We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"I think the QDI is very good."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"Most of the features are good. It is an excellent solution."
"I have found IBM QRadar to be scalable."
"It has a logical, user-friendly GUI."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"IBM QRadar Advisor with Watson is a stable solution."
"The SMP and the xStats, which is for flat file integration, are both useful for integrating the various metrics that the device provides to monitor the performance of those systems."
"The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely."
"The monitoring of the network is very customizable. That is its unique feature."
"SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful."
"I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or in-house. We don’t have to carry the data all over the globe. Also, I am impressed with the tool's flow reporting and Wi-Fi."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"The network data collection has been very flexible for us. It's been thorough in areas that were lacking. They have a team that I've worked with to add other pieces to it. So if it's missing something out of the box, they work with me to add it. I was able to collect that data. It's not perfect, but it's pretty thorough."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"It is easy to use, and easy to implement."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"It helped us consolidate all our solutions into an easy tool to use for various employees."
"We solve issues that we previously could not since we now have the data."
"We can do things in minutes instead of days."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"The Indian tech support is not helpful."
"The user interface needs improvement."
"Dashboards and reports could provide better visualization of SIEM activity."
"I would like for Yara to be supported by all components."
"Technical support is good, but not great."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"When I started using it, I tried adding one of the BroadWorks application servers into SevOne... it created thousands and thousands of objects from that one application server and we immediately ran out of license... It would help, when new objects are discovered, if there were a way to categorize those objects and to pick the part of the object you need..."
"Telemetry is hot these days, and IBM can improve SevOne's support for telemetry correction. Reporting is another feature that could be better. It provides the bare minimum functionality, which is good enough for most engineers, but the management isn't advanced. The new portal provides a much lighter view and better visualization, but the management is not so good."
"With the administrative management of the appliance, if some object appears from SevOne because something changed in the network or whatever, then as an administrator you will not be aware. If you are using this object in a report, this object will disappear from the report and you will not be aware of it. So, if you have 1,000 reports, you cannot always check these reports everyday to see if objects are missing or information has disappeared. We don't have any information on alerts, saying that something is happening there and maybe we need to take action. If an object was replaced by another one, or if a link was replaced by another one, then the graph needs to be changed because it doesn't exist in the graph anymore. However, we don't have this information."
"We previously have had discussions on some reporting enhancements. So, we raised a feature request, which was delivered from SevOne."
"Their virtualization solution is not compatible with our Kubernetes environment, which is one of the reasons we are ending our relationship with them."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"In terms of having a complete view of our network performance, I would rate it a nine out of 10. The reason for not giving it a 10 is that there is no packet capture associated with SevOne, but we do have other tools in place to do that."
"The GUI: both the dashboard/user view and the admin tool."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"Deployment is not difficult but the lock sources and configurations can take time."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"Technical support needs to be more responsive."
"An improved user interface along with multi-tenancy support would be beneficial."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →