We performed a comparison between ArcSight Analytics and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data collection and the integration with different products are valuable features."
"The most valuable features are that you get lots of connectors, which make it easy to log in to my ASM, and lots of prebuilt roles from the company."
"ArcSight Analytics is used to get a deeper insight and threat analysis about the network."
"The most valuable feature is the log monitoring."
"The correlation engine is good."
"The solution is easy to implement."
"This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard."
"The ability to correlate different logs is the solution's most valuable feature."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"Improves visibility and has a great new dashboard."
"The most valuable feature currently is security behaviors and the pdf files."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"The visibility it gives you into your infrastructure has been great."
"The interactive dashboard is complicated and you need to have training in order to use it, so I think that it could be made easier to use."
"Network integration is very crucial, and you need to have the knowledge to get it done."
"I would like to see orchestration."
"ArcSight's features that can be improved include anything related to its visualization capabilities and user friendliness."
"I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time."
"[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."
"It's a difficult product to navigate, it's complex."
"There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"The technical support can be improved a little bit, and the price could be cheaper."
"The solution is clunky."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"Each module requires a separate license and a separate cost."
"The advanced planning management (APM) features should be included."
ArcSight Analytics is ranked 17th in User Entity Behavior Analytics (UEBA) with 15 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Analytics is rated 7.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Analytics writes "It has improved our system and network policy monitoring". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Analytics is most compared with Securonix UEBA, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our ArcSight Analytics vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.