We performed a comparison between IBM Security QRadar, IBM SevOne Network Performance Management (NPM), and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."It is a very optimized engine."
"It has a good integration with the artificial intelligence engine of Watson."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"The most valuable feature is the searching capability and real-time operational use."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The comprehensiveness of this solution's collection of network performance and flow data is one of the basics in the field for what it does. It meets all of our needs. So for all those areas, for the most straightforward collection capabilities, right up to NetFlow and even telemetry, it meets all those demands. Not only just basic or fundamental SNMP collection capability, but the product also supports what we need for the future with telemetry streaming. So it's very comprehensive."
"It also gives us the closest thing to real-time insight into network performance that we have, with just a 10-second delay. It's very important for us to know the health of the infrastructure very quickly."
"The most valuable feature is the NMS because that's the core of the system. Without the NMS, the other tools aren't that usable."
"The out of the box reports and workflows are pretty good and they meet our requirements well."
"The modules and the performance management reports that come with data insights are two of the most valuable features. I also find the reports for Wi-Fi, Netflow, LAN, and WAN for monitoring to be very good."
"It's given us the ability to create various real-time network performance reports and distribute them to any colleague who can access these reports immediately."
"In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."
"We are able to get alerts perfectly with FIM and VA features."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"It has powerful threat detection, incident response, and compliance management."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"Pricing model could be more cost-effective."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"The reporting system could use some upgrading."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"I would like for Yara to be supported by all components."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"User-friendly, multi-tenancy."
"Would benefit with the addition of AI modules for proactive data insights."
"Software upgrades can be tricky is not easy."
"You need to plan integrations. That has been the biggest bug with SevOne so far. For the things that SevOne pulls directly, those are easy to understand, modify, and put into the database. For things that need to use the Universal Collector or xStats, you need to plan that stuff well in advance."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"Telemetry is hot these days, and IBM can improve SevOne's support for telemetry correction. Reporting is another feature that could be better. It provides the bare minimum functionality, which is good enough for most engineers, but the management isn't advanced. The new portal provides a much lighter view and better visualization, but the management is not so good."
"We previously have had discussions on some reporting enhancements. So, we raised a feature request, which was delivered from SevOne."
"Some similar solutions offer end-to-end visibility."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"The price of AT&T AlienVault USM could be reduced."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →