We performed a comparison between ArcSight Intelligence and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The analytic rule is the most valuable feature."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The platform helps us improve threat detection capabilities."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The product has a valuable interface."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"IBM QRadar Advisor with Watson is a stable solution."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The detection rate is good and the false positive rate is low."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The on-prem log sources still require a lot of development."
"We'd like also a better ticketing system, which is older."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"We haven't found the product fully scalable."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"The user interface is a bit difficult to get used to."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"The threat detection needs improvement, they have many false positives."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"The product can be a bit complex."
ArcSight Intelligence is ranked 15th in User Entity Behavior Analytics (UEBA) with 5 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. ArcSight Intelligence is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM. See our ArcSight Intelligence vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.