We performed a comparison between IBM Security QRadar and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We've found the technical support to be very good."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"It is a scalable solution."
"This solution has excellent security analytics."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"The stability is good."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"The scalability is very good. It's not a problem."
"One of the most valuable features is the graphs, which you can build instantly. I have used some open-source platforms in the past, but they are not as good. With SevOne, the sampling in the graph can be every few seconds, not just every few minutes, and that's really helpful. It's really fast."
"Data Insight reporting tool is the most valuable feature. They came up with it a couple of years ago. The most pleasing factor is the dark theme. You don't have a white background. It has templates that you can create for all kinds of reports that you can hit on the fly. It's much better printing of the reports. If you want to send PDFs to people, the reports are actually decent. Whereas for years, the old architecture of the PDFs was rubbish and even our customers said, "We have to manipulate your PDFs because they all have bad margin breaks. SevOne fixed that a couple of years ago with the new Data Insight. It's fantastic."
"The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box."
"SevOne has rich API capabilities, giving us the flexibility to control what we collect and customize the collection, creation, and manipulation of now metrics as necessary."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"Scalability. I have never had to worry about how to handle really big environments."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"The user interface is a bit difficult to get used to."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"It's resource-intensive."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"The solution lacks some maturity."
"IBM needs to invest more into the collaboration with other vendors."
"Its architecture is very complicated."
"We previously have had discussions on some reporting enhancements. So, we raised a feature request, which was delivered from SevOne."
"When I started using it, I tried adding one of the BroadWorks application servers into SevOne... it created thousands and thousands of objects from that one application server and we immediately ran out of license... It would help, when new objects are discovered, if there were a way to categorize those objects and to pick the part of the object you need..."
"NMS has several areas for improvement. It should be more user-friendly inside of NMS for some of the functionality in there. It's been getting better the last version or two, but the there have been bugs in there whenever I've gone to new versions."
"In terms of having a complete view of our network performance, I would rate it a nine out of 10. The reason for not giving it a 10 is that there is no packet capture associated with SevOne, but we do have other tools in place to do that."
"I'm not really sure if this was the software's fault or a server issue, but a couple of years back the disks were failing on our SevOne physical server every month and the server would go down. The secondary server took over from the primary until the disk issue was resolved. That was annoying."
"The reports are easy to configure but they are a bit outdated in terms of appearance and visualization."
"One area that requires a little bit of improvement is the topology of visualization and being able to map out connections, end-to-end. It's able to do that, but it's not as impressive as we would like it to be. We would like to understand the different interface types and the connection points better, through the visualization. Heatmaps also need further development."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while IBM SevOne Network Performance Management (NPM) is ranked 32nd in Log Management with 52 reviews. IBM Security QRadar is rated 8.0, while IBM SevOne Network Performance Management (NPM) is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of IBM SevOne Network Performance Management (NPM) writes "We can get a new vendor certified and monitored in our system significantly faster than before". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas IBM SevOne Network Performance Management (NPM) is most compared with LogicMonitor, Instana Infrastructure Monitoring, SolarWinds NPM, Splunk Enterprise Security and ThousandEyes. See our IBM Security QRadar vs. IBM SevOne Network Performance Management (NPM) report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
