We performed a comparison between ArcSight Analytics and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features I have found most valuable are it capabilities for behavioral analytics and anomaly detection."
"The most valuable features are that you get lots of connectors, which make it easy to log in to my ASM, and lots of prebuilt roles from the company."
"The correlation engine is good."
"This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard."
"ArcSight Analytics has improved our system and network policy monitoring."
"Allows multiple integrations with multiple systems in a stable and flexible fashion."
"The most valuable feature is the log monitoring."
"The solution is easy to implement."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"It has improved my efficiency."
"It is a very optimized engine."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"The best part of this solution is having a third-party SOC."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked."
"The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed."
"I would like to see orchestration."
"The interactive dashboard is complicated and you need to have training in order to use it, so I think that it could be made easier to use."
"I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time."
"Network integration is very crucial, and you need to have the knowledge to get it done."
"It's a difficult product to navigate, it's complex."
"It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."
"Some of the cloud apps need improvement."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The solution lacks some maturity."
"They should introduce some automation into the product."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
ArcSight Analytics is ranked 16th in User Entity Behavior Analytics (UEBA) with 15 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Analytics is rated 7.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Analytics writes "It has improved our system and network policy monitoring". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Analytics is most compared with Securonix UEBA, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our ArcSight Analytics vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.