We performed a comparison between IBM Security QRadar and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log."
"I like that it's easy to use and the performance is good."
"The initial setup is not complex or difficult."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"The product has plenty of features and capabilities."
"The product can scale."
"It is a very good SIEM."
"Splunk has sped up our response and reduced the time we spend manually monitoring any logs for ticketing tools or servers. It saves us around two hours daily."
"The initial setup was straightforward."
"The most valuable feature of Splunk Cloud Platform is the alerting feature."
"Splunk Cloud's most valuable features are log aggregations, dashboarding, business management, reporting, and business controls. Additionally, it has awesome indexing and the solution is always improving"
"I can trace an event back to its root cause. I can find the root cause instead of just looking at the symptoms across different things."
"Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side."
"The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based."
"The cloud is very fast."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel's reporting is complex and can be more user-friendly."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"We would like to see better instrumentation for debugging changes in the log flow."
"In a future release, the solution could provide malware analysis."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"The user interface is a bit difficult to get used to."
"The user interface needs improvement."
"The interface is very old. IBM should remake it into a more modern interface."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"The training models can only be accessed for 30 days, even if it is paid training."
"It needs to mature; it's just getting established in the industry on a wider scale."
"There is sometimes no documentation or updated documentation available."
"There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use."
"Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting."
"Customization could be simplified."
"Splunk should offer various options for real-time monitoring."
"The administration could use improvement. We have to rely on support more often than we're used to."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews. IBM Security QRadar is rated 8.0, while Splunk Cloud Platform is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Check Point Security Management, AppInsights and Fortinet FortiAnalyzer. See our IBM Security QRadar vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.