Graylog vs IBM Security QRadar vs IBM SevOne Network Performance Management (NPM) comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Graylog, IBM Security QRadar, and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management.
To learn more, read our detailed Log Management Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Real-time UDP/GELF logging and full text-based searching.""We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging.""I am very proud of how very stable the solution is.""The solution's most valuable feature is its new interface.""Graylog's search functionality, alerting functionality, user management, and dashboards are useful.""The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.""I like the correlation and the alerting.""Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."

More Graylog Pros →

"The solution is relatively easy to use.""IBM QRadar Advisor with Watson is a stable solution.""In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards.""It is very stable. We have not faced interruptions in the past four and a half years.""The most valuable feature is user behavior analytics (UBA).""Search capabilities are sufficient for most tasks.""Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge.""What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

More IBM Security QRadar Pros →

"The out of the box reports and workflows are pretty good and they meet our requirements well.""The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely.""It also gives us the closest thing to real-time insight into network performance that we have, with just a 10-second delay. It's very important for us to know the health of the infrastructure very quickly.""SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful.""In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box.""One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications.""I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or in-house. We don’t have to carry the data all over the globe. Also, I am impressed with the tool's flow reporting and Wi-Fi.""It's a great solution for highlighting and discovering useful information regarding our network's elements."

More IBM SevOne Network Performance Management (NPM) Pros →

Cons
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous.""I would like to see some kind of visualization included in Graylog.""Its scalability gets complicated when we have to update or edit multiple nodes.""The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic.""There should be some user groups and an auto sign-in feature.​""Graylog can improve the index rotation as it's quite a complex solution.""More complex visualizations and the ability to execute custom Elasticsearch queries would be great.""We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."

More Graylog Cons →

"The solution should enhance its capabilities of UEBA and AI/ML tech modeling.""The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.""The solution lacks some maturity.""The IBM support can be better.""AI is superb but need improvements.""Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration.""While the interface is easy to use, it could be a little more responsive.""There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."

More IBM Security QRadar Cons →

"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box.""The reporting of NMS is good, but it could be better.""User-friendly, multi-tenancy.""High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular.""Would benefit with the addition of AI modules for proactive data insights.""The tool needs improvement in non-Cisco SD-WAN.""Telemetry is hot these days, and IBM can improve SevOne's support for telemetry correction. Reporting is another feature that could be better. It provides the bare minimum functionality, which is good enough for most engineers, but the management isn't advanced. The new portal provides a much lighter view and better visualization, but the management is not so good.""We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."

More IBM SevOne Network Performance Management (NPM) Cons →

Pricing and Cost Advice
  • "Having paid official support is wise for projects."
  • "I am using a community edition. I have not looked at the enterprise offering from Graylog."
  • "If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
  • "​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
  • "Consider Enterprise support if you have atypical needs or setup requirements.​"
  • "I use the free version of Graylog."
  • "It's an open-source solution that can be used free of charge."
  • "We're using the Community edition."
  • More Graylog Pricing and Cost Advice →

  • "found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
  • "Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
  • "It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
  • "The maintenance costs are high."
  • "Pricing (based on EPS) will be more accurate."
  • More IBM Security QRadar Pricing and Cost Advice →

  • "Have a bank of licenses, because it is about the number of objects (RAM, ports, CPU, etc.)."
  • "Choose a SevOne partner who can provide SevOne as a service and can deliver professional services and maintenance."
  • "It is inexpensive compared to other monitoring tools."
  • "Prices per license are not huge, but they exist."
  • "There are cheaper solutions available."
  • "The pricing has been fair."
  • "Many tools price things based on the number of KPIs that you're collecting around a device. In many cases, there could be hundreds of metrics that you need to collect. SevOne provides device-level pricing. That gives us the flexibility to turn on, and expand on, the metrics that we're collecting around those devices, without taking a financial hit."
  • "The pricing has not evolved with the market, which is one of the reasons we are moving to a new product."
  • More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:The product is scalable. The solution is stable.
    Top Answer:We are using the free version of the product. However, the paid version is expensive.
    Top Answer:Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I… more »
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Top Answer:I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also… more »
    Top Answer:The tool is not expensive. We were able to negotiate with SevOne on pricing.
    Top Answer:The tool needs improvement in non-Cisco SD-WAN.
    Ranking
    11th
    out of 94 in Log Management
    Views
    10,699
    Comparisons
    9,032
    Reviews
    6
    Average Words per Review
    802
    Rating
    7.3
    6th
    out of 94 in Log Management
    Views
    15,708
    Comparisons
    9,599
    Reviews
    33
    Average Words per Review
    481
    Rating
    7.6
    18th
    out of 94 in Log Management
    Views
    1,365
    Comparisons
    700
    Reviews
    7
    Average Words per Review
    1,356
    Rating
    8.4
    Comparisons
    Also Known As
    Graylog2
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    SevOne
    Learn More
    Overview

    Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

    • Considerably faster analysis speeds.
    • More robust and easier-to-use analysis platform.
    • Simpler administration and infrastructure management.
    • Lower cost than alternatives.
    • Full-scale customer service.
    • No expensive training or tool experts required.

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    The IBM® SevOne Network Performance Management (IBM SevOne NPM) solution helps you spot, address, and prevent network performance issues early with machine learning-powered analytics from a single source. Boost network performance and improve your user application experience by proactively monitoring your multivendor end-to-end network across enterprise, communication, and managed service provider networks.

    Transform raw network performance data into intelligent and actionable insights. The IBM SevOne NPM solution goes beyond detection, combining industry-leading expertise and advanced technology to help your IT team plan and optimize your network and act on what matters: improving network performance to provide an exceptional customer experience.

    For further information, please visit www.ibm.com/cloud/sevo...



    Offer
    Learn more about Graylog
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Learn more about IBM SevOne Network Performance Management (NPM)
    Sample Customers
    Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    ATOS, Devereux, Spark New Zealand, Access4, Rogers Communication, Lumen (formerly known as CenturyLink)
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company16%
    Comms Service Provider11%
    Government8%
    Educational Organization7%
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Comms Service Provider10%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company15%
    Financial Services Firm10%
    Government6%
    REVIEWERS
    Comms Service Provider37%
    Media Company11%
    Financial Services Firm11%
    Computer Software Company9%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Financial Services Firm15%
    Manufacturing Company12%
    Retailer5%
    Company Size
    REVIEWERS
    Small Business50%
    Midsize Enterprise7%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise18%
    Large Enterprise50%
    REVIEWERS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise29%
    Large Enterprise51%
    REVIEWERS
    Small Business6%
    Midsize Enterprise11%
    Large Enterprise83%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    Buyer's Guide
    Log Management
    March 2024
    Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: March 2024.
    765,386 professionals have used our research since 2012.