We performed a comparison between IBM Security QRadar and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The analytic rule is the most valuable feature."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The main benefit is the ease of integration."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"We can easily monitor many things using this tool."
"I think it's a very stable product that provides much more visibility than the other product."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"It is a scalable solution."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The solution is really scalable for the high-end power, enterprise customer."
"The product's initial setup phase was not at all difficult."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Sentinel's reporting is complex and can be more user-friendly."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The only thing is sometimes you can have a false positive."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The solution could improve the playbooks."
"The whole process for support is something that needs to be improved."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"The advanced planning management (APM) features should be included."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"The technical support can be improved a little bit, and the price could be cheaper."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The tool's integration capability isn't so great."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"It is not so easy to customize this product."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. IBM Security QRadar is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM. See our IBM Security QRadar vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
