We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and Quest InTrust based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."This solution has excellent security analytics."
"IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"One of the most valuable features of this solution is it has very good data correlation."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"It has a good integration with the artificial intelligence engine of Watson."
"Flexible architecture: You can extend the system and its capacity by attaching another cluster pair."
"The network data collection has been very flexible for us. It's been thorough in areas that were lacking. They have a team that I've worked with to add other pieces to it. So if it's missing something out of the box, they work with me to add it. I was able to collect that data. It's not perfect, but it's pretty thorough."
"Scalability. I have never had to worry about how to handle really big environments."
"We've had great feedback from our customers about SevOne support. They're willing to set up a remote session upon request. You have to go through three tiers of support with most vendors, and they ask a lot of screening questions before they will do a remote session. You need to spend a lot of time before an engineer will host a remote session to look at your problematic system."
"The SMP and the xStats, which is for flat file integration, are both useful for integrating the various metrics that the device provides to monitor the performance of those systems."
"The modules and the performance management reports that come with data insights are two of the most valuable features. I also find the reports for Wi-Fi, Netflow, LAN, and WAN for monitoring to be very good."
"SevOne provides support for all universal connectors. They internally work with other data sources to get features implemented. We have an SD-WAN implementation and use other app data to monitor performance. If you pull that data into one centralized location, that is very useful for management."
"The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go."
"I would rate the technical support very well as they are knowledgeable and quick to respond."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"Technical support could be improved by a bit."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"IBM is going through some problems with its resources currently making its support response time slow."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"The one area with room for improvement is probably administration. They added data insights to make a better user experience, but I'd like to see some improvements in the way the system's administered."
"There are some tweaks and enhancements that I've already requested. One is to be able to make changes per device rather than as a global setting. That has to do with naming. It's minor."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"Their virtualization solution is not compatible with our Kubernetes environment, which is one of the reasons we are ending our relationship with them."
"The reports are easy to configure but they are a bit outdated in terms of appearance and visualization."
"Some similar solutions offer end-to-end visibility."
"I'm not really sure if this was the software's fault or a server issue, but a couple of years back the disks were failing on our SevOne physical server every month and the server would go down. The secondary server took over from the primary until the disk issue was resolved. That was annoying."
"With the administrative management of the appliance, if some object appears from SevOne because something changed in the network or whatever, then as an administrator you will not be aware. If you are using this object in a report, this object will disappear from the report and you will not be aware of it. So, if you have 1,000 reports, you cannot always check these reports everyday to see if objects are missing or information has disappeared. We don't have any information on alerts, saying that something is happening there and maybe we need to take action. If an object was replaced by another one, or if a link was replaced by another one, then the graph needs to be changed because it doesn't exist in the graph anymore. However, we don't have this information."
"It was very complex. There was poor native correlation. "
"It needs to have better reporting. "
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
Earn 20 points