We performed a comparison between IBM Security QRadar, Quest InTrust, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"It has improved my efficiency."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"Stability-wise, I rate the solution a ten out of ten."
"I have found IBM QRadar to be stable."
"I think it's a very stable product that provides much more visibility than the other product."
"Improved our organization's TCO."
"I would rate the technical support very well as they are knowledgeable and quick to respond."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"Reports are customized, so you can present them to executives or engineers."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"It is my "security person" looking at irregularities and letting me know when something has occurred."
"It needs more resilience and functionality."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"The product needs to improve its GUI."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"There could be better integration with the solution."
"Each module requires a separate license and a separate cost."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"It needs to have better reporting. "
"It was very complex. There was poor native correlation. "
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"We develop additional rules and scripts to make it more usable."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"Different functions to customize reports should be added."
Earn 20 points
