We performed a comparison between IBM Security QRadar and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Most of the features are good. It is an excellent solution."
"Technical support is good overall."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"I have found its network traffic log, network bit log, and QBI most valuable."
"It is very stable. We have not faced interruptions in the past four and a half years."
"The solution is easy to use, manage, and review all incidents."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The solution is really scalable for the high-end power, enterprise customer."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Performance and reporting are very good."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
"The solution is clunky."
"IBM technical support is always terrible."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"The threat detection needs improvement, they have many false positives."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Technical support could be improved."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Its technical support could be better."
"We have encountered issues with unresolved crashes."
"The implementation needs assistance."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. IBM Security QRadar is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, Cisco Secure Network Analytics, Microsoft Sentinel and Trellix Network Detection and Response. See our IBM Security QRadar vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.