We performed a comparison between ArcSight Intelligence and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The main benefit is the ease of integration."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The Log analytics are useful."
"The analytic rule is the most valuable feature."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The platform helps us improve threat detection capabilities."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The product has a valuable interface."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"The visibility it gives you into your infrastructure has been great."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"It is a very good SIEM."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"Search capabilities are sufficient for most tasks."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel's reporting is complex and can be more user-friendly."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence's pricing needs improvement."
"We haven't found the product fully scalable."
"I would like to see some artificial intelligence and alternative solutions."
"The interface is very old. IBM should remake it into a more modern interface."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"IBM QRadar could improve the plugins and threat detection."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"The AI engine could be smarter."
ArcSight Intelligence is ranked 15th in User Entity Behavior Analytics (UEBA) with 5 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Intelligence is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM. See our ArcSight Intelligence vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.