We performed a comparison between ArcSight Analytics and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This solution allows us to identify connections for all users."
"The ability to correlate different logs is the solution's most valuable feature."
"This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard."
"The two most valuable features of this solution are its stability and scalability."
"The data collection and the integration with different products are valuable features."
"The most valuable features are that you get lots of connectors, which make it easy to log in to my ASM, and lots of prebuilt roles from the company."
"The features I have found most valuable are it capabilities for behavioral analytics and anomaly detection."
"Allows multiple integrations with multiple systems in a stable and flexible fashion."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot."
"I have found visibility very helpful for analytics."
"Improved our organization's TCO."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
"Search capabilities are sufficient for most tasks."
"The threat hunting capabilities in general are great."
"It's a difficult product to navigate, it's complex."
"ArcSight's features that can be improved include anything related to its visualization capabilities and user friendliness."
"[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."
"I would like to see orchestration."
"It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."
"The GUI interface is not always intuitive and easy for non-technical users to work with."
"I would like to see integration with automation products, such as Phantom Automation."
"Their support team could be better."
"IBM technical support is always terrible."
"I would like to see more integration in place after the security lock."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"IBM is going through some problems with its resources currently making its support response time slow."
"It's resource-intensive."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"QRadar needs a lot of fine tuning"
ArcSight Analytics is ranked 17th in User Entity Behavior Analytics (UEBA) with 15 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Analytics is rated 7.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Analytics writes "It has improved our system and network policy monitoring". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Analytics is most compared with Securonix UEBA, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our ArcSight Analytics vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.