We performed a comparison between Exabeam Fusion SIEM and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"It's pretty powerful and its performance is pretty good."
"The features that stand out are the detection engine and its integration with multiple data sources."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The pricing of the product is excellent."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The solution's initial setup process is easy."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"The advanced analytics has a really great overview of user behavior."
"Timeline based analysis; good platform support"
"It's a very user-friendly product and it's a very comprehensive technology."
"It helps us discover any threats with their alerts and tracking."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"The monitoring and dashboards are great."
"It is a very good SIEM."
"The pre-canned rules and reports in this product are a huge plus."
"The scalability is very good. It's not a problem."
"Most valuable features include the granularity of information."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"I believe if it were more flexible it would be a better product."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"The only problem is that the UI is not very impressive."
"We still have questions surrounding hardware deployment."
"The organzation is rigid and not flexible in the way they operate"
"The dashboards are all legacy and old."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"I think that the search speed of this solution could be improved."
"IBM is going through some problems with its resources currently making its support response time slow."
"I would like the rule creation interface to be much more user-friendly in the next release."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"The user interface is a bit difficult to get used to."
Exabeam Fusion SIEM is ranked 29th in Security Information and Event Management (SIEM) with 10 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Exabeam Fusion SIEM is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Exabeam Fusion SIEM is most compared with Splunk Enterprise Security, Splunk User Behavior Analytics, Palo Alto Networks Cortex XSOAR, Gurucul UEBA and Cortex XSIAM, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Exabeam Fusion SIEM vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best User Entity Behavior Analytics (UEBA) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
