We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"The monitoring of the network is very customizable. That is its unique feature."
"The SMP and the xStats, which is for flat file integration, are both useful for integrating the various metrics that the device provides to monitor the performance of those systems."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go."
"The most valuable feature as of late has been the API integration with ServiceNow."
"With this tool it is interesting to show the info to the client and explain where the traffic is."
"Data Insight reporting tool is the most valuable feature. They came up with it a couple of years ago. The most pleasing factor is the dark theme. You don't have a white background. It has templates that you can create for all kinds of reports that you can hit on the fly. It's much better printing of the reports. If you want to send PDFs to people, the reports are actually decent. Whereas for years, the old architecture of the PDFs was rubbish and even our customers said, "We have to manipulate your PDFs because they all have bad margin breaks. SevOne fixed that a couple of years ago with the new Data Insight. It's fantastic."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"AXON has the ability to add and compare use cases."
"We now have a central point of monitoring for all potential threats."
"It allows us to automate a lot of things with a smaller team."
"NextGen SIEM's best feature is how it presents logs."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"I would like to see a better GUI."
"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details."
"I think that the search speed of this solution could be improved."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"In a future release, the solution could provide malware analysis."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"There are some tweaks and enhancements that I've already requested. One is to be able to make changes per device rather than as a global setting. That has to do with naming. It's minor."
"You need to plan integrations. That has been the biggest bug with SevOne so far. For the things that SevOne pulls directly, those are easy to understand, modify, and put into the database. For things that need to use the Universal Collector or xStats, you need to plan that stuff well in advance."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"Telemetry is hot these days, and IBM can improve SevOne's support for telemetry correction. Reporting is another feature that could be better. It provides the bare minimum functionality, which is good enough for most engineers, but the management isn't advanced. The new portal provides a much lighter view and better visualization, but the management is not so good."
"There are a lot of pain points. My main problem is that we don't have a high availability system. There are 20 peers. We're going to lose the end-of-life appliances that are old. If we lose a peer and it doesn't come back, we lose all that data. The reason we don't have high availability is because it's double the charge."
"The method of searching for SIP and the way to create the groups."
"Their virtualization solution is not compatible with our Kubernetes environment, which is one of the reasons we are ending our relationship with them."
"The one area with room for improvement is probably administration. They added data insights to make a better user experience, but I'd like to see some improvements in the way the system's administered."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"The customer support system is time-consuming."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →