IBM Security® QRadar® SIEM helps you reduce enterprise risk and automate threat management at a fair price
Request a demo of QRadar SIEM See it in action (2:20)
Abstract purple and blue rectangles in grid
239% ROI QRadar SIEM delivers meaningful results. Read the Forrester TEI study for more results USD 1.7 million

Reduced risk and cost of a significant security breach, valued at USD 1.7 million

USD 2.8 million

Reduced analyst time spent investigating incidents, valued at USD 2.8 million

USD 814,000

Reduced analyst time spent on false positives, valued at nearly USD 814,000

Price Estimator
Pricing options

The Usage model for QRadar SIEM is based on Events per Second (EPS) and Flows per Minute (FPM). EPS is determined by the number of log events ingested per second, while FPM is determined by the network communications per minute. Licensing with this metric is available for hardware appliances, virtual appliances and SaaS model environments.

The Enterprise model for QRadar SIEM is based on the number of Managed Virtual Servers (MVS) used. MVS is determined based on the count of all physical, virtual and cloud servers in the environment. Licensing with this metric enables you to ingest network behavior and unlimited log events.

For on-premises offerings, we offer a choice of subscription or perpetual licensing models.

For SaaS deployments, we offer only a subscription model.

Deployment options SaaS

QRadar SIEM is available as a SaaS offering, which gives you the advantage of the IBM team being on your side to run and care for the infrastructure. This enables you to focus on reviewing anomalous conditions and patching important vulnerabilities. IBM professionals manage the IT infrastructure, so you don’t have to worry about the implementation of patches or updates.


QRadar SIEM is available as both hardware and virtual appliances that can be deployed on premises or in the cloud of your choice. These options are great for organizations who want to have detailed control over their IT infrastructure.

Managed service

IBM Security® X-Force® Threat Management Services combine the best tooling, skilled security analysts, and threat hunters to monitor your endpoints, network and applications for threats. These managed services help you respond to incidents so you can focus on your business.

QRadar SIEM pricing benefits No hidden costs
  • Eliminates hidden log and daily index volume limits
  • Enables ingestion of network behavior and unlimited log events
  • Avoids cost of moving data from on-premises and third-party cloud assets
Streamlined budget approvals
  • Saves time in your budget justification process
  • Strengthens your team’s internal credibility
  • Helps you pre-plan for log retention compliance requirements
Flexible pricing options
  • Offers pricing options based on entity count or workload size
  • Provides licenses available as SaaS, software or managed service
  • Is endlessly scalable
TrustRadius reviews

“QRadar beats it in cost. Splunk starts off cheap, but as you expand (due to it's licensing model), it quickly becomes very expensive. It is the monster that keeps on feeding.”

Read full review

“Cost and integrations played a crucial part in product finalization. QRadar was the choice after considering all these factors.”

Read full review

“IBM QRadar is the best SIEM in class. We looked at Splunk, but you need a full-time person to manage the tool. When we last looked at Splunk it had an enormous overhead cost associated with it.”

Read full review

“QRadar will lower the TCO and ROI of a security team's cost, due to the ability to perform most of the investigation and remediation recommendation.”

Read full review
Take the next step

Schedule time to get a custom demonstration of QRadar SIEM or consult with one of our product experts.

Request a demo of QRadar SIEM
More ways to explore Documentation Support Community Partners Resources