We performed a comparison between IBM Security QRadar and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Our users prefer USM Anywhere over IBM Security QRadar. Users like USM Anywhere for its simple initial setup, comprehensive reporting capabilities, and reasonable pricing. USM Anywhere can generate custom audit reports and its pricing is regarded as more affordable compared to IBM Security QRadar.
"The price is low and quite competitive with others."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The solution was relatively easy to deploy."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"This is stable and scalable."
"We have the abilities to monitor each instance which originates on the process along with the performance of each department."
"We can easily monitor many things using this tool."
"It's built around Red Hat Linux, which is highly robust."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"The initial setup is not complex or difficult."
"The solution is quite flexible."
"The UBA feature is the most valuable because you can see everything about users' activities."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"We had used previous products and found AlienVault centralized the logging for our security."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"Having everything in a central place has been helpful."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"Cannot be used on mobile devices with a secure connection."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"We find the solution to be a bit expensive."
"Detections could be improved."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"The user interface is a bit clunky, a bit hard to find what you need."
"The product does not have a team for investigating malware."
"Each module requires a separate license and a separate cost."
"Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"The AQL queries could be better."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"There are many reports included but would be nice to have better access to the data."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The reporting and dashboards have room for improvement."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The dashboard could be improved as well as the level of customization."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. IBM Security QRadar is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, Splunk Enterprise Security, Microsoft Sentinel and Rapid7 InsightIDR. See our IBM Security QRadar vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.
The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.
I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.
Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.
is it the same now for Alienvault? What level of Linux knowledge is needed?
I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.