2020-02-13T10:04:00Z

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?

I work as the Head of Security Administration for a financial services firm with 10,000+ employees. 

We are currently researching Exabeam, IBM Radar, and Securonix UEBA. What are the biggest differences between the three? Which would you recommend?

Thanks! I appreciate the help.

DC
Jefe de Administración de Seguridad at a financial services firm with 10,001+ employees
  • 1
  • 56
2
PeerSpot user
2 Answers
it_user900120 - PeerSpot reviewer
IT Specialist at a tech services company with 51-200 employees
Real User
2020-02-17T10:40:28Z
Feb 17, 2020

It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information ingested) but with a firm on 10k+ I wouldn't be so sure that this means a better price. The total cost of ownership would be more linear though. On the other hand QRadar is by far a better SIEM solution and if your use-cases lean towards that, then I would suggest looking towards Qradar. Qradar does have a steeper learning curve but that's purely because of the richer feature set, it just takes more time to take it all in.

Product comparison that may be of interest to you
reviewer1285209 - PeerSpot reviewer
Tech Lead at a tech services company with 1,001-5,000 employees
Real User
Top 5
2020-02-18T06:13:46Z
Feb 18, 2020

All three security solutions are defined and different smartness they hold it all depends on how is your requirement.

Securonix UEBA is a Hadoop bases UEBA technology tool the tools understand the infrastructure and users and then work accordingly. (Wide Customer industry support) (Average cost)

IBM QRadar is a SIEM with all in the composite tool can bring in UEBA and other security solution. (Wide Customer industry support) (Average cost)

Exabeam is a mathematical bases security solutioning tool, it learns infra and then provides a solution, it's a bit noisy in some instances. (Medium Customer industry support) (Costly)

If you tell us what exactly you require or how id your infra set up, then it would good to suggest a tool.

Find out what your peers are saying about Exabeam Fusion SIEM vs. IBM Security QRadar and other solutions. Updated: May 2023.
710,326 professionals have used our research since 2012.
Related Questions
Liam Brandt - PeerSpot reviewer
User at Catalyic Consulting (Pvt.) Ltd
Mar 22, 2023
Hi community, Please let us know your thoughts in the comments below. Thank you!
See 2 answers
VS
User at RAS Unipers
Mar 14, 2023
Hi, in my opinion, because it is still the best at giving you visibility of what's happening in your IT infrastructure, and at detecting threats. Visibility and detection may seem simple tasks. but actually, they require a lot of capabilities in understanding, integrating, logging, and alarms from a huge multitude of devices. Such tasks go under the line of log ingestion, normalization, etc., and that is far from easy. QRadar has done a lot of work in that direction. Another aspect is event correlation. And here, either you write the correlation rules yourself, spending $$$$ of professional services, and by the way, it'll take forever to test, implement and maintain up to date, or your access to a very long list of preset correlation rules, that are already available and waiting to be activated. Finally, visibility and threat detection is just the beginning of a journey pointed at becoming aware of what's happening in your IT and taking relevant and effective action. There are several other technologies that have to be used to minimize exposure, and contain, and remediate relations to an attack. I believe IBM has a few of those, that can be integrated. But whichever you use at the end of this journey, if the original feed is not correct, not relevant, or not complete, you missed your goal in the first place.My 5 cents :)VS
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Mar 22, 2023
I´m not sure about this affirmation. There are a lot of other tools used.
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
Oct 18, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 4 answers
SU
Team Lead - Information Security at LTI - Larsen & Toubro Infotech
Feb 6, 2022
I can't speak to the exact pricing. I've never looked at its commercial costs.
RR
Cyber Security Specialist at UST Global
May 12, 2022
Licensing is mostly dependent on the EPS, events per second. Depending upon the number of products that are integrated with the platform, we have to come to an optimal EPS value. I'm not very sure about the financials, however, the licensing cost cannot be as much as that for Sentinel, which is not very low. For customers who need medium EPS values, we advise QRadar. The basic out the box cost covers, the EPS value that you have specified, and then some archiving maybe. It should include at least six months of archiving and other functionalities. Most of the customers will go for the standard package and we don't have to go for extra archival or enhanced DPS. 10% to 15% of DPS can always be increased. It will not completely shut down the system, however, it'll start sending us notifications that the DPS is getting increased and then we can go for a higher licensing.
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 30, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Security Orchestration Automation and Re...
See 1 comment
Dec 30, 2022
I noticed that you mentioned a few SOAR vendors in the list, however, I would like to bring to your attention that Critical Start, Exabeam Fusion, and McAfee ePolicy are not SOAR providers.
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top User Behavior Analytics - UEBA Tools...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 9, 2021
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis. In today’s ever-evolving cybersecurity climate, businesses face more threats than ever before. Finding the right SIEM is crucia...
2 out of 6 comments
CH
Visionary at Whaduu, LLC
Jul 12, 2021
Excellent article.  ArcSight claims to use ML - they are not listed under ML here (?).  Can LogRhythm handle your correlation logic example?  A simple comparison table would be very useful (features, checkmarks).
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jul 12, 2021
@CraigHeartwell, ​thanks for your spelling correction.  ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic. SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
2 out of 3 comments
MK
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
JS
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Moderator
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
Product Comparisons
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 30, 2022
Top Security Orchestration Automation and Response (SOAR) Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Top 7 User Behavior Analytics (UEBA) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing Exabeam Fusion SIEM and IBM Security QRadar based on reviews, features, and more! Updated: May 2023.
DOWNLOAD NOW
710,326 professionals have used our research since 2012.