We performed a comparison between ArcSight Analytics and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The two most valuable features of this solution are its stability and scalability."
"ArcSight Analytics is used to get a deeper insight and threat analysis about the network."
"The most valuable feature is the log monitoring."
"This solution allows us to identify connections for all users."
"The solution is easy to implement."
"ArcSight Analytics has improved our system and network policy monitoring."
"The correlation engine is good."
"One of the most valuable features is the alerts."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"I think it's a very stable product that provides much more visibility than the other product."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"I have found IBM QRadar to be scalable."
"I have found its network traffic log, network bit log, and QBI most valuable."
"I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
"ArcSight is not a user-friendly solution and the interface needs to be improved."
"[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."
"The interactive dashboard is complicated and you need to have training in order to use it, so I think that it could be made easier to use."
"Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked."
"It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."
"I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time."
"The customer service could be improved, and additional integrations with other APIs could be added."
"I would like to see integration with automation products, such as Phantom Automation."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"The Indian tech support is not helpful."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"I need a solution which will send alerts in the event of any behavior."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
ArcSight Analytics is ranked 17th in User Entity Behavior Analytics (UEBA) with 15 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Analytics is rated 7.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Analytics writes "It has improved our system and network policy monitoring". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Analytics is most compared with Securonix UEBA, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our ArcSight Analytics vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.