We performed a comparison between IBM Security QRadar and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The initial setup is very simple and straightforward."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It's pretty powerful and its performance is pretty good."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"It has improved my efficiency."
"The scalability is very good. It's not a problem."
"The most valuable feature is the integration with the GRD, for banking."
"One of the most valuable features of this solution is it has very good data correlation."
"The most valuable feature currently is security behaviors and the pdf files."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"Most valuable features include the granularity of information."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"I like the ease of deployment."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It has performed well and delivered the results that I have been looking for."
"Trellix ESM is very user-friendly."
"This solution integrates easily and very well with other technologies."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"There is room for improvement in entity behavior and the integration site."
"Pricing model could be more cost-effective."
"The Indian tech support is not helpful."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"IBM QRadar could improve the plugins and threat detection."
"The modularity could be improved."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"Product currently requires Flash."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"I would like to see good analytics in future releases."
"The product's stability is an area of concern where improvements are required."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. IBM Security QRadar is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), LogRhythm SIEM, Splunk Enterprise Security, Trellix Helix and Cybereason Endpoint Detection & Response. See our IBM Security QRadar vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.
The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.
I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.
Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.
is it the same now for Alienvault? What level of Linux knowledge is needed?
I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.