IBM Security QRadar Previous Solutions
KM
Kjell Morkeng
Head of Cyber security analysis at DNV Poland Sp. z o.o.
We are also using a Microsoft solution called Azure Advanced Threat Protection. It provides similar UBA features but only for a Microsoft environment. Most UBA products do exactly the same thing. I haven't tried many other solutions besides QRadar, Microsoft, and Splunk.
Splunk is brilliant. It does the same thing, but it's slightly more expensive, so we selected IBM. Microsoft's solution is a little cheaper, but it lacks Linux support currently. There are minor differences, but we went with IBM in this case because it has the best support.
View full review »I have used many other solutions previously, such as Splunk and McAfee SIEM tool.
View full review »SK
SaiKrishna2
Cyber Security Analyst at Diyar United Company
Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.
YE
reviewer1974018
Technical Analyst at a manufacturing company with 10,001+ employees
I used the solution, switched to Splunk, then switched back to the solution.
View full review »We used to use ArcSight. I can't even begin to compare these two products because ArcSight was a solution managed entirely by our security operations center team. We didn't have full knowledge of what the solution was capable of. Now we're seeing a much larger universe with QRadar — I think it's a completely different thing. QRadar is much more capable than ArcSight.
View full review »Depending on what the client is looking for I have used and recommended ArcSight, Splunk, and Cisco.
View full review »BS
Berik Sultanbekov
CS engineer at AYACOM
We are using Azure Sentinel for our cloud-based solutions. The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.
Azure Sentinel doesn't have many connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM.
If we start to collect all logs from our on-premise SIEM solutions, Azure Sentinel will cost much more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than QRadar.
View full review »RR
reviewer1409433
Cyber Security Specialist at a tech vendor with 10,001+ employees
I've also worked with Sentinel, Splunk, QRadar, and LogRhythm.
View full review »ST
Simon Thornton
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
I work with Prelude, which is by a French company. It is a basic beginner's SIEM. If you never had a SIEM before and you wanted to experiment, this is where you would start, but it is probably that you would leave very quickly. I've also worked with ArcSight and Splunk.
My recommendation would depend upon your technical appetite or your technical capability. QRadar is essentially a Linux-based Red Hat appliance. Unfortunately, you still need some Linux knowledge to work with this effectively. Not everything is through the GUI.
Comparing it with Splunk, in terms of licensing, IBM's model is simpler than Splunk's model. Splunk has two models. One is volume metrics, so you pay for the number of bytes that are transmitted daily. The other one is based upon the number of events per second, which they introduced relatively recently. Splunk can be more expensive than QRadar when you start to get into adding what they call indexes. So, basically, you create specific indexes to hold, for instance, logs related to Cisco. This is implicit within QRadar, and it is designed that way, but within Splunk, if you want to get that performance and you have large volumes of logs, you need to create indexes. This is where the cost of Splunk can escalate.
We have been switching for some time between Micro Focus ArcSight and IBM QRadar.
View full review »DL
reviewer2303580
Head of Cybersecurity at a computer software company with 51-200 employees
I have experience with Splunk. My company deals with Splunk since we had no choice owing to the fact that one or two customers wanted it.
In the past, I was using open-source products, including solutions like Elastic Security and Wazuh.
My company decided to switch from Wazuh to IBM Security QRadar.
Yes, we switched over from NNT to QRardar. This product is more detailed. Expensive but definitely more detailed! :)
View full review »My company has customers using Splunk and Chronicle SIEM. When comparing Splunk and IBM Security QRadar, they indeed offer similar features, but their business models differ. Chronicle SIEM predominantly operates in the cloud. However, we cannot offer the cloud model if a customer prefers an on-premises solution.
Splunk and IBM Security QRadar both cater to diverse deployment preferences. Splunk boasts a slightly more robust correlation engine than IBM Security QRadar. Splunk tends to be marginally more expensive than IBM Security QRadar.
View full review »We have used other solutions, but that was years ago. We've had QRadar for four years. Before that, it was the Symantec solution. The landscape for SIEM has changed progressively over the years.
You're not even talking about the same set of requirements around those things. We just needed to upgrade. We needed the speed, the flexibility, and we needed the correlation building block pieces of it.
View full review »SJ
reviewer993816
Senior Security Engineer at a tech services company with 1,001-5,000 employees
We work with LogRhythm as well as QRadar, as well as NetIQ Sentinel, Azure Sentinel and others.
View full review »We were previously using a different solution that just wasn't getting the job done. It was taking too long to get where we needed to get to.
AK
Ashok KumarLokhande
Cyber Security Consultant at raf
I do not have any experience with other SIEM solutions. QRadar is the first one for me.
View full review »PK
reviewer1584831
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees
We used to use Splunk.
View full review »I'm assuming that the main reason my company chose IBM QRadar is that IBM is one of the biggest tech companies in the world, so IBM products would be more secure and more reliable than other solutions.
AI
chieftec1015569
Chief Technology Officer at a tech services company with 51-200 employees
We tested a few other solutions including AlienVault, Splunk, Micro Focus, and Outside. QRadar was the best of the breed for our needs and for a big system like ours, it's less complex than Splunk or Outside.
JN
reviewer1477878
Director of Information Security at a financial services firm with 501-1,000 employees
Previously, I did not use another solution.
View full review »MM
Muhammad Moqeet
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel
I have experience working with Splunk and I find that the searching capabilities are better with it. Also, the processing time in Splunk is better. With QRadar UBA, when you have three, four, or five rules together, it takes more time to respond.
View full review »VP
reviewer774660
Manager-Cloud Security Operations at a retailer with 10,001+ employees
I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.
View full review »We weren't previously using a different solution. As security becomes more and more important, we added different security components from IBM, with QRadar being the last one. We needed some way to see all the data, all the information, and get it together in one single source of truth.
View full review »We were using a different solution, and we moved to QRadar. It has some more benefits than our previous solution. We have totally transferred to QRadar now.
View full review »We did not have any previous solution. We have used only QRadar for the last six years. Even at that time, it was leader in Gartner and so it remained. It is very user friendly.
View full review »When I started out, this product was already bought and implemented by my company.
View full review »RO
reviewer1318914
Information Security Specialist at a comms service provider with 501-1,000 employees
The organization didn't previously use a different solution before choosing QRadar.
We actually switched to LogRhythm as I didn't like how the solution was working for the organization.
View full review »It was functionality which drove us to change. QRadar had better functionality than what we were getting out of the previous solution. Scale was probably also a factor at that time. It was right after IBM bought Q1 Labs, so it was an industry leader along with some others. We did an evaluation and QRadar came out on top.
View full review »I used ArcSight at a previous company. I would much rather have a correctly scoped and built QRadar to manage. However, as a consumer of ArcSight, it was a very good product.
View full review »We didn't have a previous solution. We kind of inherited it as part of another acquisition from IBM, and then we scaled it up to meet our capacity.
View full review »We have only been using this solution. We have not used any other solutions.
View full review »We had limited experience with RSA enVision, LogRhythm, and HPE ArcSight. QRadar is much easier and takes less time to implement and maintain.
View full review »JT
JohnTamakloe
Solution Architect at Ostec
We've only ever used IBM.
View full review »IBM QRadar is the best SAN solution we have used compared to the others.
View full review »OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
I have used Splunk in the past.
View full review »WP
Vulnera08667
Vulnerability Manager at a tech services company with 51-200 employees
We used Splunk in the past and we are using both products at the same time.
View full review »We did not previously use a different solution.
View full review »We were not previously using a different solution. IBM approached us with best practices and they conducted a survey. They control our infrastructure and security; they advised us in regards to the product. After a series of discussions, our management decided to go ahead with certain pilots, so as to see the efficiency and then finally decided on this solution.
View full review »GR
Gian Michele Roletto
SOC Manager at Nais Srl
AS
Andris Soroka
Co-owner and CEO at Data Security Solutions
We have worked with other solutions. Splunk is a long-term trap because it is very expensive, and it gets more and more expensive. It has different times, and it is integrated with different products. When you combine that together with licensing, it obviously fails. You are paying a lot more than QRadar.
LogRhythm has some problems with stability. We were the first partner to do some integrations with LogRhythm, but we had some problems. ArcSight was smaller at the time but not anymore. It is now a competitor. Fortinet is very good for those who are already using some software products from them.
View full review »JK
reviewer810204
Lead Security Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
We previously used McAfee and ArcSight. We made the switch to IBM QRadar for scalability, ease of administration and use.
View full review »We had McAfee, but we are ending our use of it. There are only some small implementations that are running with it. We are no longer developing with it. I think in the future, we will switch to QRadar. This is because we don't want to have two separate platforms.
RSA enVision was being used with one of our banking customers. However, we transferred to QRadar last year.
View full review »We didn’t have a previous solution. We have always used QRadar.
View full review »JJ
reviewer1488321
Managed Security Product at a comms service provider with 1,001-5,000 employees
We were using ArcSight from Micro Focus, but we were having some challenges integrating with the systems, with the APIs, and with the connectors. That's why we moved to IBM.
View full review »WP
Vulnera08667
Vulnerability Manager at a tech services company with 51-200 employees
We went with QRadar because it's a more well-known product. I was only using the AlienVault Community Edition, a free version. It wasn't a fully-paid version I was using at the time. IBM QRadar was just the product the company was using.
View full review »It was easy to know we needed a new solution; when you have Symantec's DLP that's really crappy and they end-of-life it, you've got to start looking for other products. That's why we changed.
View full review »We just really sold our CIO and CTO on the fact that we need to do better than we are, where we're at today. We had a lot of virus challenges, like most companies, and malware, so we had to figure out how to reduce that.
View full review »MD
Mathieu Dorckel
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees
My service since the beginning has been to only sell and manage QRadar.
View full review »SU
reviewer1136397
Team Lead - Information Security at a computer software company with 10,001+ employees
We did not use a different solution. We chose this due to the fact that it's an industry-accepted solution. The use cases are easy to configure in multiple things that we considered important while taking the solution.
View full review »RP
reviewer1520922
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.
View full review »- We were using SPLUNK. Licensing does not allow you to expose Splunk screens to customers (we are an ISP and IT service provider).
- Mcafee Nitro was too expensive
- Arcsight takes too long to install and tune
AF
Cyberspec67
Cyber Security Specialist at AEC
I've used Alien Vault, McAfee, and Splunk.
View full review »SS
Srijan-Sivakumar
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd
Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.
View full review »BB
WiseCat
Enterprise Architect, CISSP at a tech services company with 1,001-5,000 employees
I also have experience using Splunk.
View full review »We did not use any solutions before QRadar.
View full review »
No, I did not use a separate solution, although I have read and heard about different solutions from the various clients I have met with. Clients switch to using QRadar because they say that maintaining and administering other solutions becomes a hassle and requires trained personnel. Another reason clients switch to using QRadar because of cost.
View full review »
Initially, we were using another IBM product. With QRadar, we are getting better outputs such as the reports and other outputs.
The reason why we chose IBM is because we are using so many products from IBM today.
In general, the most important criteria that we look for while selecting a vendor are that there should be other proven solutions offered by the vendor and they need to be a type of investigator since we belong to a specific healthcare industry. So, we are very careful when we are choosing a vendor.
I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.
View full review »JS
Shaikh Jamal Uddin
Cybersecurity Architecture and Technology Lead at Appxone
Mcafee, switched due to the bad correlation of data.
View full review »LY
Luis Yndigoyen
Partner at a tech services company with 1-10 employees
We previously used Oracle BPM. We switched for a BPM project with IBM, because it has a better tool at the same price level range.
View full review »OO
Olakanmi Oluwole
Cyber threat Intelligence Manager at CyberLab Africa
We have used other solutions in the past.
View full review »MK
reviewer1348482
Practice Head at a tech services company with 51-200 employees
I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.
View full review »AC
AndyChan3
General manager at a tech services company with 201-500 employees
We developed our own application to use as a SIEM, but we switched to QRadar.
View full review »Previously, I was using McAfee Nitro. Comparing with McAfee, QRadar is user-friendly and easy to use.
View full review »DC
Douglas Concepcion
Security Solutions Architect at Micro Strategies
We originally used ArcSight, which got cumbersome and expensive. Also, HPE ruins everything that it touches. Therefore, we moved to QRadar.
View full review »We used another solution and we switched due to false positives.
View full review »OO
Oscar Orellana
Founder at a university with 11-50 employees
I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.
View full review »I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.
View full review »We were not using any other solution previously. This was my first solution. I am still working on it. I also have experience with McAfee Nitro and LogRhythm.
View full review »I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.
View full review »AS
reviewer841053
Cyber Security Team Leader at a tech services company with 501-1,000 employees
We used ArcSight.
View full review »Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.