2014-06-25T11:01:00Z

IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?


What are your experiences with these vendors/solutions? Pros and Cons?

Guest
66 Answers

author avatar
Vendor

Hello ,
As someone who worked with Splunk, Arcsight and Qradar.
I am sorry but you cant compare between those two .
IBM QRADAR works great with 100 eps and with 100000 eps.
IBM Qradar analyze not only logs but Traffic, Policey's, Vulnerabilities, OSINT Data and integrates them all into a single quilty event which made the analysis factor and easter Risk management Risk assessment.
Even in an SMB business
So you cant compare those two.

2015-05-07T13:24:25Z
author avatar
Consultant

I cannot respond to the query as I have worked with solutions based on NetIQ and AcrSight.
1. I feel the query is very generic and can not have any tangible response other than users listing their side of the stories (experience) while tabulating Pros & Cons would be inconclusive.
2. The vendors mentioned (McAfee, Splunk, LogRhythm and IBM Q1 Labs) are from the top quadrant and are very much comparable based on evaluation parameters such as List of Features, capabilities and capacities, Integration to other corporate IT security tools etc. 
3. Methodology used by Gartner for evaluation of vendors for SIEM Quadrant should also be kept in view to get a realistic comparison. I feel, its not a real Apple-to-Apple comparison nor can be used as a measure to influence the decision making for a new deployment (or migration to another vendor)
4. I also feel that vendor experiences, most of the times are dependent on how clear you are of your own Security Landscape, Compliance & Regulatory drivers and requirements. 

Thanks
Rajendra Nag

2014-06-26T12:22:47Z
author avatar
Top 20Real User

Unfortunately while evaluating SIEM solutions I was unable to evaluate the IBM solution. I tried to work with IBM for two weeks to get an evaluation of the product and finally gave up.

I think Splunk is an incredibly diverse and flexible product; however, if you are just looking for a SIEM I think it's a bit overcomplicated.

Our company choose SolarWinds LEM due to it's ease of deployments for small to mid sized environments and we have a good track record working with SolarWinds as a vendor.

2014-06-26T04:58:38Z
author avatar
Top 10Reseller

I asked this question in a previous discussion, what is your experience with the solutions?

I went to Infoworld and found some pretty interesting results - http://www.infoworld.com/log-management-solutions-the-features-781

It seems that based on price, GFI took the prize with $220/server $22/workstation.

But based on features and sheer capability, Arcsight took the prize there.

Additional findings bring up HP Arcsight, IBM Q1 Radar and McAfee Nitro as the industry leaders - Gartner Magic Quadrant from 2013 - http://infosecnirvana.com/siem-product-comparison-101/

But if you were to go to the comparison charts:

Cons
HP Arcsight - Complex, Suited for Medium to large deployments, learning curve, skilled employees
IBM Q1 Radar - Limited Customization, limited multitenancy support, limited use case configuration
McAfee Nitro - Very basic correlation capabilities, requires agent installs, no analytics capability, limited customization, limited support for multi-tier, multi-tenancy

There are others these seem to be the leaders in the industry.

So from the report from Gartner, Infoworld and Infosecnirvana.com, they all seem to think that HP Arcsight is the way to go

Todd

2014-06-25T13:45:30Z
author avatar
Vendor

Hi,

I disgree for SME installation since Q1 is usually on a large scale
installation. While expertise on the product is still needed including
integration with other security platforms.

Splunk/LogRythm is good for Network correlation only not focusing much on the
security area.

McAfee is ok for both SME and Enterprise whilst expertise should also be
considered as they have an easy and available tool for integration with their
ticketing system, IPS, and AV.

Hope this helps.

Cheers,
Lilet

2014-06-25T13:12:55Z
author avatar
Vendor

Its is now an easy and clear answer.
It depends on the environment, the integration needed, and the staff expertise.

IBM is usually a better solution for large/very large installations and integration.
But it requires much more staff and skills.

But for smaller environments Splunk and LogRhytm is better.

McAfee is correctly rated against others.

So the answer is YES/AGREE for large installations.

And NO/DISAGREE for smaller ones.

2014-06-25T12:35:11Z
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM). Updated: October 2020.
442,194 professionals have used our research since 2012.