We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Improves visibility and has a great new dashboard."
"It is a very optimized engine."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"The timeline and machine learning features are great."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The solution is flexible and easy to use."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."
"It is a solution that helps test and measure customer satisfaction."
"The product is at the forefront of auto-remediation networking. It's great."
"This is a good security product."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"The solution is definitely scalable."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"The solution is fast, flexible, and easy to use."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"The AQL queries could be better."
"The modularity could be improved."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"IBM is going through some problems with its resources currently making its support response time slow."
"It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"The initial setup was complex because some of the configurations that we required needed customization."
"There are occasional bugs."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
More Splunk User Behavior Analytics Pricing and Cost Advice →
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 18 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Datadog, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Cynet, Exabeam Fusion SIEM and Varonis Datalert. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.