We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"I think it's a very stable product that provides much more visibility than the other product."
"It has very rich functionality."
"One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
"Improved our organization's TCO."
"It's user-friendly when compared to other products."
"I have found visibility very helpful for analytics."
"It's a state-of-the-art product for security information and event management (SIEM)."
"The most valuable feature is the NMS because that's the core of the system. Without the NMS, the other tools aren't that usable."
"I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or in-house. We don’t have to carry the data all over the globe. Also, I am impressed with the tool's flow reporting and Wi-Fi."
"It's given us the ability to create various real-time network performance reports and distribute them to any colleague who can access these reports immediately."
"With this tool it is interesting to show the info to the client and explain where the traffic is."
"The network data collection has been very flexible for us. It's been thorough in areas that were lacking. They have a team that I've worked with to add other pieces to it. So if it's missing something out of the box, they work with me to add it. I was able to collect that data. It's not perfect, but it's pretty thorough."
"SevOne has rich API capabilities, giving us the flexibility to control what we collect and customize the collection, creation, and manipulation of now metrics as necessary."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"We have benefited mainly from the use of the dashboard interface. It makes the network visually interesting for other people who are not in the network. A lot of people are not network techies who understand streams in the network. Based on location, we have streams coming in and out. They can see visually when there is some problem. They don't need to understand all the network technology behind it to be able to understand if everything is working well or if there is a problem."
"We had used previous products and found AlienVault centralized the logging for our security."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The setup is very easy and straightforward."
"Having everything in a central place has been helpful."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
"This solution is on-premise and many customers are moving to the cloud base solution."
"IBM QRadar could improve the plugins and threat detection."
"The interface is very old. IBM should remake it into a more modern interface."
"The reporting system could use some upgrading."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"There was some complexity in the initial setup due to bandwidth issues."
"The tool needs improvement in non-Cisco SD-WAN."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
"There are a lot of pain points. My main problem is that we don't have a high availability system. There are 20 peers. We're going to lose the end-of-life appliances that are old. If we lose a peer and it doesn't come back, we lose all that data. The reason we don't have high availability is because it's double the charge."
"User-friendly, multi-tenancy."
"When I started using it, I tried adding one of the BroadWorks application servers into SevOne... it created thousands and thousands of objects from that one application server and we immediately ran out of license... It would help, when new objects are discovered, if there were a way to categorize those objects and to pick the part of the object you need..."
"There is no service mode setup in this monitoring tool if you want to snooze alerts for any specific amount of time, to account for any activity change or major incident."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"You need to plan integrations. That has been the biggest bug with SevOne so far. For the things that SevOne pulls directly, those are easy to understand, modify, and put into the database. For things that need to use the Universal Collector or xStats, you need to plan that stuff well in advance."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"It would be hard for any legitimate MSSP to use it."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
