Check Point Security Management vs IBM QRadar comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,305 views|5,499 comparisons
IBM Logo
31,015 views|19,187 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Check Point Security Management and IBM QRadar based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Check Point Security Management vs. IBM QRadar Report (Updated: October 2022).
655,465 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.""The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.""The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."

More Devo Pros →

"It is good when it comes to access control, which is the basic feature that we use in a firewall appliance or solution. Check Point is effective when it comes to security control and threat prevention.""The solution is ideal for use and deployment in a large infrastructure environment.""We love the ability to monitor performance in real-time, and gather critical information about network flows and traffic.""The management API is the best new feature for me. It allows us to further automate our customers' automated server ordering.""With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future.""The layered architecture is really understandable and easy to use.""The compliance is great.""The Check Point Management server is isolated from security gateways, which means that in case there is an issue, we have our configuration ready and we can directly replace the device and push the configuration."

More Check Point Security Management Pros →

"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.""I have found the most important features to be the flexibility, tech framework, and disk manager.""This solution has excellent security analytics.""The solution is relatively easy to use.""The solution is reliable.""QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.""It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.""Customer service is very good and very helpful."

More IBM QRadar Pros →

Cons
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement.""Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design.""An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""I would like to have the ability to create more complex dashboards.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."

More Devo Cons →

"It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform.""The tracking of new threats could be improved.""The graphical interface is nice but it is a bit heavy.""Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region. I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.""They need to make a Mac version of the SmartConsole, in my opinion.""It could improve by showing DNS-specific information for connections to unknown public IPs.""I would like it to be the administrator of equipment or Next Generation firewalls (which have to be managed on this platform) and to be able to manage other services (like Harmony) that also belong to Check Point.""SD-WAN functionality could be added."

More Check Point Security Management Cons →

"Some of the cloud apps need improvement.""Solution has too many menus that require going to two or three sub-monitors to enter the QRadar.""The solution lacks some maturity.""There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area.""There needs to be better integration with other applications.""Each module requires a separate license and a separate cost.""IBM technical support is always terrible.""IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."

More IBM QRadar Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "This product can be used for 25 security gateways on a basic license."
  • "Check Point is much cheaper than the competition ($4/server as compared to $17/server)."
  • More Check Point Security Management Pricing and Cost Advice →

  • "I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive."
  • "Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar."
  • "It is costlier as compared to the other alternatives available in the market."
  • "I think that the price is fair, but we can always say that the price could be cheaper."
  • "It would be great if this product were cheaper."
  • "We use QRadar as a managed service and we pay licensing fees to the partner."
  • "Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years."
  • "When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products."
  • More IBM QRadar Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    655,465 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:It is good when it comes to access control, which is the basic feature that we use in a firewall appliance or solution… more »
    Top Answer:Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa… more »
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:We find predictive analysis capabilities valuable.
    Comparisons
    Also Known As
    R80.10, R80, R77.30, R77, Check Point R80.10 Security Management, R80 Security Management
    QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Check Point Security Management is an advanced security management platform for enterprises. The platform integrates all aspects of security. A single platform manages the entire infrastructure, from data centers to private/public cloud deployments.

    Check Point Security Management is a reliable and easy-to-use security platform. It integrates all aspects of your security environment to strengthen the security posture without impairing productivity. The system has a layered policy model. This means the security policy can be separated into layers for network segmentation. Different administrators can manage different policies. The policy layer automates the tasks.

    The platform is extensible, scalable, and integrates easily with orchestration systems and change management.

    Basic Components of the Infrastructure

    1. Smart Console: The Check Point Graphical User Interface for connecting and managing Security Management Servers. The smart console provides an integrated solution via the following features:


    • Security policy management
    • System health monitoring
    • Multi-domain management


    The smart console offers several advantages. Changes in security policies and logs can be done with a click. You can navigate from an item within a log to the policy. There are also built-in multi-language support and accessibility features.

    1. Security Management Server: The server manages security gateways with set security policies and monitors security events on the network.

      The automation server is an integrated part of the management server. The API server is active by default on servers with 4 GB of RAM or more and on standalone servers with 8 or more GB of RAM.

      The automation server communicates with the management server the same way as the Smart Console. This architecture allows the same validation errors and warnings to be presented when using an automation session.

      The same audit logs generated using the Smart Console are also generated using an automation session. If you have a multi-domain environment, there is only one automation server that monitors all the IP addresses of the multi-domain management server.

      2. Security Gateway is placed at the edge of the network. It monitors and filters traffic and enforces security policies.

        Logging, Event management, and Monitoring

        With Check Point Security Management, logging, reporting, event management, and monitoring are integrated. The platform features widgets and chart templates that optimize visibility. One of the best features is the one-click exploration. This simplifies going from a general overview to specific event details.

        Benefits of Check Point Security Management

        • The platform keeps pace with dynamic network changes
        • Helps align security with business goals
        • Helps with threat prevention.
        • Reduces operational costs

        The unified console also means a single policy for users, data, applications, and networks. The granularity control helps accelerate administration processes. This feature, together with automation, is key to achieving reduced operational overhead. Security teams can automate tasks and even create self-service security web portals with the Check Point Security Management platform.

        Threat management is fully integrated, with reporting, logging, and monitoring all in one dashboard. This provides full visibility into the security of the network.

        Security Management Suite

        The Security Management Suite consists of the following modules:

        • Policy Management: Includes central management of different security policies across multiple domains and browser-based security management.
        • Operations Management: Includes compliance, provisioning, workflow automation, and user directory centralization.
        • Threat Management: Includes centralizing security event correlation for enforcement points. Centrally monitors Check Point devices.

        Reviews from Real Users

        A Network Security Engineer/Architect at a tech services company says, "The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other."

        "The management API is the best new feature for me. It allows us to further automate our customers' automated server ordering," says a System Engineer Network & Security at OTTO GmbH & Co KG.

        A Senior Infrastructure Services Specialist at St.George Bank Limited adds that "The solution is ideal for use and deployment in a large infrastructure environment."





        IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

        IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

        IBM QRadar Log Manager

        To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

        Some of QRadar Log Manager’s key features include:

        • Data processing and capture on any security event
        • Disaster recovery options and high availability 
        • Scalability for large enterprises
        • SoftLayer cloud installation capability
        • Advanced threat protection

        Reviews from Real Users

        IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

        Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

        A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

        Offer
        See Devo in Action

        See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

        Learn more about Check Point Security Management
        Learn more about IBM QRadar
        Sample Customers
        United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
        Hedgetec, Geiger
        Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
        Top Industries
        REVIEWERS
        Computer Software Company50%
        Comms Service Provider10%
        Retailer10%
        Insurance Company10%
        VISITORS READING REVIEWS
        Computer Software Company21%
        Comms Service Provider12%
        Financial Services Firm9%
        Government9%
        REVIEWERS
        Manufacturing Company22%
        Financial Services Firm15%
        Security Firm13%
        Computer Software Company11%
        VISITORS READING REVIEWS
        Computer Software Company21%
        Comms Service Provider19%
        Security Firm8%
        Financial Services Firm6%
        REVIEWERS
        Financial Services Firm20%
        Comms Service Provider13%
        Computer Software Company9%
        Transportation Company8%
        VISITORS READING REVIEWS
        Computer Software Company21%
        Comms Service Provider17%
        Financial Services Firm9%
        Government7%
        Company Size
        REVIEWERS
        Small Business21%
        Midsize Enterprise21%
        Large Enterprise58%
        VISITORS READING REVIEWS
        Small Business23%
        Midsize Enterprise16%
        Large Enterprise62%
        REVIEWERS
        Small Business32%
        Midsize Enterprise31%
        Large Enterprise37%
        VISITORS READING REVIEWS
        Small Business29%
        Midsize Enterprise19%
        Large Enterprise52%
        REVIEWERS
        Small Business41%
        Midsize Enterprise17%
        Large Enterprise42%
        VISITORS READING REVIEWS
        Small Business21%
        Midsize Enterprise18%
        Large Enterprise61%
        Buyer's Guide
        Check Point Security Management vs. IBM QRadar
        October 2022
        Find out what your peers are saying about Check Point Security Management vs. IBM QRadar and other solutions. Updated: October 2022.
        655,465 professionals have used our research since 2012.

        Check Point Security Management is ranked 7th in Log Management with 32 reviews while IBM QRadar is ranked 3rd in Log Management with 67 reviews. Check Point Security Management is rated 9.0, while IBM QRadar is rated 8.0. The top reviewer of Check Point Security Management writes "Scalable with a good management API and visible audit logs". On the other hand, the top reviewer of IBM QRadar writes "Provides a single window into your network, SIEM, network flows, and risk management of your assets". Check Point Security Management is most compared with Fortinet FortiAnalyzer, Wazuh, Elastic Security, Datadog and vRealize Log Insight, whereas IBM QRadar is most compared with Splunk, Microsoft Sentinel, Elastic Security, LogRhythm SIEM and Wazuh. See our Check Point Security Management vs. IBM QRadar report.

        See our list of best Log Management vendors.

        We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.