We performed a comparison between Exabeam Fusion SIEM and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Timeline based analysis; good platform support"
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The advanced analytics has a really great overview of user behavior."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"It's a very user-friendly product and it's a very comprehensive technology."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The setup is not difficult. It was easy."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"Vulnerability data, network data and the like, are part of correlation and detection."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We are invoiced according to the amount of data generated within each log."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"We still have questions surrounding hardware deployment."
"The only problem is that the UI is not very impressive."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"The organzation is rigid and not flexible in the way they operate"
"They should provide detailed information about detecting phishing emails."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"I believe if it were more flexible it would be a better product."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"The user interface is a bit clunky, a bit hard to find what you need."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"IBM is going through some problems with its resources currently making its support response time slow."
Exabeam Fusion SIEM is ranked 29th in Security Information and Event Management (SIEM) with 10 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Exabeam Fusion SIEM is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Exabeam Fusion SIEM is most compared with Splunk Enterprise Security, Splunk User Behavior Analytics, Palo Alto Networks Cortex XSOAR, Gurucul UEBA and Cortex XSIAM, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Exabeam Fusion SIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best User Entity Behavior Analytics (UEBA) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.