We performed a comparison between ArcSight Logger, IBM Security QRadar, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"It is one of the best products available in the market."
"In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"The simplicity of the solution is the best feature."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"The most valuable feature is the integration with the GRD, for banking."
"One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
"IBM QRadar Advisor with Watson is a stable solution."
"It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives."
"It can analyze event logs, event security, and give a good consult."
"There are a lot of great out-of-the-box features included."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"We had used previous products and found AlienVault centralized the logging for our security."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"ArcSight has been sold two or three times, and the quality has decreased."
"The solution could be improved in maintenance settings."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"It would be better if the product is cheaper."
"The solution should make it possible to integrate network analysis features."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"It would be good if the program allowed certain profiles to only see certain customer information."
"I would like to see a better GUI."
"This solution is on-premise and many customers are moving to the cloud base solution."
"QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
"There are reports that I would like to generate that are either not included, or I cannot find."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"The modularity could be improved."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
"The GUI needs to improve because it's not user-friendly."
