We performed a comparison between ArcSight Logger, IBM Security QRadar, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"It's an efficient solution."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"It is one of the best products available in the market."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"The machine learning is a good feature."
"The solution is flexible and easy to use."
"IBM Security QRadar has significantly improved our incident response procedures."
"It can analyze event logs, event security, and give a good consult."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"It is the core of our entire SOX."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"Search capabilities are sufficient for most tasks."
"The solution is relatively easy to use."
"It has a rapid response search environment in the event of an incident."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The product has a good security posture."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The solution allows easy gathering and ingestion of the data."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"The platform is quite expensive. They should reduce its cost."
"We find that the search and access functionality is quite slow."
"The solution should make it possible to integrate network analysis features."
"I would like to see better scheduling in the next release of this solution."
"The integration with other systems could be improved."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"The solution lacks some maturity."
"The usability of interfaces could be improved."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"Technical support could be improved by a bit."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"The product needs to improve its GUI."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"Deployment is not difficult but the lock sources and configurations can take time."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."