We compared IBM Security QRadar and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Ease of Deployment: IBM Security QRadar’s setup can be more challenging and time-consuming compared to Splunk Enterprise Security. Some users found both solutions easy to install, but IBM Security QRadar took several weeks or even months, while Splunk Enterprise Security could be set up in just a day.
Features: IBM Security QRadar is praised for its ability to detect threats and its ease of use. It provides customizable rules, real-time network monitoring, and competitive pricing. Splunk Enterprise Security stands out in its ability to capture and analyze various data streams. It offers valuable features like a search function, session reports, and graphing capabilities.
Room for Improvement: IBM Security QRadar could enhance its pricing, threat identification, plugins, and threat detection, EPS challenge, training, and technical support. Splunk Enterprise Security has room for improvement in its search algorithm, licensing model, technical support, AI capabilities, pricing, and machine learning algorithms.
Pricing: IBM Security QRadar’s cost differs based on the organization's requirements and structure. Certain users perceive it as reasonable, while others view it as costly. Similarly, Splunk Enterprise Security's pricing is subjective, as some users find it expensive while others find it reasonable.
ROI: Both Splunk Enterprise Security and IBM Security QRadar are cost-effective solutions with a favorable ROI. QRadar offers user behavior analytics and employee profiling. Splunk enhances security measures and is known for its flexibility and ability to provide global observability.
Service and Support: Both IBM Security QRadar and Splunk Enterprise Security have received varying feedback regarding their customer service and support. Users have commended the staff's expertise and responsiveness for both products. However, there have been complaints about slow response times and a lack of expertise.
Comparison Results: IBM Security QRadar and Splunk Enterprise Security have similarities in terms of setup complexity and value in detection capabilities and user-friendliness. IBM Security QRadar offers a wide range of features, including real network monitoring, security orchestration automated response, and risk scoring for user activity. Splunk Enterprise Security is praised for its search function, session reports, and graphing capabilities, as well as scalability and machine learning capabilities. IBM Security QRadar may have an advantage in features and pricing, while Splunk Enterprise Security may have an advantage in search capabilities and scalability.
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Log aggregation and data connectors are the most valuable features."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"There are other third-party plugins that we can use."
"The timeline and machine learning features are great."
"IBM QRadar Advisor with Watson is a stable solution."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"Improves visibility and has a great new dashboard."
"The visibility it gives you into your infrastructure has been great."
"The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log."
"The most valuable features are how stable and easy to use Splunk is."
"The product has a good security posture."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The Splunk user community and forum are most valuable."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The product can be improved by reducing the cost to use AI machine learning."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The solution could improve the playbooks."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"I would like to see more AI used in processes."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The solution should include remote action capabilities."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The product can be a bit complex."
"Each module requires a separate license and a separate cost."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The configuration had a bit of a learning curve."
"You do need a lot of training and certification with this product."
"The solution could improve by giving more email details."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"The product must improve insider threat detection."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
IBM Security QRadar is ranked 6th in Log Management with 47 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 71 reviews. IBM Security QRadar is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of IBM Security QRadar writes "Good dashboard and helpful third-party plugins but technical support could be better". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". IBM Security QRadar is most compared with Wazuh, Elastic Security, LogRhythm SIEM, ArcSight Logger and Fortinet FortiSIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, Elastic Security, Azure Monitor and Zabbix. See our IBM Security QRadar vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.