Exabeam Fusion SIEM vs IBM QRadar comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,305 views|5,499 comparisons
Exabeam Logo
13,674 views|6,886 comparisons
IBM Logo
31,015 views|19,187 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Exabeam Fusion SIEM and IBM QRadar based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Exabeam Fusion SIEM vs. IBM QRadar Report (Updated: October 2022).
656,862 professionals have used our research since 2012.
Q&A Highlights
Question: What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
Answer: It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information ingested) but with a firm on 10k+ I wouldn't be so sure that this means a better price. The total cost of ownership would be more linear though. On the other hand QRadar is by far a better SIEM solution and if your use-cases lean towards that, then I would suggest looking towards Qradar. Qradar does have a steeper learning curve but that's purely because of the richer feature set, it just takes more time to take it all in.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.""The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.""Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."

More Devo Pros →

"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface.""It's a very user-friendly product and it's a very comprehensive technology."

More Exabeam Fusion SIEM Pros →

"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.""One of the most valuable features of this solution is it has very good data correlation.""Overall a great solution.""The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.""We find predictive analysis capabilities valuable.""This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.""I like that it's easy to use and the performance is good.""We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."

More IBM QRadar Pros →

Cons
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""I would like to have the ability to create more complex dashboards.""Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data.""Technical support could be better.""The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."

More Devo Cons →

"We still have questions surrounding hardware deployment.""The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."

More Exabeam Fusion SIEM Cons →

"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved.""When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.""There is a shortage of skilled individuals with knowledge about the solution. There is training required.""I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.""IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.""The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix.""There could be better integration with the solution.""Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."

More IBM QRadar Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced."
  • More Exabeam Fusion SIEM Pricing and Cost Advice →

  • "Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar."
  • "It is costlier as compared to the other alternatives available in the market."
  • "I think that the price is fair, but we can always say that the price could be cheaper."
  • "It would be great if this product were cheaper."
  • "We use QRadar as a managed service and we pay licensing fees to the partner."
  • "Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years."
  • "When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products."
  • "The solution is priced fairly, there is a license for the solution, and we pay annually."
  • More IBM QRadar Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    656,862 professionals have used our research since 2012.
    Answers from the Community
    Dante Cardenas
    reviewer1285209 - PeerSpot reviewerreviewer1285209 (Tech Lead at a tech services company with 1,001-5,000 employees)
    Real User

    All three security solutions are defined and different smartness they hold it all depends on how is your requirement.

    Securonix UEBA is a Hadoop bases UEBA technology tool the tools understand the infrastructure and users and then work accordingly. (Wide Customer industry support) (Average cost)

    IBM QRadar is a SIEM with all in the composite tool can bring in UEBA and other security solution. (Wide Customer industry support) (Average cost)

    Exabeam is a mathematical bases security solutioning tool, it learns infra and then provides a solution, it's a bit noisy in some instances. (Medium Customer industry support) (Costly)

    If you tell us what exactly you require or how id your infra set up, then it would good to suggest a tool.

    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:It's a very user-friendly product and it's a very comprehensive technology.
    Top Answer:I've examined the cost and have found it to be rather reasonable. It's not overly expensive for what it offers.
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:We find predictive analysis capabilities valuable.
    Top Answer:I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability… more »
    Comparisons
    Also Known As
    QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Exabeam Fusion SIEM is a cloud-delivered solution that that enables you to:

    -Leverage turnkey threat detection, investigation, and response
    -Collect, search and enhance data from anywhere
    -Detect threats missed by other tools, using market-leading behavior analytics
    -Achieve successful SecOps outcomes with prescriptive, threat-centric use case packages
    -Enhance productivity and reduce response times with automation
    -Meet regulatory compliance and audit requirements with ease

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about Exabeam Fusion SIEM
    Learn more about IBM QRadar
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    Hulu, ADP, Safeway, BBCN Bank
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Comms Service Provider10%
    Retailer10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider12%
    Government9%
    Financial Services Firm9%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider15%
    Financial Services Firm11%
    Government8%
    REVIEWERS
    Financial Services Firm20%
    Comms Service Provider13%
    Computer Software Company9%
    Security Firm7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider17%
    Financial Services Firm9%
    Government7%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business70%
    Midsize Enterprise10%
    Large Enterprise20%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    REVIEWERS
    Small Business41%
    Midsize Enterprise17%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise18%
    Large Enterprise61%
    Buyer's Guide
    Exabeam Fusion SIEM vs. IBM QRadar
    October 2022
    Find out what your peers are saying about Exabeam Fusion SIEM vs. IBM QRadar and other solutions. Updated: October 2022.
    656,862 professionals have used our research since 2012.

    Exabeam Fusion SIEM is ranked 19th in Log Management with 2 reviews while IBM QRadar is ranked 3rd in Log Management with 66 reviews. Exabeam Fusion SIEM is rated 8.6, while IBM QRadar is rated 8.2. The top reviewer of Exabeam Fusion SIEM writes "User-friendly and affordable with good security on offer". On the other hand, the top reviewer of IBM QRadar writes "Provides a single window into your network, SIEM, network flows, and risk management of your assets". Exabeam Fusion SIEM is most compared with Splunk, Securonix Next-Gen SIEM, Microsoft Sentinel and Palo Alto Networks Cortex XSOAR, whereas IBM QRadar is most compared with Splunk, Microsoft Sentinel, Elastic Security, LogRhythm SIEM and McAfee ESM. See our Exabeam Fusion SIEM vs. IBM QRadar report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.