We performed a comparison between ClearSkies SaaS NG SIEM and IBM Security QRadar based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"It's pretty powerful and its performance is pretty good."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The UI-based analytics are excellent."
"It has a lot of great features."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The main benefit is the ease of integration."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The correlation rules and the user platform are most valuable."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"The solution is relatively easy to use."
"Stability-wise, I rate the solution a ten out of ten."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"There are other third-party plugins that we can use."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"I would like to see more AI used in processes."
"The product can be improved by reducing the cost to use AI machine learning."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"The product does not have a team for investigating malware."
"The solution should include remote action capabilities."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 58th in Security Information and Event Management (SIEM) while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ClearSkies SaaS NG SIEM is most compared with , whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.