IBM Security QRadar vs Splunk User Behavior Analytics comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.

Find out in this report how the two User Entity Behavior Analytics - UEBA solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed IBM Security QRadar vs. Splunk User Behavior Analytics Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The threat hunting capabilities in general are great.""It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.""I like the graphical interface. It's so good and easy.""Vulnerability detection is the most valuable feature. It's the tool that finds the threats.""The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.""One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft.""The timeline and machine learning features are great.""It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."

More IBM Security QRadar Pros →

"Splunk is more user-friendly than some competing solutions we tried.""This intelligent user behavior analytics package is easy to configure and use while remaining feature filled.""The solution appears to be stable, although we haven't used it heavily.""The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus.""It's easily scalable.""The most valuable features are the indexing and powerful search features.""This is a good security product.""The product is at the forefront of auto-remediation networking. It's great."

More Splunk User Behavior Analytics Pros →

Cons
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.""Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.""Solution has too many menus that require going to two or three sub-monitors to enter the QRadar.""IBM is going through some problems with its resources currently making its support response time slow.""The solution is clunky.""The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.""The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference.""I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."

More IBM Security QRadar Cons →

"In the future I would like to see simplified statistics and analytical threats.""The initial setup was complex because some of the configurations that we required needed customization.""We'd like the ability to do custom searches.""I would like improved downward integration with other tools such as McAfee and other GCP solutions.""Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.""The correlation engine should have persistent and definable rules.""There are occasional bugs.""It could be easier to scale the solution if you are using it on-premise, not in the cloud."

More Splunk User Behavior Analytics Cons →

Pricing and Cost Advice
  • "found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
  • "Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
  • "It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
  • "The maintenance costs are high."
  • "Pricing (based on EPS) will be more accurate."
  • More IBM Security QRadar Pricing and Cost Advice →

  • "I hope we can increase the free license to be more than 5 gig a day. This would help people who want to introduce a POC or a demo license for the solution."
  • "My biggest complaint is the way they do pricing... You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly."
  • "There are additional costs associated with the integrator."
  • "The licensing costs is around 10,000 dollars."
  • "Pricing varies based on the packages you choose and the volume of your usage."
  • "I am not aware of the price, but it is expensive."
  • More Splunk User Behavior Analytics Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which User Entity Behavior Analytics - UEBA solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Top Answer:We are really pleased with Splunk and its features. It would be practically impossible to function without it To provide a general overview of the system, it's important to note that the standard… more »
    Top Answer:I am not aware of the price, but it is expensive. A rough estimate would be around 150 gigabytes, given the huge amount of data. At the moment there are no additional costs for maintenance.
    Top Answer:Currently, we do not have any specific improvement projects in progress. However, we have partnered with some companies that are constantly working on improving the system. Therefore, I believe it's… more »
    Ranking
    Views
    3,556
    Comparisons
    2,073
    Reviews
    33
    Average Words per Review
    481
    Rating
    7.6
    Views
    2,291
    Comparisons
    1,467
    Reviews
    5
    Average Words per Review
    374
    Rating
    8.6
    Comparisons
    Also Known As
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    Caspida, Splunk UBA
    Learn More
    Splunk
    Video Not Available
    Overview

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics – for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
    Offer
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Learn more about Splunk User Behavior Analytics
    Sample Customers
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Comms Service Provider10%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company15%
    Financial Services Firm10%
    Government6%
    REVIEWERS
    Financial Services Firm44%
    Insurance Company11%
    Government11%
    Security Firm11%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government10%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise29%
    Large Enterprise51%
    REVIEWERS
    Small Business31%
    Midsize Enterprise31%
    Large Enterprise38%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise11%
    Large Enterprise69%
    Buyer's Guide
    IBM Security QRadar vs. Splunk User Behavior Analytics
    March 2024
    Find out what your peers are saying about IBM Security QRadar vs. Splunk User Behavior Analytics and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    IBM Security QRadar is ranked 1st in User Entity Behavior Analytics - UEBA with 197 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics - UEBA with 17 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiAnalyzer, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Varonis Datalert, Cynet and Exabeam Fusion SIEM. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.

    See our list of best User Entity Behavior Analytics - UEBA vendors.

    We monitor all User Entity Behavior Analytics - UEBA reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.