We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM).
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The connectivity and analytics are great."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"One of the most valuable features of this solution is it has very good data correlation."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"The solution is easy to use, manage, and review all incidents."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"Senses, tracks, and links significant incidents and threats."
"The visibility it gives you into your infrastructure has been great."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The most valuable feature is service assurance."
"I'm supervising all the IT departments, and Zabbix seems quite good for them. It provides graphics and information in real time. We get alerts about crashes on the system, enabling us to quickly repair issues. We can easily find devices with problems."
"There is less computing power needed for scaling."
"They've already added extra features, such as noise-canceling and facial recognition, which is great."
"The solution is quite mature and very stable."
"The solution allows for good integration with other products."
"We are able to do problem determination on runaway processes."
"It can send messages to our ticketing system."
"The solution could be more user-friendly; some query languages are required to operate it."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We'd like also a better ticketing system, which is older."
"I think the number one area of improvement for Sentinel would be the cost."
"The solution should include remote action capabilities."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"IBM is going through some problems with its resources currently making its support response time slow."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"It needs more resilience and functionality."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"Zabbix isn't very good at automation just yet."
"The solution needs to add features for finding loopholes or problems and their root causes."
"Its UI should be improved. They did some improvements in version 5, but it could benefit from some more work. Its integrations should also be improved. They've been active for one year, and they seem to have noticed that. It has new integrations, but it could benefit from more integrations. As far as I know, there is no model to push statistics, metrics, or events towards Zabbix. This type of API isn't yet there, whereas some other tools provide an API for this."
"I would like to remotely connect to the computer, and Zabbix doesn't have this capability."
"They should open an SSH session from the web interface."
"My company wanted to do an exercise command to access IT from Cameroon. They wanted to access an FSS to a second host with second equipment that was on another coast but it is not possible on Zabbix to do it. They want to directly access from the front-end of Zabbix to access a prompt in Zabbix to an access terminal. In the front-end, there is no way to do that. That would be an important improvement."
"Zabbix does not draw automatic mapping of the network, this is something they should add in the future. There is a lot of effort that is involved in tailoring some of the settings which could be made easier."
"I think the reporting part of Zabbix can be improved in terms of more user-friendly graphics to display the collected data. Many simple users who don't know how to use Zabbix properly might get confused by the reporting, although at the same time it is very versatile for my company."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
