We performed a comparison between IBM Security QRadar and ArcSight ESM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. ArcSight ESM yields an ROI by helping clients achieve compliance objectives and prevent incidents.
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The initial setup is very simple and straightforward."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The automation feature is valuable."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"Feature-rich solution which provides better network visibility for improved security"
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"The real-time analysis adds value."
"ArcSight gives us better visibility into threats that were unknown earlier."
"It is a robust product and has multiple valuable features."
"The correlation feature is good."
"I have found IBM QRadar to be stable."
"This solution has allowed us to correlate logs from multiple sources."
"The monitoring and dashboards are great."
"When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"Stability-wise, I rate the solution a ten out of ten."
"The simplicity of the solution is the best feature."
"The solution is relatively easy to use."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"One key area that can be improved is by building a strong integration with our XDR platform."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The troubleshooting has room for improvement."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Currently lacks SOAR feature."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"ArcSight ESM is lacking cloud scalable technology."
"Customer service and support is our biggest challenge."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"The Indian tech support is not helpful."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"I would like to see a more user-friendly product."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"It's resource-intensive."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, Elastic Security and LogRhythm SIEM, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.