IBM Security QRadar vs Splunk Enterprise Security vs Stackify comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between IBM Security QRadar, Splunk Enterprise Security, and Stackify based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management.
To learn more, read our detailed Log Management Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events.""I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.""IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.""We are using the platform version, which I like.""The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.""The most valuable aspect of the solution is the integration capabilities on offer.""I like the graphical interface. It's so good and easy.""It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."

More IBM Security QRadar Pros →

"I like the ease with which dashboards can be created.""The fact that Splunk is a platform and not just a SIEM solution is a key benefit.""The logs on the solution are excellent.""The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.""There are lots of free learning materials on their website.""It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk.""Positive features include replication capabilities, software development kits, and the architecture.""One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."

More Splunk Enterprise Security Pros →

"The performance dashboard and the accurate level of details are beneficial.""The filter feature on Stackify is one of the features I found valuable. It's awesome. When I want to get the application logs, the solution gives me many filters. For example, if I want to get logs from my test environment, the option is there for me to select the environment from Stackify, and you can also select the particular application, and you'll see the information you need there. The filter feature alone and the fact that Stackify offers a lot of different filters is what I like the most about the solution because I've used other tools with the filter feature, but the filtering was very difficult, versus Stackify that has good filtering. On Stackify, you can filter the information by the last one hour, or the last four hours, and you can also select the date range and specify the timestamp, then the solution will give you the information based on the date range you specified. Another feature I found valuable on Stackify is its rating feature because it tells you how your application is faring. For example, a rating of A means excellent, while a rating of F means very bad, or that your application is not doing well at all. The ratings are from A to F. I also like that Stackify helps you in terms of load management because the solution gives you information on overutilized resources. These are the most valuable features of the solution.""The deployment is very fast.""The solution is stable and reliable."

More Stackify Pros →

Cons
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic.""Technical support could be improved by a bit.""We would like to see better instrumentation for debugging changes in the log flow.""I would like to see a more user-friendly product.""The AQL queries could be better.""The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good.""It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar.""I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."

More IBM Security QRadar Cons →

"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better.""The solution could improve by giving more email details.""I feel the solution to be too slow.""The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files.""It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.""The analytics of Splunk could be improved.""While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive.""It's difficult to set up initially, and their billing model is also a bit complicated."

More Splunk Enterprise Security Cons →

"It should be easily scalable and configurable in different instances.""I would like to be able to see metrics about individual running containers on the host machines.""I've not used Stackify for a while, and I'm currently using a solution now that's not as good as Stackify. Among the solutions I've been using so far, Stackify has been one of the best for me, but there's always room for improvement. For example, I don't know if it's just me, but when I try to get the log from Stackify, sometimes it doesn't appear in real-time. It takes a few minutes before the logs appear. When I redeploy my solution and the application starts, I don't see the logs immediately, and it would take two to three minutes before I see the logs. I don't know if other customers have a similar experience. It's the wait time for the logs to appear that's a concern for me, could be improved, and is what the Stackify team should be looking into. In terms of any additional feature that I'd like added to the solution, I'm not sure if Stackify has a way to export logs out. I've been trying to do it. On the solution, you can click on a spiral-like icon and it shows you the entire error, and I'd prefer an export button that would let me download the error and save that into a text file, for example, so it'll be available on my local machine for me to reference it, especially because the log keeps going and as you're using the solution, the system keeps pushing messages on to Stackify, so if I'm looking at a particular error at 12:05 PM, for example, by the time I go back to my system and would like to revisit the error at 12:25 PM, on Stackify, the logs would have gone past that level and I won't see it again which makes it difficult. When you now go back to that timestamp, you don't tend to see it immediately, but if the solution had an export feature for me to save that particular error information on my local machine for reference at a later time, I won't have to go back to Stackify. I just go to that log, specifically to that particular export that I've received on my local machine. I can get it and review it, and it would be easier that way versus me going back to Stackify to find that particular error and request that particular information.""The search feature could be improved."

More Stackify Cons →

Pricing and Cost Advice
  • "found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
  • "Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
  • "It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
  • "The maintenance costs are high."
  • "Pricing (based on EPS) will be more accurate."
  • More IBM Security QRadar Pricing and Cost Advice →

  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
  • More Splunk Enterprise Security Pricing and Cost Advice →

  • "The price is variable. It depends on how much data we have received in that particular month. Usually, it goes up to $2,000, or, at times, $3,000 USD per month."
  • More Stackify Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Top Answer:The most valuable feature of Splunk Enterprise Security is website activity monitoring.
    Top Answer:The performance dashboard and the accurate level of details are beneficial.
    Top Answer:The licensing cost is calculated on a per-user basis.
    Top Answer:When Stackify completes drill downs, sometimes there is a block of execution pipelines, and you cannot see the details… more »
    Ranking
    6th
    out of 94 in Log Management
    Views
    15,708
    Comparisons
    9,599
    Reviews
    33
    Average Words per Review
    481
    Rating
    7.6
    1st
    out of 94 in Log Management
    Views
    29,244
    Comparisons
    23,633
    Reviews
    64
    Average Words per Review
    947
    Rating
    8.4
    40th
    out of 94 in Log Management
    Views
    224
    Comparisons
    169
    Reviews
    4
    Average Words per Review
    1,453
    Rating
    7.3
    Comparisons
    Also Known As
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    Learn More
    Overview

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Stackify is an application performance management (APM) solution that combines application performance monitoring with logs, errors, and reporting. It is a SaaS solution that is developer-focused. Users can quickly scan, identify, and repair issues with applications. Stackify APM offers valuable tools, such as Prefix and Retrace, which help to make it a comprehensive and valuable APM solution. Stackify is now part of the Netreo family of IT Infrastructure Management (ITIM), which is considered one of the fastest-growing IT organizations in the marketplace today.

    Stackify Prefix

    Stackify Prefix helps developers write better code, faster. The tool examines, tests, and approves code as it is being written. Almost every new application is code-perfect, negating the need for exhausting troubleshooting and frustrating time-consuming code review.

    Prefix is able to discover poor-performing SQL queries, ORM queries, potential bottlenecks, and concealed exceptions prior to moving the application into production.

    Prefix offers Summary Dashboards, intuitive suggestions, integrated logs, and distributed tracing. Distributed tracing expands visibility to cloud-native applications, microservices, and containers and can also provide additional transparency to cache services, web services, third-party services, and more. Users are able to easily move from logs to traces and back.

    This valuable tool ensures developers are able to consistently release the best code possible in the least amount of time, while improving performance, productivity, and profitability.

    Prefix is a very robust and easy-to-use tool. It can be used seamlessly with Linux, macOS, and Windows. Prefix integrates well with numerous languages, such as Java, Python, Ruby, PHP, Node.js, .Net, and .Net Core.

    Stackify Retrace

    Stackify Retrace is a user-friendly, trusted APM solution used in more than fifty countries worldwide. Users know that Retrace is able to ensure they can complete quicker, more efficient application development and consistently enhance overall application performance by suggesting important intuitive suggestions users need. 

    This solution is beneficial to both developers (Dev) and operations (Ops) personnel to learn to improve code and immediately finetune issues by:

    • Establishing effortless collaboration between Dev and Ops personnel via an easy-to-use GUI dashboard.

    • Delivering complete transparency of all stages of the application development process, from pre-development to production.

    • Utilizing performance protocols, such as error tracking, application logs, and code profiling, in real time in order to thoroughly understand how long a code will take to complete various tasks.

    • Improving overall efficiency and productivity by immediately discovering and repairing application issues.

    Retrace Real User Monitoring (RUM) uses both front-end and back-end monitoring to give users a complete picture of what is going on with the applications. This intuitive dashboard displays performance with a complete breakdown of resource usage and integrates the server-side and client traces into one engaging, user-friendly, extensive view. 

    Retrace is an out-of-the-box solution that works seamlessly with Java stacks, PHP, Node.js, Ruby, Python, .Net, and .Net Core. It is also compatible with many of today’s popular frameworks, such as AWS, Azure, Elasticsearch, MongoDB, MySQL, Oracle, PostgreSQL, Redis, and SQL Server. Additionally, Retrace will work effectively with many cloud providers, containers, and languages, and offers excellent and easy integration with today's favorite tools such as Jira, Slack, Jenkins, and more.

    Offer
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Learn more about Splunk Enterprise Security
    Learn more about Stackify
    Sample Customers
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    MyRacePass, ClearSale, Newitts, Carbonite, Boston Software, Children's International, Starkwood Media Group, Fewzion
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Comms Service Provider10%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company15%
    Financial Services Firm10%
    Government6%
    REVIEWERS
    Computer Software Company18%
    Financial Services Firm15%
    Government10%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm23%
    Computer Software Company20%
    Retailer8%
    Healthcare Company6%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise29%
    Large Enterprise51%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business43%
    Midsize Enterprise29%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business30%
    Midsize Enterprise10%
    Large Enterprise60%
    Buyer's Guide
    Log Management
    March 2024
    Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: March 2024.
    765,386 professionals have used our research since 2012.