IBM Security QRadar vs Microsoft ATA [EOL] comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between IBM Security QRadar and Microsoft ATA [EOL] based on real PeerSpot user reviews.

Find out what your peers are saying about IBM, Splunk, Cynet and others in User Entity Behavior Analytics - UEBA.
To learn more, read our detailed User Entity Behavior Analytics - UEBA Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Customer service is very good and very helpful.""It's built around Red Hat Linux, which is highly robust.""The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.""When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.""The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.""I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.""I have found its network traffic log, network bit log, and QBI most valuable.""A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."

More IBM Security QRadar Pros →

"The stability of the solution is very good.""The solution works well when used with other Microsoft solutions.""One of the most valuable features is the ability to report on questionable activity."

More Microsoft ATA [EOL] Pros →

Cons
"Needs better visualization options beyond the time series charts and a few other options that they have.""Each module requires a separate license and a separate cost.""The solution is expensive compared to other products.""We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools.""The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery.""The implementation and configuration are not easy.""It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar.""I would like the rule creation interface to be much more user-friendly in the next release."

More IBM Security QRadar Cons →

"Some of the newer features are not completely there yet... For example, there's a tool that allows you to grade your overall internal security and I don't feel that it's completely accurate.""There are occasions where it generates some false positives and you have to embark into figuring it out. You need to find out if it was a true alert or a false positive. It's a little bit cumbersome in that area.""It would be ideal if the interface allowed for more granular configurations. For example, if I were to set a rule that is a deviation from the pre-defined rules in the Microsoft product, there's conflict."

More Microsoft ATA [EOL] Cons →

Pricing and Cost Advice
  • "found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
  • "Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
  • "It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
  • "The maintenance costs are high."
  • "Pricing (based on EPS) will be more accurate."
  • More IBM Security QRadar Pricing and Cost Advice →

  • "I believe we are looking into new licenses. They may be called the E5. Honestly, I don't have it on top of my mind, but I think it's around seven to $10 a user per month."
  • More Microsoft ATA [EOL] Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which User Entity Behavior Analytics - UEBA solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Ask a question

    Earn 20 points

    Ranking
    Views
    3,556
    Comparisons
    2,073
    Reviews
    33
    Average Words per Review
    481
    Rating
    7.6
    Unranked
    In User Entity Behavior Analytics - UEBA
    Comparisons
    Also Known As
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    Microsoft Advanced Threat Analytics, MS ATA [EOL]
    Learn More
    Overview

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline. Microsoft ATA is an on-premises platform to help you protect your enterprise from advanced targeted attacks by automatically analyzing, learning, and identifying normal and abnormal entity (user, devices, and resources) behavior. It detects suspicious activities and malicious attacks with behavioral analytics, adapts to the changing nature of cyber-security threats, focuses on what is important with a simple attack timeline and reduces false positive fatigue.
    Offer
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Learn more about Microsoft ATA [EOL]
    Sample Customers
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Turkish Airlines, Seoul National University Bundang Hospital, Empa, The Alberta Teachers' Association
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Comms Service Provider10%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company15%
    Financial Services Firm10%
    Government6%
    No Data Available
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise29%
    Large Enterprise51%
    No Data Available
    Buyer's Guide
    User Entity Behavior Analytics - UEBA
    March 2024
    Find out what your peers are saying about IBM, Splunk, Cynet and others in User Entity Behavior Analytics - UEBA. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    IBM Security QRadar is ranked 1st in User Entity Behavior Analytics - UEBA with 197 reviews while Microsoft ATA [EOL] doesn't meet the minimum requirements to be ranked in User Entity Behavior Analytics - UEBA. IBM Security QRadar is rated 8.0, while Microsoft ATA [EOL] is rated 6.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft ATA [EOL] writes "Easy to define rules but interface needs better granularity and only integrates well with other Microsoft solutions". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Microsoft ATA [EOL] is most compared with .

    See our list of best User Entity Behavior Analytics - UEBA vendors.

    We monitor all User Entity Behavior Analytics - UEBA reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.