We performed a comparison between IBM Security QRadar and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Our users prefer USM Anywhere over IBM Security QRadar. Users like USM Anywhere for its simple initial setup, comprehensive reporting capabilities, and reasonable pricing. USM Anywhere can generate custom audit reports and its pricing is regarded as more affordable compared to IBM Security QRadar.
"Forensics is a valuable feature of Fortinet FortiEDR."
"The most valuable feature is the analysis, because of the beta structure."
"Fortinet is very user-friendly for customers."
"The solution was relatively easy to deploy."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"This is stable and scalable."
"The setup is pretty simple."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"It has a logical, user-friendly GUI."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"I think the QDI is very good."
"We run 65 servers globally with just two people: an engineering person and me."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"The solution has all the features that we need, however they do not work correctly."
"AlienVault provides a checklist answer when using SIEM."
"The setup is very easy and straightforward."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"The vulnerability manager and the file integration are very good."
"I haven't seen the use of AI in the solution."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The SIEM could be improved."
"Detections could be improved."
"The only minor concern is occasional interference with desired programs."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"ZTNA can improve latency."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The interface is very old. IBM should remake it into a more modern interface."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"Technical support is good, but not great."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"Do your research before implementing it, because it is tough to implement."
"The price of AT&T AlienVault USM could be reduced."
"This solution could be easier to use."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"I'd like to see a dashboard that's a little more descriptive."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. IBM Security QRadar is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, Splunk Enterprise Security, Microsoft Sentinel and Rapid7 InsightIDR. See our IBM Security QRadar vs. USM Anywhere report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.
The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.
I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.
Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.
is it the same now for Alienvault? What level of Linux knowledge is needed?
I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.