We performed a comparison between IBM Security QRadar and ArcSight ESM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. ArcSight ESM yields an ROI by helping clients achieve compliance objectives and prevent incidents.
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It's pretty powerful and its performance is pretty good."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The initial setup is very simple and straightforward."
"It has basic out-of-the-box integrations with multiple log sources."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The solution is pretty stable."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"The most valuable feature is the machine learning module."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"The product has plenty of features and capabilities."
"The timeline and machine learning features are great."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"It has improved my efficiency."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The solution could be more user-friendly; some query languages are required to operate it."
"The only thing is sometimes you can have a false positive."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The product can be improved by reducing the cost to use AI machine learning."
"The solution could improve the playbooks."
"The solution could be more stable."
"The visualization is not very good compared to Splunk."
"The customer experience could be improved."
"There could be more API features for extracting logs on different devices included in the product."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"The roadmap is not clear."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"The quoting and the dashboard session could be improved. It should be more user-friendly."
"There are reports that I would like to generate that are either not included, or I cannot find."
"It is not app based."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"The solution could improve by having more out-of-the-box use cases."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 197 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, AWS Security Hub and Elastic Security, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM. See our ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.