No more typing reviews! Try our Samantha, our new voice AI agent.

DNIF HYPERCLOUD vs IBM Security QRadar comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.6
Number of Reviews
15
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
DNIF HYPERCLOUD
Ranking in Security Orchestration Automation and Response (SOAR)
28th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
8
Ranking in other categories
Log Management (46th), Security Information and Event Management (SIEM) (46th), User Entity Behavior Analytics (UEBA) (19th)
IBM Security QRadar
Ranking in Security Orchestration Automation and Response (SOAR)
5th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Endpoint Detection and Response (EDR) (11th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Kishore Tiwari - PeerSpot reviewer
Deputy General Manager - Information Security (Lead ISA) at a energy/utilities company with 1,001-5,000 employees
Development from open sources is very valuable but a huge infrastructure is required
The solution's command line should be simpler so that routine commands can be used. The search configuration is a bit different than other OEMs or SIEM solutions like ArcSight or QRadar that are easy to search because they operate similarly. The logic is there and the solution supplies a pretty good explanation. Basically, DNIF spelled out is the opposite of FIND. You have to find commands whenever you want to search something. For example, a highway gets you to your destination but there is an alternate way people don't yet know about. Gartner or Forrester haven't yet studied it. We were a bit nervous when we were trying to get familiar with the solution. We wondered if we could realize ROI because the commands and ways of pulling data were different to us. We raised a case with the support team and their professionals provided the needed support. The command line is user friendly once you understand it. If you need immediate use, then you might want to get assistance from someone who is well-versed in methods for using key patterns to find things. Lengthier files for threat hunting or analysis are needed. The correlation happens, but exporting a large number of files to abstract them is not possible. For example, I want to present raw data to management so I should be able to customize a date range in my query and download the files.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We have seen fewer failures of automations from the time Torq came into the picture, we've had a more streamlined process of handling incidents, and at the same time, we've learned to embed the AI into our incident types, and that is how it has helped us in the automation."
"Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on, and this ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq."
"Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR, and it meets all my needs while saving a ton of time and targeting $600,000 saved this year, which is a substantial amount of money."
"What I appreciate most about Torq is that it is an essential part of our system."
"According to positive outcomes, Torq reduced manual work and made incident response more efficient."
"Torq's unified platform approach to AI, SOAR, automation, and case management is superior compared to my experience managing multiple point solutions."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."
"The most valuable feature of the solution is the number of EPS it can handle."
"DNIF is much faster, much more responsive, and far superior when compared to competitive tools."
"If you're an enterprise company and want to scale your productivity for log monitoring purposes, I found DNIF a better option than Splunk which has more complex software."
"The dashboard is helpful, and it creates visualizations to let staff review event data and identify patterns and anomalies."
"The response time on queries is super-fast."
"The solution is quite stable and offers good performance, it also works on a virtual machine and we haven't found any issues with it so far, it's been reliable."
"Great for scaling productivity for log monitoring purposes."
"It was one of the first SIEM tools I saw that had that particular MITRE table."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"The UBA feature is the most valuable because you can see everything about users' activities."
"For a SIEM solution, it is the best one to go with."
"It has the ability to summarize all the other security products and give us a one-stop-shop dashboard."
"IBM QRadar is phenomenal as a SIEM SOC solution."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"Senses, tracks, and links significant incidents and threats."
"The scalability is good."
 

Cons

"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."
"Regarding the pricing of Torq, I would say it is expensive."
"The initial deployment of Torq was not easy."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"I feel that DNIF needs to invest more in marketing, considering that it operates at a very competitive speed."
"There are currently some issues with machine learning plug-ins."
"Dependency on the DNIF support team was frustrating."
"The solution should be able to connect to endpoints, such as desktops and laptops... If this solution had a smart connector to these logs- Windows, Linux, or any other logs - without affecting the performance of the connector, that would be wonderful."
"The EBA could be improved."
"I used version 8 which was not at all stable. The services and processor keep going down, we had to manually keep them up increasing storage space because services are down, and logs not processed."
"The solution should be able to connect to endpoints, such as desktops and laptops."
"I think DNIF HYPERCLOUD can implement the ability to export more than 100,000. At the moment, we can't go beyond that. So many times, if you're checking for the firewall logs and working on something related to authentication or network-related traffic, while that log count is low, the account goes beyond that. You can't restrict the logs or the amount of data you can export. It's very important for my situation. It would be better if they could increase the capacity of exports. Although there are many more types of searching in DNIF HYPERCLOUD, people still struggle to query out what they want because not everyone is good at SQL or DQL. The easiest way to query out in DNIF is using the GUI-based interface. But in the GUI interface, you can use operator calls. It gets tricky when you want to search for a specific type of event. You don't know where it will be passed and whether it will be consistent. In the initial phase, it's tough for us to use DNIF. You cannot pass every event in a stable DNIF. When we used that particular tool, we used to get those logs, but sometimes many things are not getting passed. So, we used to export the sheet or export the data into Excel and weigh the required details. In the next release, I would like them to improve the export of the columns and make the application more user-friendly. I would also like a threat-hunting feature in the next release."
"The first area for improvement is the cost. It's a little bit too expensive for us."
"I would like to see more APIs available in order to provide tighter integrations between other IBM products and third-party solutions."
"There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports."
"Sometimes, after a new release, we had issues with stability or some bug showed up."
"The setup was a bit complex. It was complex because you need to understand the product and they need to understand our business requirements, as all of this is in the setup."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"It would be good, therefore, if there was a standard configuration by default that was offered or proposed during install or configuration to meet PCI requirements, e.g. log archive duration set by default to one year for each device added."
 

Pricing and Cost Advice

Information not available
"The solution requires a huge infrastructure and that is costly."
"Price-wise, the product is quite economical. I rate the solution's price as three or four on a scale of one to ten, where one is considered to be a very economically priced tool."
"The pricing is based on the log size."
"It's too expensive."
"The price of this solution is a little high."
"In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
"The pricing is higher but cheaper than others and there are no additional costs."
"IBM has subscriptions plans that run for one year."
"found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
"QRadar UBA's price is a little more than street price and could be reduced."
"You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or 10 years, Azure Sentinel can be more expensive than QRadar."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
903,807 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
16%
Comms Service Provider
8%
Outsourcing Company
8%
Financial Services Firm
7%
Financial Services Firm
12%
Computer Software Company
9%
Construction Company
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise7
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise3
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Ask a question
Earn 20 points
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
I am overall satisfied with the licensing cost for IBM Security QRadar.
 

Also Known As

No data available
No data available
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Information Not Available
Mahindra & Mahindra, Tata Consultancy Services (TCS), ICICI Bank, Yes Bank, Tata Motors, RBL Bank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about DNIF HYPERCLOUD vs. IBM Security QRadar and other solutions. Updated: June 2026.
903,807 professionals have used our research since 2012.