IBM QRadar vs Splunk

IBM QRadar is ranked 4th in Security Information and Event Management (SIEM) with 37 reviews vs Splunk which is ranked 1st in Security Information and Event Management (SIEM) with 38 reviews. The top reviewer of IBM QRadar writes "Correlates data across our global enterprise and integrates third-party solutions". The top reviewer of Splunk writes "Monitors all machine logins and actions taken on those machines under each user". IBM QRadar is most compared with Splunk, ArcSight and LogRhythm. Splunk is most compared with IBM QRadar, LogRhythm and ArcSight. See our IBM QRadar vs Splunk report.
Cancel
You must select at least 2 products to compare!
+Add products to compare
Most Helpful Review
Ibm qradar vs. splunk report from it central station 2018 03 04 thumbnail
Find out what your peers are saying about IBM QRadar vs Splunk and others in Security Information and Event Management (SIEM).
265,966 professionals have used our research since 2012.

Quotes From Members Comparing IBM QRadar vs Splunk

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered.Improved our organization's TCO.The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA).The pre-canned rules and reports in this product are a huge plus.Search capabilities are sufficient for most tasks.

Read more »

It is easy to use in any environment.The visibility is amazing with easy dashboard creation.We can do things in minutes instead of days.We solve issues that we previously could not since we now have the data.We can quickly search for almost anything across many log sources in seconds.It has a rapid response search environment in the event of an incident.The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns.My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.

Read more »

Cons
AI is superb but need improvements.Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.GUI needs to be improved.I would like to see a more user-friendly product.Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that.QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning.

Read more »

​Not even Splunk's support guy, who came to our firm, could help with defining proper role management.​Make it easier to include roles and user controls, as it is horrible now.The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code.AngularJS/ReactJS inclusion could be made easier in GUI.The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment.While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged.Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run.The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files.

Read more »

Pricing and Cost Advice
Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost.IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.Most of the time, it is easier and cheaper to buy a new product or the QRadar box.found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price.

Read more »

It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.Personnel costs are saved by not having to involve the domain developers from multiple teams when tracing a problem that spans multiple platforms.Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license.Our ROI is high.The licensing model can be expensive, but the value it provides is significant.Be upfront about your needs and expectations. Splunk is great to work with.Pricing can be a limiting factor. You have to continuously tune what you are bringing in and make sure what you bring in is of value.It can be tough to determine if you are getting all of the value out of your investment at times.

Read more »

Ibm qradar vs. splunk report from it central station 2018 03 04 thumbnail
Find out what your peers are saying about IBM QRadar vs Splunk and others in Security Information and Event Management (SIEM).
265,966 professionals have used our research since 2012.
Answers from the Community
Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Rhea Rapps
Anonymous avatar x30

It depends on the intended purpose of the tool and the type of people implementing it. Q-Radar tends to focus its out-of-the-box reports on compliance reporting, as well as tracking behavior-based tracking that is arduous for the DIY script writer. Having used both, they are both great platforms that take quite a bit of training to fully understand and wring the most value. Once you are at a steady state of log analysis, Q-Radar tends to be more useful on exploring "what we don't know" while Splunk tends to focus on confirming what I suspected, but didn't have the evidence.

If you love scripting and going after known deviations, there are alot of Splunk consultants and expertise for hire. This makes Splunk slightly better for small organizations. If known deviations are "table stakes" and you focus is on exploring risks currently unknown to you...then Q-Radar is the better option, in my opinion. Q-Radar's learning curve used to be slightly steeper than Splunk...but I've heard there is more automation and better training on the Q-Radar in the past few years.

13 February 18
Anonymous avatar x30

As all consultants say...it depends.
The elements I would factor in are:
1) How they are staffed?
2) What groups outside of security will use this tool?
3) Is this for SIEM or log management?
4) Size of environment

For" how are they staffed" question I think if you have developers and scripting expertise in house then this makes for a strong case for Splunk. If not then Q-Radar may be a better fit.

The next question..."what groups outside the security group with use this tool?". Splunk does a lot of items that are really nice to haves, but don't necessarily fall into the security space. So if folks outside of security team will use the tool and subsequently help fund the endeavor this makes a strong case for Splunk. If this is a pure play security need, then out of the box, I feel this is a strong case for Q-Radar

Is this for SIEM or log management? By default Splunk is not a SIEM, once you buy the SIEM/Security license then it becomes a SIEM. That being said, it does log management and analytics very well. Out of the box Q-Radar is a very effective SIEM with tons of pre-set rules. So obviously if this is a pure play log management move, then Splunk becomes a strong choice here.

Size of environment. Because the Splunk licensing model is based on the number of events being produced in your environment, then this is a factor that must be considered. Q-Radar on the other hand is one of most straight-forward SIEM installations, and shortest time to value out there. As such, they have often been associated with small to mid sized organizations.

There are other factors out there to consider...this is in no means an all encompassing list, however, I feel if you ask yourself these questions, at a minimum , then your answers becomes a lot clearer.

13 February 18
Anonymous avatar x30

The answer of course is, it depends. They are both great tools. In my experience, Splunk would be viewed favorably by teams that prefer scripting and building their own capabilities. Splunk does also has an add-on ES module that is pre-configured to address many common security/compliance reporting needs. I have less experience with Q-Radar relative to Splunk however I did recommend Q-Radar to a company who wanted something they could deploy rapidly to satisfy a HIPAA reporting requirement. My observation is that Q-Radar may have more compliance-related reporting out of the box relative to Splunk.

13 February 18
Ranking
RANKING
Views
38,743
Comparisons
26,574
Reviews
37
Followers
3,031
Avg. Rating
8.3
Views
86,227
Comparisons
67,610
Reviews
19
Followers
3,653
Avg. Rating
8.0
Top Comparisons
Top Comparisons
Splunk logo
Compared 50% of the time.
Micro focus logo
Compared 12% of the time.
Logrhythm
Compared 11% of the time.
See more IBM QRadar competitors »
Ibm
Compared 20% of the time.
Logrhythm
Compared 15% of the time.
Micro focus logo
Compared 8% of the time.
See more Splunk competitors »
Also Known As
Also Known AsQRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
Website/Video
Website/VideoIBM
  • Vendor 7400 screenshot 1524637054
Splunk
  • Vendor 8038 screenshot 1519505566
OverviewQuestionmark icon
Overview

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

OFFER
Learn more about IBM QRadar
Learn more about Splunk
Sample Customers
Sample CustomersClients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Top IndustriesQuestionmark icon
Top Industries
REVIEWERS
Financial Services Firm
25%
Transportation Company
21%
Health, Wellness And Fitness Company
8%
Pharma/Biotech Company
8%
VISITORS READING REVIEWS
Financial Services Firm
20%
Comms Service Provider
13%
Philanthropy
6%
Healthcare Company
6%
REVIEWERS
Financial Services Firm
19%
Retailer
16%
Energy/Utilities Company
13%
Insurance Company
10%
VISITORS READING REVIEWS
Financial Services Firm
16%
Comms Service Provider
11%
Energy/Utilities Company
7%
Manufacturing Company
6%
Company SizeQuestionmark icon
Company Size
REVIEWERS
Small Business
23%
Midsize Enterprise
11%
Large Enterprise
66%
VISITORS READING REVIEWS
Small Business
24%
Midsize Enterprise
19%
Large Enterprise
58%
REVIEWERS
Small Business
18%
Midsize Enterprise
12%
Large Enterprise
70%
VISITORS READING REVIEWS
Small Business
13%
Midsize Enterprise
20%
Large Enterprise
67%
Ibm qradar vs. splunk report from it central station 2018 03 04 thumbnail
Find out what your peers are saying about IBM QRadar vs Splunk and others in Security Information and Event Management (SIEM).
Download now
265,966 professionals have used our research since 2012.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email