We performed a comparison between Gurucul UEBA and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS."
"The most valuable feature of Gurucul is the ability to customize and it is on the Hadoop platform that has a lot of flexibility."
"The reporting feature was the key differentiator. I also liked the ability to create dynamic rules in the environment."
"The visibility it gives you into your infrastructure has been great."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"Most valuable features include the granularity of information."
"Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system."
"It could be more stable."
"Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"The threat detection needs improvement, they have many false positives."
"The product needs to improve its GUI."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"IBM is going through some problems with its resources currently making its support response time slow."
"It would be good if the program allowed certain profiles to only see certain customer information."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
Gurucul UEBA is ranked 11th in User Entity Behavior Analytics (UEBA) with 3 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. Gurucul UEBA is rated 6.6, while IBM Security QRadar is rated 8.0. The top reviewer of Gurucul UEBA writes "Helped reduce our operational costs and increase our efficiency, but it can be more user-friendly". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Gurucul UEBA is most compared with Exabeam Fusion SIEM, Securonix Next-Gen SIEM, Splunk User Behavior Analytics and Wazuh, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our Gurucul UEBA vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.