We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."I have found the most important features to be the flexibility, tech framework, and disk manager."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"Overall a great solution."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"Its ability to monitor practically any type of network device via SNMP is most valuable. This is the main functionality that we're using. If a network device exposes a metric, such as interface utilization, SevOne will monitor it for us."
"SevOne provides support for all universal connectors. They internally work with other data sources to get features implemented. We have an SD-WAN implementation and use other app data to monitor performance. If you pull that data into one centralized location, that is very useful for management."
"We have benefited mainly from the use of the dashboard interface. It makes the network visually interesting for other people who are not in the network. A lot of people are not network techies who understand streams in the network. Based on location, we have streams coming in and out. They can see visually when there is some problem. They don't need to understand all the network technology behind it to be able to understand if everything is working well or if there is a problem."
"In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box."
"Data Insight reporting tool is the most valuable feature. They came up with it a couple of years ago. The most pleasing factor is the dark theme. You don't have a white background. It has templates that you can create for all kinds of reports that you can hit on the fly. It's much better printing of the reports. If you want to send PDFs to people, the reports are actually decent. Whereas for years, the old architecture of the PDFs was rubbish and even our customers said, "We have to manipulate your PDFs because they all have bad margin breaks. SevOne fixed that a couple of years ago with the new Data Insight. It's fantastic."
"The network data collection has been very flexible for us. It's been thorough in areas that were lacking. They have a team that I've worked with to add other pieces to it. So if it's missing something out of the box, they work with me to add it. I was able to collect that data. It's not perfect, but it's pretty thorough."
"The SMP and the xStats, which is for flat file integration, are both useful for integrating the various metrics that the device provides to monitor the performance of those systems."
"The most valuable feature as of late has been the API integration with ServiceNow."
"The artificial intelligence engine."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"I find LogRhythm's log management capabilities to be beneficial."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The solution lacks vendor support."
"The reporting of NMS is good, but it could be better."
"The one area with room for improvement is probably administration. They added data insights to make a better user experience, but I'd like to see some improvements in the way the system's administered."
"I'm not really sure if this was the software's fault or a server issue, but a couple of years back the disks were failing on our SevOne physical server every month and the server would go down. The secondary server took over from the primary until the disk issue was resolved. That was annoying."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
"In terms of having a complete view of our network performance, I would rate it a nine out of 10. The reason for not giving it a 10 is that there is no packet capture associated with SevOne, but we do have other tools in place to do that."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."
"Software upgrades can be tricky is not easy."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"We've had issues with scaling and local support."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →