Cisco now offers advanced security analytics via the eponymous Cisco Endpoint Security Analytics, a solution that delivers Cisco AnyConnect endpoint data to prebuilt Splunk analytics and dashboards. The vendor states that the service provides deep endpoint insight that even EPP and EDR solutions don't address.
N/A
IBM Security QRadar SIEM
Score 8.9 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.
N/A
Pricing
Cisco Endpoint Security Analytics
IBM Security QRadar SIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Endpoint Security Analytics
IBM Security QRadar SIEM
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Cisco Endpoint Security Analytics
IBM Security QRadar SIEM
Features
Cisco Endpoint Security Analytics
IBM Security QRadar SIEM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Cisco Endpoint Security Analytics
-
Ratings
IBM Security QRadar SIEM
8.5
69 Ratings
9% above category average
Centralized event and log data collection
00 Ratings
9.927 Ratings
Correlation
00 Ratings
8.669 Ratings
Event and log normalization/management
00 Ratings
9.527 Ratings
Deployment flexibility
00 Ratings
7.827 Ratings
Integration with Identity and Access Management Tools
Cisco Endpoint Security Analytics is best suited for larger environments that need a window into basic logs of what users are experiencing. It provides adequate protection. We have had some issues with false positive detection of apps that are common, especially when downloading program setup files and such. Overall, it is a decent product.
I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.
Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
QRadar is an established and stable product, we have been using it for many years and want to continue to focus on it. Anyone who has used the product and knows it knows how reliable it is and how it facilitates continuous monitoring of threats from outside and inside. it is an exceptional product that is very useful for us.
Cisco Endpoint Security Analytics is semi easy to use. However, the reports are sometimes a bit lacking in detail. We do get alerts when someone encounters something malicious. However, it would be nice to see a bit more detail as to where the malicious file came from so that we can better protect our network.
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
Cisco Endpoint Security Analytics is easier to use than any of these products and seems to offer a better level of security. Symantec has failed to deliver any kind of support or updates since the Broadcom acquistion. The other products seem to be more geared to home or small office use. We chose Cisco Endpoint Security Analytics because we trust the brand and it seems to offer more features than the competition.
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.
