using multi-platform solutions. We have FortiSOAR  and IBM Resilient  for IBM Security QRadar  orchestration. We integrate with both IBM Security QRadar  and ArcSight, as we are working with customers who use both systems.

    What needs improvement?

    IBM Security QRadar has some areas for improvement. We have missed some DSM components. We need to customize logs where there is no DSM or connector for certain products.

    We can integrate but we have missed the DSM, which is the connector to pass logs coming from different applications. For example, with a university customer, we tried onboarding Canvas service. IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.

    For how long have I used the solution?

    We have been using the solution for around five years.

    What was my experience with deployment of the solution?

    The deployment is straightforward and easy for both installation types: standalone console, all-in-one, or in distribution modes.

    What do I think about the stability of the solution?

    Currently, it is very stable.

    What do I think about the scalability of the solution?

    For EPS license, if you increase or exceed the EPS license, you cannot receive events and IBM Security QRadar comes with this server. This issue existed previously when exceeding the limit for EPS license.

    How are customer service and support?

    The customer service experience is mixed. For critical issues, they provide L1 support rather than expert support initially. The L1 support follows standard steps before escalating to the development team or expertise team. In critical situations, this process can be problematic. Support needs to understand the issue first, then escalate it to the engineering team. The engineering team then sends an appointment meeting about the issue. This process can result in outages lasting three to four hours.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have been in the cybersecurity field since 2012. I have experience with many cybersecurity products including IBM Security QRadar, Splunk, SOAR , IBM Resilient  SOAR , Phantom , and various security controls and products.

    What was our ROI?

    ROI calculation is more applicable when using SOAR rather than SIM. In SIM, you don't have functions or enrichment to check if an IP is malicious or different reputations or websites. With SOAR, you can calculate ROI. For example, when an analyst receives alerts on IBM Security QRadar Offense, they would typically take 10 to 15 minutes to check an IP in VirusTotal , AbuseIPDB, TotalVirus, and other sources. With SOAR, the workflow takes one minute or less to complete the analysis.

    What's my experience with pricing, setup cost, and licensing?

    When comparing with Splunk, IBM Security QRadar's cost is reasonable. Splunk is more expensive than IBM Security QRadar.

    Which other solutions did I evaluate?

    We have machine learning for User Behavior Analytics  (UBA ), but IBM Security QRadar does not have AI connectors or integration with ChatGPT . Some SOARs are working with AI, such as FortiSOAR , which has chatbot and AI integration with ChatGPT  to create playbooks, assist analysts in exporting reports, and provide recommendations for alert responses.

    What other advice do I have?

    This implementation process receives a rating of six. In UAE, we have strict restrictions regarding compliance, particularly NIST compliance. Most companies should have local LLM, not public. Most SIM solutions or SOAR don't have the capability to build or need custom connectors for using AI with internal LLM, rather than cloud-based solutions ChatGPT or Gemini. Overall, I would rate IBM Security QRadar an eight out of ten.

    reviewer1370832

    Uses robust rulesets to enhance compliance audits and prevention

    Reviewed on Apr 09, 2025
    Review provided by PeerSpot

    What is our primary use case?

    Our primary use case was for compliance audits. We mainly used it for compliance purposes.

    What is most valuable?

    IBM Security QRadar  had good rulesets, and the scenarios we could write regarding the compliance-related issues were quite helpful. We mostly used it for prevention.

    What needs improvement?

    The commercials can be looked into. The costing part could be improved.

    For how long have I used the solution?

    I have been using the solution for around three years.

    What was my experience with deployment of the solution?

    There were no issues at all. It was straightforward.

    How are customer service and support?

    I was satisfied with IBM support.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We switched mostly for commercial reasons.

    How was the initial setup?

    The initial setup was straightforward. It took a couple of weeks because we had to set up the rules and other configurations.

    What's my experience with pricing, setup cost, and licensing?

    The costing part, or commercials, was a concern.

    What other advice do I have?

    I would rate IBM Security QRadar  nine out of ten. The main reason for moving from this tool was the pricing.

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Md. Shahriar Hussain

    Real-time incident detection and user-friendly dashboard benefit daily operations

    Reviewed on Jan 03, 2025
    Review provided by PeerSpot

    What is our primary use case?

    I use it daily because it's shared as a log alert, and we have a security operations center. Every now and then, and almost every day, there are some alerts. I utilize it every day, twenty-four by seven, as you can see.

    What is most valuable?

    Actually, the dashboard is very good. The dashboard is easy to use and easy to understand what's going on and what the alerts mean. It's very user-friendly, I would say. So far, it's very good. Recently, I faced an incident, a cyber incident, and it was detected in real time. It correlates well with other solutions. I have EDR, vulnerability, and IPS, and it shows useful findings for root cause analysis.

    What needs improvement?

    There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

    For how long have I used the solution?

    I have been working with the product for the last four months.

    What do I think about the stability of the solution?

    The product has been stable so far. I didn’t face any issues after deployment. I haven't encountered any software deployment issues, although I have only used it for four or five months. I might face issues after a year, two years, or with a major release or software update.

    What do I think about the scalability of the solution?

    I am satisfied with the scalability. It depends on my budget. How much I spend on licensing size is up to me.

    How are customer service and support?

    I received very good support, possibly due to a good relationship with IBM. I don't know about other companies, but I am happy with the support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, I had another SIM before IBM brought it up, but I couldn't correlate with different solutions. Now it saves me at least one hour, sometimes up to three hours. I used Micro Focus, which I think was acquired by another company, possibly OpenText. The ownership changed. I am very satisfied with Qradar compared to OpenText. It's superior. I am not sure which one is best, but so far it is. My people had good training and needed to invest time to get good results.

    How was the initial setup?

    The initial setup was very difficult. I needed help from the local partner and expert users. Without expert users, it's challenging to deploy.

    What about the implementation team?

    Assistance from the support system is always needed.

    What was our ROI?

    It's still very early, but I have saved significant damage. Investing this amount was very much worth it for my organization.

    What's my experience with pricing, setup cost, and licensing?

    The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I know.

    What other advice do I have?

    My advice is to understand your infrastructure first. Assess the size before sending any protocol requests or RFPs to adjust licensing costs. You may procure licenses less or more than needed, impacting finances. Analyzing your infrastructure is crucial, considering the logs and security issues you will set. Trained personnel are necessary. Without them, usage is challenging. Overall, the product rating is eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    View all reviews