IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?

What are your experiences with these vendors/solutions? Pros and Cons?

Community Manager at PeerSpot (formerly IT Central Station)
  • 6
  • 50
PeerSpot user
6 Answers
it_user235365 - PeerSpot reviewer
User at a tech company with 51-200 employees
May 7, 2015

Hello ,
As someone who worked with Splunk, Arcsight and Qradar.
I am sorry but you cant compare between those two .
IBM QRADAR works great with 100 eps and with 100000 eps.
IBM Qradar analyze not only logs but Traffic, Policey's, Vulnerabilities, OSINT Data and integrates them all into a single quilty event which made the analysis factor and easter Risk management Risk assessment.
Even in an SMB business
So you cant compare those two.

Product comparison that may be of interest to you
it_user129240 - PeerSpot reviewer
User at a tech services company
Jun 26, 2014

I cannot respond to the query as I have worked with solutions based on NetIQ and AcrSight.
1. I feel the query is very generic and can not have any tangible response other than users listing their side of the stories (experience) while tabulating Pros & Cons would be inconclusive.
2. The vendors mentioned (McAfee, Splunk, LogRhythm and IBM Q1 Labs) are from the top quadrant and are very much comparable based on evaluation parameters such as List of Features, capabilities and capacities, Integration to other corporate IT security tools etc. 
3. Methodology used by Gartner for evaluation of vendors for SIEM Quadrant should also be kept in view to get a realistic comparison. I feel, its not a real Apple-to-Apple comparison nor can be used as a measure to influence the decision making for a new deployment (or migration to another vendor)
4. I also feel that vendor experiences, most of the times are dependent on how clear you are of your own Security Landscape, Compliance & Regulatory drivers and requirements. 

Rajendra Nag

Information Security Engineer at a cloud provider with 51-200 employees
Real User
Jun 26, 2014

Unfortunately while evaluating SIEM solutions I was unable to evaluate the IBM solution. I tried to work with IBM for two weeks to get an evaluation of the product and finally gave up.

I think Splunk is an incredibly diverse and flexible product; however, if you are just looking for a SIEM I think it's a bit overcomplicated.

Our company choose SolarWinds LEM due to it's ease of deployments for small to mid sized environments and we have a good track record working with SolarWinds as a vendor.

it_user3405 - PeerSpot reviewer
Partner at a tech services company with 51-200 employees
Jun 25, 2014

I asked this question in a previous discussion, what is your experience with the solutions?

I went to Infoworld and found some pretty interesting results - http://www.infoworld.com/log-management-solutions-the-features-781

It seems that based on price, GFI took the prize with $220/server $22/workstation.

But based on features and sheer capability, Arcsight took the prize there.

Additional findings bring up HP Arcsight, IBM Q1 Radar and McAfee Nitro as the industry leaders - Gartner Magic Quadrant from 2013 - http://infosecnirvana.com/siem-product-comparison-101/

But if you were to go to the comparison charts:

HP Arcsight - Complex, Suited for Medium to large deployments, learning curve, skilled employees
IBM Q1 Radar - Limited Customization, limited multitenancy support, limited use case configuration
McAfee Nitro - Very basic correlation capabilities, requires agent installs, no analytics capability, limited customization, limited support for multi-tier, multi-tenancy

There are others these seem to be the leaders in the industry.

So from the report from Gartner, Infoworld and Infosecnirvana.com, they all seem to think that HP Arcsight is the way to go


it_user114555 - PeerSpot reviewer
Business Development Manager at Qualys
Jun 25, 2014


I disgree for SME installation since Q1 is usually on a large scale
installation. While expertise on the product is still needed including
integration with other security platforms.

Splunk/LogRythm is good for Network correlation only not focusing much on the
security area.

McAfee is ok for both SME and Enterprise whilst expertise should also be
considered as they have an easy and available tool for integration with their
ticketing system, IPS, and AV.

Hope this helps.


it_user123231 - PeerSpot reviewer
User at a tech company with 51-200 employees
Jun 25, 2014

Its is now an easy and clear answer.
It depends on the environment, the integration needed, and the staff expertise.

IBM is usually a better solution for large/very large installations and integration.
But it requires much more staff and skills.

But for smaller environments Splunk and LogRhytm is better.

McAfee is correctly rated against others.

So the answer is YES/AGREE for large installations.

And NO/DISAGREE for smaller ones.

Find out what your peers are saying about IBM Security QRadar vs. LogRhythm SIEM and other solutions. Updated: May 2023.
708,461 professionals have used our research since 2012.
Related Questions
Liam Brandt - PeerSpot reviewer
User at Catalyic Consulting (Pvt.) Ltd
Mar 22, 2023
Hi community, Please let us know your thoughts in the comments below. Thank you!
See 2 answers
User at RAS Unipers
Mar 14, 2023
Hi, in my opinion, because it is still the best at giving you visibility of what's happening in your IT infrastructure, and at detecting threats. Visibility and detection may seem simple tasks. but actually, they require a lot of capabilities in understanding, integrating, logging, and alarms from a huge multitude of devices. Such tasks go under the line of log ingestion, normalization, etc., and that is far from easy. QRadar has done a lot of work in that direction. Another aspect is event correlation. And here, either you write the correlation rules yourself, spending $$$$ of professional services, and by the way, it'll take forever to test, implement and maintain up to date, or your access to a very long list of preset correlation rules, that are already available and waiting to be activated. Finally, visibility and threat detection is just the beginning of a journey pointed at becoming aware of what's happening in your IT and taking relevant and effective action. There are several other technologies that have to be used to minimize exposure, and contain, and remediate relations to an attack. I believe IBM has a few of those, that can be integrated. But whichever you use at the end of this journey, if the original feed is not correct, not relevant, or not complete, you missed your goal in the first place.My 5 cents :)VS
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Mar 22, 2023
I´m not sure about this affirmation. There are a lot of other tools used.
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
Apr 14, 2023
Hi Everyone, What do you like most about IBM QRadar Advisor with Watson? Thanks for sharing your thoughts with the community!
2 out of 11 answers
Team Lead - Information Security at LTI - Larsen & Toubro Infotech
Feb 6, 2022
We've found the solution to be scalable.
IM Operations Manager at a tech services company with 1,001-5,000 employees
Apr 25, 2022
IBM QRadar Advisor with Watson is a stable solution.
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 9, 2021
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis. In today’s ever-evolving cybersecurity climate, businesses face more threats than ever before. Finding the right SIEM is crucia...
2 out of 6 comments
Visionary at Whaduu, LLC
Jul 12, 2021
Excellent article.  ArcSight claims to use ML - they are not listed under ML here (?).  Can LogRhythm handle your correlation logic example?  A simple comparison table would be very useful (features, checkmarks).
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jul 12, 2021
@CraigHeartwell, ​thanks for your spelling correction.  ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic. SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
2 out of 3 comments
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jan 24, 2023
It is important to retain logs for a significant amount of time in order to be able to investigate and analyze past attacks. This allows security teams to identify patterns and trends that can aid in the detection and prevention of future attacks. The retention period will vary depending on the organization's specific requirements and regulations, but it is generally recommended to keep logs ...
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
Product Comparisons
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 9, 2021
The Math of SIEM Comparison
There are many comparisons and scoring reports like Gartner. But a small part of their scoring...
Download Free Report
Download our FREE report comparing IBM Security QRadar and LogRhythm SIEM based on reviews, features, and more! Updated: May 2023.
708,461 professionals have used our research since 2012.