IBM Security QRadar and Splunk User Behavior Analytics are competing in the security monitoring and analytics category. QRadar stands out with its comprehensive feature set, whereas Splunk offers advanced analytics versatility and data processing speed.
Features: IBM Security QRadar provides an extensive range of security monitoring features. It includes log management and application monitoring, powered by Watson's cognitive computing. QRadar is user-friendly with robust installation capabilities and integrates well with other systems. Similarly, Splunk User Behavior Analytics excels with advanced analytics, customizable dashboards, and quick real-time data processing. It is recognized for its scalability and integration capabilities, making it suitable for complex environments.
Room for Improvement: QRadar could improve its visualization and incident management interfaces, as well as streamline its rule/event tuning processes. Improvements in user behavior analytics are also needed. Splunk User Behavior Analytics faces challenges with its machine learning algorithms, as they sometimes yield false positives and require more pre-built use cases. Its intricate dashboards might require extra scripting for better optimization. Both platforms need to enhance their integration with third-party applications.
Ease of Deployment and Customer Service: IBM Security QRadar is primarily deployed on-premises but also supports hybrid cloud setups. Users report varying experiences with technical support, which can be slow in complex scenarios. Splunk User Behavior Analytics offers flexibility in public cloud deployments but often encounters technical support responsiveness issues and frequent price adjustments. QRadar users value its global support reach, while Splunk is praised for its integration and deployment options.
Pricing and ROI: IBM Security QRadar is considered a costly option, priced based on events per second (EPS). It provides a good return on investment, especially due to its extensive functionality and reduced manpower needs. On the contrary, Splunk User Behavior Analytics is viewed as more expensive, with licensing costs based on the volume of data processed. Its investment can be justified by its scalability and comprehensive features, yet the pricing structure may not align with all budgets.
With SOAR, the workflow takes one minute or less to complete the analysis.
AWS gives the chance to implement a solution out of the box with use cases that are already in IBM Security QRadar.
Investing this amount was very much worth it for my organization.
The solution can save costs by improving incident resolution times and reducing security incident costs.
They assist with advanced issues, such as hardware or other problems, that are not part of standard operations.
Support needs to understand the issue first, then escalate it to the engineering team.
The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it.
Mission-critical offering a dedicated team, proactive monitoring, and fast resolution.
From the responsiveness perspective, Splunk is very responsive with SLA-bound support for premium tiers.
I would rate their technical support as 8.5 out of 10.
For EPS license, if you increase or exceed the EPS license, you cannot receive events.
Splunk User Behavior Analytics is highly scalable, designed for enterprise scalability, allowing expansion of data ingestion, indexing, and search capabilities as log volumes grow.
I think QRadar is stable and currently satisfies my needs.
The product has been stable so far.
With built-in redundancy across zones and regions, 99.9% uptime is achievable.
Splunk User Behavior Analytics is a one hundred percent stable solution.
Splunk User Behavior Analytics is highly stable and reliable, even in large-scale enterprise environments with high log injection rates.
We receive logs from different types of devices and need a way to correlate them effectively.
If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules.
IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.
Global reach allows deployment of apps and services closer to users worldwide, but data sovereignty concerns exist and region selection must align with compliance requirements.
I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.
High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed.
Splunk is more expensive than IBM Security QRadar.
It was costly mainly because of the value you can get right now compared to other solutions.
It depends on how much you want to spend.
Reserved instances with one or three-year commitments offer lower rates, providing up to 70% savings.
Compared to all other products in the market, it is the most expensive one in all aspects including professional service and licenses, even the cloud version.
Comparing with the competitors, it's a bit expensive.
Recently, I faced an incident, a cyber incident, and it was detected in real time.
IBM Security QRadar gives the opportunity to improve the time to market of the releases with a great evaluation of cybersecurity breaches.
IBM is seeking information about IBM QRadar because a part of QRadar, especially in the cloud, has been sold to Palo Alto.
I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.
The dashboards themselves are nice, very good, and very helpful, but the accuracy of the data or the information that will be presented on the dashboard is something that needs to be questioned.
Features like alerts and auto report generation are valuable.
| Product | Market Share (%) |
|---|---|
| IBM Security QRadar | 9.0% |
| Splunk User Behavior Analytics | 8.0% |
| Other | 83.0% |
| Company Size | Count |
|---|---|
| Small Business | 90 |
| Midsize Enterprise | 36 |
| Large Enterprise | 103 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 5 |
| Large Enterprise | 12 |
IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.
IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats.
IBM QRadar Log Manager
To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.
Some of QRadar Log Manager’s key features include:
Reviews from Real Users
IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.
Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
