IBM QRadar vs Splunk

IBM QRadar is ranked 3rd in Security Information and Event Management (SIEM) with 37 reviews vs Splunk which is ranked 1st in Security Information and Event Management (SIEM) with 19 reviews. The top reviewer of IBM QRadar writes "Correlates data across our global enterprise and integrates third-party solutions". The top reviewer of Splunk writes "Monitors all machine logins and actions taken on those machines under each user". IBM QRadar is most compared with Splunk, Micro Focus ArcSight and LogRhythm. Splunk is most compared with IBM QRadar, LogRhythm and Micro Focus ArcSight. See our IBM QRadar vs Splunk report.
Cancel
You must select at least 2 products to compare!
+Add products to compare
Most Helpful Review
Ibm qradar vs. splunk report from it central station 2018 01 04 thumbnail
Find out what your peers are saying about IBM QRadar vs. Splunk and others in Security Information and Event Management (SIEM)
254,138 professionals have used our research since 2012.

Quotes From Members Comparing IBM QRadar vs Splunk

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered.Improved our organization's TCO.The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA).The pre-canned rules and reports in this product are a huge plus.Search capabilities are sufficient for most tasks.

Read more »

The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time.We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster.Deployment server for deploying changes in one go.Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effortSplunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them.To get visibility from your network devices, servers, and security devices is a great feature.It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar.The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data.

Read more »

Cons
AI is superb but need improvements.Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.GUI needs to be improved.I would like to see a more user-friendly product.Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that.QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning.

Read more »

I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor.Professional support is great, but too expensive.The GUI can be improved to include some of the capabilities that other BI solutions have.The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating.Better directions on search head clusters.Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources.It requires a significant amount of relatively complex architecture once you push past the single server instance.It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded.

Read more »

Pricing and Cost Advice
Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost.IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.Most of the time, it is easier and cheaper to buy a new product or the QRadar box.found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price.

Read more »

Setup cost is cheap: It is free, it is user-friendly, and it is fast.I would highly recommend anyone evaluating this option to download the free trial which allows for the ingestion of 500MB of data per day in order to get a feel for what Splunk does at its core. It will get pricey once your ingestion rates start to sky rocket, but I would consider it expensive given the amount of information that it allows you to analyze and react on straight out-of-the-box.ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product.While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events.Pricing is pretty fair.Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price.You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive.Splunk Enterprise becomes extremely expensive after the 20GB/month license.

Read more »

Ibm qradar vs. splunk report from it central station 2018 01 04 thumbnail
Find out what your peers are saying about IBM QRadar vs. Splunk and others in Security Information and Event Management (SIEM)
254,138 professionals have used our research since 2012.
Answers from the Community
Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Rhea Rapps
Anonymous avatar x30

As all consultants say...it depends.
The elements I would factor in are:
1) How they are staffed?
2) What groups outside of security will use this tool?
3) Is this for SIEM or log management?
4) Size of environment

For" how are they staffed" question I think if you have developers and scripting expertise in house then this makes for a strong case for Splunk. If not then Q-Radar may be a better fit.

The next question..."what groups outside the security group with use this tool?". Splunk does a lot of items that are really nice to haves, but don't necessarily fall into the security space. So if folks outside of security team will use the tool and subsequently help fund the endeavor this makes a strong case for Splunk. If this is a pure play security need, then out of the box, I feel this is a strong case for Q-Radar

Is this for SIEM or log management? By default Splunk is not a SIEM, once you buy the SIEM/Security license then it becomes a SIEM. That being said, it does log management and analytics very well. Out of the box Q-Radar is a very effective SIEM with tons of pre-set rules. So obviously if this is a pure play log management move, then Splunk becomes a strong choice here.

Size of environment. Because the Splunk licensing model is based on the number of events being produced in your environment, then this is a factor that must be considered. Q-Radar on the other hand is one of most straight-forward SIEM installations, and shortest time to value out there. As such, they have often been associated with small to mid sized organizations.

There are other factors out there to consider...this is in no means an all encompassing list, however, I feel if you ask yourself these questions, at a minimum , then your answers becomes a lot clearer.

13 February 18
Anonymous avatar x30

It depends on the intended purpose of the tool and the type of people implementing it. Q-Radar tends to focus its out-of-the-box reports on compliance reporting, as well as tracking behavior-based tracking that is arduous for the DIY script writer. Having used both, they are both great platforms that take quite a bit of training to fully understand and wring the most value. Once you are at a steady state of log analysis, Q-Radar tends to be more useful on exploring "what we don't know" while Splunk tends to focus on confirming what I suspected, but didn't have the evidence.

If you love scripting and going after known deviations, there are alot of Splunk consultants and expertise for hire. This makes Splunk slightly better for small organizations. If known deviations are "table stakes" and you focus is on exploring risks currently unknown to you...then Q-Radar is the better option, in my opinion. Q-Radar's learning curve used to be slightly steeper than Splunk...but I've heard there is more automation and better training on the Q-Radar in the past few years.

13 February 18
Anonymous avatar x30

The answer of course is, it depends. They are both great tools. In my experience, Splunk would be viewed favorably by teams that prefer scripting and building their own capabilities. Splunk does also has an add-on ES module that is pre-configured to address many common security/compliance reporting needs. I have less experience with Q-Radar relative to Splunk however I did recommend Q-Radar to a company who wanted something they could deploy rapidly to satisfy a HIPAA reporting requirement. My observation is that Q-Radar may have more compliance-related reporting out of the box relative to Splunk.

13 February 18
Ranking
RANKING
Views
38,653
Comparisons
26,381
Reviews
37
Followers
3,066
Avg. Rating
8.3
Views
87,488
Comparisons
68,376
Reviews
19
Followers
3,704
Avg. Rating
8.0
Top Comparisons
Top Comparisons
Splunk logo
Compared 31% of the time.
Micro focus logo
Compared 11% of the time.
Logrhythm
Compared 8% of the time.
See more IBM QRadar competitors »
Ibm
Compared 11% of the time.
Logrhythm
Compared 9% of the time.
Micro focus logo
Compared 8% of the time.
See more Splunk competitors »
Also Known As
Also Known AsQRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
Website/Video
Website/VideoIBM
  • Vendor 7400 screenshot 1514653938
Splunk
  • Vendor 8038 screenshot 1514061952
OverviewQuestionmark icon
Overview

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

Sample Customers
Sample CustomersClients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Top IndustriesQuestionmark icon
Top Industries
REVIEWERS
Financial Services Firm
25%
Transportation Company
21%
Health, Wellness And Fitness Company
8%
Pharma/Biotech Company
8%
VISITORS READING REVIEWS
Financial Services Firm
19%
Comms Service Provider
14%
Philanthropy
6%
Healthcare Company
6%
REVIEWERS
Financial Services Firm
29%
Energy/Utilities Company
18%
Retailer
18%
Manufacturing Company
6%
VISITORS READING REVIEWS
Financial Services Firm
17%
Comms Service Provider
11%
Energy/Utilities Company
7%
Manufacturing Company
6%
Company SizeQuestionmark icon
Company Size
REVIEWERS
Small Business
24%
Midsize Enterprise
11%
Large Enterprise
64%
VISITORS READING REVIEWS
Small Business
24%
Midsize Enterprise
18%
Large Enterprise
58%
REVIEWERS
Small Business
19%
Midsize Enterprise
6%
Large Enterprise
74%
VISITORS READING REVIEWS
Small Business
14%
Midsize Enterprise
18%
Large Enterprise
68%
Ibm qradar vs. splunk report from it central station 2018 01 04 thumbnail
Find out what your peers are saying about IBM QRadar vs. Splunk and others in Security Information and Event Management (SIEM)
Download now
254,138 professionals have used our research since 2012.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email