We compared IBM Security QRadar and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Ease of Deployment: IBM Security QRadar’s setup can be more challenging and time-consuming compared to Splunk Enterprise Security. Some users found both solutions easy to install, but IBM Security QRadar took several weeks or even months, while Splunk Enterprise Security could be set up in just a day.
Features: IBM Security QRadar is praised for its ability to detect threats and its ease of use. It provides customizable rules, real-time network monitoring, and competitive pricing. Splunk Enterprise Security stands out in its ability to capture and analyze various data streams. It offers valuable features like a search function, session reports, and graphing capabilities.
Room for Improvement: IBM Security QRadar could enhance its pricing, threat identification, plugins, and threat detection, EPS challenge, training, and technical support. Splunk Enterprise Security has room for improvement in its search algorithm, licensing model, technical support, AI capabilities, pricing, and machine learning algorithms.
Pricing: IBM Security QRadar’s cost differs based on the organization's requirements and structure. Certain users perceive it as reasonable, while others view it as costly. Similarly, Splunk Enterprise Security's pricing is subjective, as some users find it expensive while others find it reasonable.
ROI: Both Splunk Enterprise Security and IBM Security QRadar are cost-effective solutions with a favorable ROI. QRadar offers user behavior analytics and employee profiling. Splunk enhances security measures and is known for its flexibility and ability to provide global observability.
Service and Support: Both IBM Security QRadar and Splunk Enterprise Security have received varying feedback regarding their customer service and support. Users have commended the staff's expertise and responsiveness for both products. However, there have been complaints about slow response times and a lack of expertise.
Comparison Results: IBM Security QRadar and Splunk Enterprise Security have similarities in terms of setup complexity and value in detection capabilities and user-friendliness. IBM Security QRadar offers a wide range of features, including real network monitoring, security orchestration automated response, and risk scoring for user activity. Splunk Enterprise Security is praised for its search function, session reports, and graphing capabilities, as well as scalability and machine learning capabilities. IBM Security QRadar may have an advantage in features and pricing, while Splunk Enterprise Security may have an advantage in search capabilities and scalability.
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"The threat hunting capabilities in general are great."
"The solution is quite flexible."
"IBM QRadar Advisor with Watson is a stable solution."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"The most valuable feature currently is security behaviors and the pdf files."
"We are using the platform version, which I like."
"It is a very optimized engine."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"The alerts are very effective."
"It gives us the liberty to do more in terms of use cases."
"The flexibility of the solution is quite good."
"The initial setup isn't overly complex."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"The indexing and data collection are valuable."
"The integration is seamless with many devices and operating systems."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"The solution should include remote action capabilities."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"They should provide more manual examples online so that I can learn it myself."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"There could be better integration with the solution."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"We had some connections issues with the solution at the beginning."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"Splunk could have more built-in use case presets that customers can build on and customize."
"You do need a lot of training and certification with this product."
"The implementation and the scanning of the logs can be difficult."
"The integration could be a bit better. They charge for certain integrations."
"The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 244 reviews. IBM Security QRadar is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". IBM Security QRadar is most compared with Microsoft Sentinel, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, Elastic Security, Microsoft Sentinel and Datadog. See our IBM Security QRadar vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.