Compare EventTracker vs. IBM QRadar

EventTracker is ranked 5th in Security Information and Event Management (SIEM) with 10 reviews while IBM QRadar is ranked 3rd in Security Information and Event Management (SIEM) with 45 reviews. EventTracker is rated 8.8, while IBM QRadar is rated 8.4. The top reviewer of EventTracker writes "Real-time alerts and managed services reports give me a view of the landscape, things that might have slipped through the cracks". On the other hand, the top reviewer of IBM QRadar writes "Enables us to handle the most critical attacks and integrates well with other solutions". EventTracker is most compared with Splunk, AT&T AlienVault USM and LogRhythm NextGen SIEM, whereas IBM QRadar is most compared with Splunk, LogRhythm NextGen SIEM and ELK Logstash. See our EventTracker vs. IBM QRadar report.
Cancel
You must select at least 2 products to compare!
EventTracker Logo
2,531 views|767 comparisons
IBM QRadar Logo
39,552 views|27,868 comparisons
Most Helpful Review
Find out what your peers are saying about EventTracker vs. IBM QRadar and other solutions. Updated: January 2020.
397,717 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one.The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on.They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days.I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows.If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective.The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like.The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location.

Read more »

The ability to transition from microscopic to macroscopic view, instantly, is very good.Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.It is very stable. We have not faced interruptions in the past four and a half years.It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well.This solution has allowed us to correlate logs from multiple sources.We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens.Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution.This solution provides me with various alarms, and I have found security issues with some of my other products.

Read more »

Cons
It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email.With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again.Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging.The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated.Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it.I would like to see the dashboard come up more quickly.The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open.There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days.

Read more »

I would like to see a better GUI.AI is superb but need improvements.Technical support is good, but not great.We would like to see better instrumentation for debugging changes in the log flow.The interface is very old. IBM should remake it into a more modern interface.There are reports that I would like to generate that are either not included, or I cannot find.There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic.It is very difficult to activate all of the network equipment, and it would help if it were made easier.

Read more »

Pricing and Cost Advice
When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service.EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting.In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money.I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year.The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high.The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same.Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good.The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value.

Read more »

The pricing needs to be such that they are more competitive with other vendors.There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from.Our licensing costs for this solution is on a yearly basis.It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows.QRadar is quite expensive. It wouldn't be worth it for a small business...I would like for them to lower the price.The pricing is good.

Read more »

report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
397,717 professionals have used our research since 2012.
Ranking
Views
2,531
Comparisons
767
Reviews
10
Average Words per Review
2,033
Avg. Rating
8.7
Views
39,552
Comparisons
27,868
Reviews
37
Average Words per Review
422
Avg. Rating
8.4
Top Comparisons
Compared 38% of the time.
Compared 16% of the time.
Compared 31% of the time.
Compared 10% of the time.
Compared 10% of the time.
Also Known As
QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
Learn
Netsurion
IBM
Overview

EventTracker by Netsurion delivers actionable security intelligence that empowers organizations of any size to effectively detect and respond to advanced threats.

EventTracker Security Center
EventTracker Security Center is one platform for all critical SIEM capabilities necessary for real-time security monitoring, advanced threat detection and response, and audit-ready compliance. With Security Center, you are able to quickly identify security threats, malware, unusual behavior and suspicious network traffic, and respond more effectively.

EventTracker SIEMphonic
EventTracker SIEMphonic is our Co-Managed SIEM service that functions as an extension of your team to strengthen defenses, respond in real-time, control costs, and optimize your team's abilities. EventTracker SIEMphonic is includes our own award-winning platform that has been included in the Gartner Magic Quadrant for SIEM for 11 consecutive years. Whether on-premise or in the cloud, our 24/7 ISO/IEC 27001-certified Security Operations Center (SOC) provides expertise so you can focus on the unique requirements of your organization.

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

Offer
Learn more about EventTracker
Learn more about IBM QRadar
Sample Customers
The Salvation Army, The FRESH Market, Pacific Western Bank, AAOS, Vanderbilt University, TalbotsClients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Top Industries
REVIEWERS
University22%
Financial Services Firm22%
Energy/Utilities Company22%
Pharma/Biotech Company11%
VISITORS READING REVIEWS
Software R&D Company32%
Financial Services Firm10%
Manufacturing Company9%
Comms Service Provider8%
REVIEWERS
Financial Services Firm26%
Transportation Company14%
Pharma/Biotech Company6%
Health, Wellness And Fitness Company6%
VISITORS READING REVIEWS
Software R&D Company33%
Comms Service Provider17%
Financial Services Firm8%
Media Company8%
Company Size
REVIEWERS
Small Business30%
Midsize Enterprise20%
Large Enterprise50%
REVIEWERS
Small Business36%
Midsize Enterprise16%
Large Enterprise48%
VISITORS READING REVIEWS
Small Business16%
Midsize Enterprise24%
Large Enterprise60%
Find out what your peers are saying about EventTracker vs. IBM QRadar and other solutions. Updated: January 2020.
397,717 professionals have used our research since 2012.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.