We performed a comparison between IBM Security QRadar and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the graphical interface. It's so good and easy."
"The best part of this solution is having a third-party SOC."
"It helps us discover any threats with their alerts and tracking."
"The rule engine is very easy to use — very flexible."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"There are a lot of great out-of-the-box features included."
"The stability is good."
"Scalability. I have never had to worry about how to handle really big environments."
"We've had great feedback from our customers about SevOne support. They're willing to set up a remote session upon request. You have to go through three tiers of support with most vendors, and they ask a lot of screening questions before they will do a remote session. You need to spend a lot of time before an engineer will host a remote session to look at your problematic system."
"SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful."
"The most valuable feature is the NMS because that's the core of the system. Without the NMS, the other tools aren't that usable."
"The most valuable feature as of late has been the API integration with ServiceNow."
"It also gives us the closest thing to real-time insight into network performance that we have, with just a 10-second delay. It's very important for us to know the health of the infrastructure very quickly."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"One of the most valuable features is the graphs, which you can build instantly. I have used some open-source platforms in the past, but they are not as good. With SevOne, the sampling in the graph can be every few seconds, not just every few minutes, and that's really helpful. It's really fast."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"Its architecture is very complicated."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"The technical support can be improved a little bit, and the price could be cheaper."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
"Would benefit with the addition of AI modules for proactive data insights."
"In terms of having a complete view of our network performance, I would rate it a nine out of 10. The reason for not giving it a 10 is that there is no packet capture associated with SevOne, but we do have other tools in place to do that."
"The tool needs improvement in non-Cisco SD-WAN."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"There are some tweaks and enhancements that I've already requested. One is to be able to make changes per device rather than as a global setting. That has to do with naming. It's minor."
"I'm not really sure if this was the software's fault or a server issue, but a couple of years back the disks were failing on our SevOne physical server every month and the server would go down. The secondary server took over from the primary until the disk issue was resolved. That was annoying."
"Their virtualization solution is not compatible with our Kubernetes environment, which is one of the reasons we are ending our relationship with them."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while IBM SevOne Network Performance Management (NPM) is ranked 31st in Log Management with 53 reviews. IBM Security QRadar is rated 8.0, while IBM SevOne Network Performance Management (NPM) is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of IBM SevOne Network Performance Management (NPM) writes "We can get a new vendor certified and monitored in our system significantly faster than before". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas IBM SevOne Network Performance Management (NPM) is most compared with Instana Infrastructure Monitoring, LogicMonitor, SolarWinds Network Device Monitor, Splunk Enterprise Security and Cisco Secure Network Analytics. See our IBM Security QRadar vs. IBM SevOne Network Performance Management (NPM) report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.