Cisco Secure Network Analytics vs. IBM Security QRadar SIEM

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Cisco Secure Network Analytics
Score 8.9 out of 10
N/A
Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.N/A
IBM Security QRadar SIEM
Score 8.9 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.N/A
Pricing
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Free Trial
NoYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Considered Both Products
Cisco Secure Network Analytics
Chose Cisco Secure Network Analytics
I wasn't involved in the decision-making when it happened. It was a couple of years ago, but I can't think of the vendor's name. They used to be here at Cisco Live. But it was another NetFlow vendor, but they were strictly NetFlow and all they did was just a net flow and the …
Chose Cisco Secure Network Analytics
After integrating and developing a lot of security features in MF NNM, we were not able to meet the requirements from the customer. After the alternative research, we got to know about this Cisco Secure Network Analytics tool and after implementing the same, we finally were …
Chose Cisco Secure Network Analytics
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. …
Chose Cisco Secure Network Analytics
In order for Armis to truly provide value, it will require spans and taps at every location. This is not feasible in most places since not all sides have the infrastructure to support this and now you are required to support an additional appliance at every site. Stealthwatch …
Chose Cisco Secure Network Analytics
Wireshark is a good option in a lower budget, but Wireshark also has lesser security as compared to Cisco which compelled us to look for something else in [the] same price but with more better features.
Chose Cisco Secure Network Analytics
We use this in concert with Stealthwatch to help cut through the noise and get quicker drilldown times.
Chose Cisco Secure Network Analytics
In addition [to] Cisco SteathWatch, we highly evaluated Cisco AnyConnect and Cisco Advanced Malware Protection for Endpoints (Cisco APM4E). Often [these] solutions complement each other and improve network security level. Each of them separate[ly] [are] handy products for …
Chose Cisco Secure Network Analytics
Cisco has advantages in terms of the following:
1. Encrypted Traffic Analytics provides visibility and control to traffic without the need to decrypt it.
2. Threat detection that collects proxy records and associates them with flow records, delivering the user application, and …
Chose Cisco Secure Network Analytics
I haven't used any other products like StealthWatch in the past.
Chose Cisco Secure Network Analytics
NTOP is the only thing out there, in my opinion, that provides similar type of visibility. But StealthWatch is the product all vendors should strive to emulate. It is easy to install; it is easy to configure; it works as advertised (and then some). I do recommend the …
Chose Cisco Secure Network Analytics
Cisco Secure Network Analytics is in a class of its own and some of these products come close but are not in the same class. The other products I tested take a lot more of them to get the same results you would from the Enterprise class of Cisco products. I have been very happy …
IBM Security QRadar SIEM
Chose IBM Security QRadar SIEM
Due to its performance, it is a more practical way to analyze and respond to an incident. It is a graphic with good interaction and multiple integrated platforms.
Chose IBM Security QRadar SIEM
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I …
Chose IBM Security QRadar SIEM
We chose IBM Security QRadar SIEM not only because it was a leader but because it convinced us it was a solid product suitable for multiple scenarios but most importantly we needed a really secure and powerful software for our infrastructure.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM has been quite a revolutionary siem solution compared to its counterparts. Be it the use case building to maintaining log source integrations, Qradar has proved to be one of the most efficient and easy to use solution. Having IBM SOAR along with the …
Chose IBM Security QRadar SIEM
Because is easy to use and if you don't have analysts with database language skills IBM Security QRadar SIEM is easy to use in comparison to Splunk.
Chose IBM Security QRadar SIEM
Because they are the best and most used tools in the Cyber ​​Security market for event correlation.
Chose IBM Security QRadar SIEM
It provides practicality by containing several domains in a single tenant and being able to subdivide them in a single place, in addition to the fact that the price is very competitive in the market.
Chose IBM Security QRadar SIEM
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can …
Chose IBM Security QRadar SIEM
We select a IBM Security QRadar SIEM because is better to integrate a our SIEM QRADAR.
Chose IBM Security QRadar SIEM
I still don't have experience with other SIEM solutions.
Chose IBM Security QRadar SIEM
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar …
Chose IBM Security QRadar SIEM
Qradar is on my top choice because I have hands-on experience on it. on qradar it is much easier to investigate in case of any incident happend.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM offers a wide range of features and capabilities, such as behavioral analysis, event correlation and incident management, making it a robust and effective choice.
Chose IBM Security QRadar SIEM
Rapid7 InsightIDR and Paladion
Chose IBM Security QRadar SIEM
QRadar's open architecture is easy to integrate with a wide range of security tools and third-party applications, which are available at the IBM X-force library to enhance overall flexibility. Its powerful analytics and correlation capabilities provide advanced threat detection …
Chose IBM Security QRadar SIEM
I would take below parameters to say IBM Security QRadar SIEM is better than other SIEM tools such as netwitness SIEM"

1) Easy to Use
Chose IBM Security QRadar SIEM
I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better …
Chose IBM Security QRadar SIEM
User friendly and use case management portal which helps to get brief idea about security posture based on mitre mapping is best thing i have experienced in qradar.
Chose IBM Security QRadar SIEM
price, to be honest IBM Security QRadar SIEM package is very good for most customers than Splunk and Sentinel
Chose IBM Security QRadar SIEM
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its …
Chose IBM Security QRadar SIEM
It's in the middle of this chart, Splunk from my point of view it's still the best SIEM actually and Sentinel it's very easy to use.
Chose IBM Security QRadar SIEM
IBM Qradar is cheaper and also easy to use.
For splunk you need dedicated team of experts.
Chose IBM Security QRadar SIEM
As a part of core security service provider, we could not stand with the tools that are used as a generic data processor. The compliance, log reading and events are well managed in QRadar compared to other tools
Features
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Cisco Secure Network Analytics
-
Ratings
IBM Security QRadar SIEM
8.5
Ratings
10% above category average
Centralized event and log data collection00 Ratings9.90 Ratings
Correlation00 Ratings8.60 Ratings
Event and log normalization/management00 Ratings9.50 Ratings
Deployment flexibility00 Ratings7.80 Ratings
Integration with Identity and Access Management Tools00 Ratings8.90 Ratings
Custom dashboards and workspaces00 Ratings7.50 Ratings
Host and network-based intrusion detection00 Ratings9.70 Ratings
Data integration/API management00 Ratings9.00 Ratings
Behavioral analytics and baselining00 Ratings7.60 Ratings
Rules-based and algorithmic detection thresholds00 Ratings8.00 Ratings
Response orchestration and automation00 Ratings7.70 Ratings
Reporting and compliance management00 Ratings7.90 Ratings
Incident indexing/searching00 Ratings8.90 Ratings
Best Alternatives
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Small Businesses

No answers on this topic

LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 3.8 out of 10
Medium-sized Companies
InsightIDR
InsightIDR
Score 9.5 out of 10
Sumo Logic
Sumo Logic
Score 9.4 out of 10
Enterprises
InsightIDR
InsightIDR
Score 9.5 out of 10
Sumo Logic
Sumo Logic
Score 9.4 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Likelihood to Recommend
7.6
(0 ratings)
8.4
(0 ratings)
Likelihood to Renew
8.0
(0 ratings)
7.3
(0 ratings)
Usability
7.3
(0 ratings)
9.1
(0 ratings)
Availability
7.0
(0 ratings)
-
(0 ratings)
Support Rating
7.9
(0 ratings)
8.1
(0 ratings)
Implementation Rating
8.0
(0 ratings)
-
(0 ratings)
Ease of integration
8.0
(0 ratings)
8.1
(0 ratings)
User Testimonials
Cisco Secure Network AnalyticsIBM Security QRadar SIEM
Likelihood to Recommend
Cisco
Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your
network in any case.
Read full review
QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Read full review
Pros
  • It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
Read full review
  • Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
  • Facilitates security incident investigation and forensic analysis.
  • Provides a real-time view of security events, enabling immediate incident response.
  • Can integrate with external threat intelligence sources to enrich data and improve threat detection.
  • Enables the generation of detailed and customized reports.
Read full review
Cons
  • Tool is little hard to configure so need to be light to save resource consumption.
  • Features are so in-depth that integrated guidance should be available to help the users on how to use.
  • Graphical view can be improved to make it more convenient to understand the data representation.
Read full review
  • Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
  • While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
  • IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
Read full review
Likelihood to Renew
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
Read full review
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review
Usability
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
Read full review
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
Read full review
Reliability and Availability
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Read full review
No answers on this topic
Support Rating
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Read full review
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review
In-Person Training
No answers on this topic
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
Online Training
No answers on this topic
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
Implementation Rating
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
Read full review
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
Read full review
Alternatives Considered
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. Ultimately, these platforms accomplish the visibility, but do little else in the overall IT/security ecosystem of product, making them "dead end" data flow products where data goes in but does not share elsewhere.
Read full review
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.
Read full review
Return on Investment
  • Once tuned and baselines established, it is far easier to identify issues on a network
  • Management is able to look at the dashboard and fairly quickly get an update on the status of how the network is performing and what threats may be out there
  • Reports can be scheduled to send on a regular basis to all involved with management of the infrastructure and the security team
Read full review
  • Like any cybersecurity product, any money you don't lose on a prevented attack is money that you saved
  • Most of the apps are free and provides great enrichment like User Behaviour Analytics
  • Top quality alerts gives enormous value to the "passive" data that flows into the infrastructure
Read full review
ScreenShots

IBM Security QRadar SIEM Screenshots

Screenshot of QRadar SIEM Cloud native- Threat intelligence preview