We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We find predictive analysis capabilities valuable."
"Most of the features are good. It is an excellent solution."
"Technical support is good overall."
"It is a scalable solution."
"What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
"The tool helps with infrastructure, application, and network monitoring."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"The solution appears to be stable, although we haven't used it heavily."
"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"It is a solution that helps test and measure customer satisfaction."
"The most valuable features are the indexing and powerful search features."
"Splunk is more user-friendly than some competing solutions we tried."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."
"I need a solution which will send alerts in the event of any behavior."
"The interface is very old. IBM should remake it into a more modern interface."
"We have had problems with networking."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"IBM QRadar could improve the plugins and threat detection."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"While the interface is easy to use, it could be a little more responsive."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"In the future I would like to see simplified statistics and analytical threats."
"There are occasional bugs."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"I'm not aware of any lacking features."
"The price of Splunk UBA is too high."
"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."
More Splunk User Behavior Analytics Pricing and Cost Advice →
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 18 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Rapid7 InsightIDR, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Cynet, Exabeam Fusion SIEM and Varonis Datalert. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.