We performed a comparison between IBM Security QRadar and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"I have found the ability to delete unwanted threats beneficial."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The integration between all the Defender products is the most valuable feature."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"The detection rate is good and the false positive rate is low."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"I like that it's easy to use and the performance is good."
"It's user-friendly when compared to other products."
"Customer service is very good and very helpful."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"The solution does not offer a unified response and standard data."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The management and automation of the cloud apps have room for improvement."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"Technical support could be improved by a bit."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"The user interface is a bit clunky, a bit hard to find what you need."
"There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"Integration could be better. They should make it easy to integrate with other solutions."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"Netsurion's SOC can be a bit too aggressive at times."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews. IBM Security QRadar is rated 8.0, while Netsurion is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO. See our IBM Security QRadar vs. Netsurion report.
See our list of best Security Information and Event Management (SIEM) vendors, best Managed Detection and Response (MDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.