Due to its performance, it is a more practical way to analyze and respond to an incident. It is a graphic with good interaction and multiple integrated platforms.
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I …
We chose IBM Security QRadar SIEM not only because it was a leader but because it convinced us it was a solid product suitable for multiple scenarios but most importantly we needed a really secure and powerful software for our infrastructure.
IBM Security QRadar SIEM has been quite a revolutionary siem solution compared to its counterparts. Be it the use case building to maintaining log source integrations, Qradar has proved to be one of the most efficient and easy to use solution. Having IBM SOAR along with the …
It provides practicality by containing several domains in a single tenant and being able to subdivide them in a single place, in addition to the fact that the price is very competitive in the market.
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can …
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar …
IBM Security QRadar SIEM offers a wide range of features and capabilities, such as behavioral analysis, event correlation and incident management, making it a robust and effective choice.
QRadar's open architecture is easy to integrate with a wide range of security tools and third-party applications, which are available at the IBM X-force library to enhance overall flexibility. Its powerful analytics and correlation capabilities provide advanced threat detection …
I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better …
User friendly and use case management portal which helps to get brief idea about security posture based on mitre mapping is best thing i have experienced in qradar.
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its …
As a part of core security service provider, we could not stand with the tools that are used as a generic data processor. The compliance, log reading and events are well managed in QRadar compared to other tools
The compare well against the others - the pricing models for all but Splunk (free version) are based on EPS/TB consumed... the problem they pose is guesstimating the price tag per month. SolarWinds Security Event Manager gets around that.
It came down to price on this one. SolarWinds gave us a great break on
it. For the features that we were looking for, SolarWinds is a great
value for our dollar. As far as features go, we were looking for some
Solarwinds Security Event Manager (SEM) is the best solution for price/performance. The solution has an easily understandable architecture and also the solution can be installed easily. The solution is a very stable and fast solution for our company size.
Fortianalzyer can only do logs from FortiGate so usefulness is limited. Elasticsearch was a lot slower than Solarwinds and the filters were a lot harder to set up and use. The connectors for SEM were far more stable.
Splunk was a pretty good product but the licensing structure needed a lot of work. They changed the structure three times that I am aware and I still had problems understanding LogRhythm had a lot of issues correlating users to IP addresses, the mappings were frequently wrong …
We found that SolarWinds performed poorly when the Architecture included many large data centers spread across the globe. When evaluating the SolarWinds Security Event Manager (SEM) solution we quickly realized that we needed a distributed architecture with log aggregation to …
We chose this product because of its integration to SolarWinds Orion. We were Threat Monitor users previously. This product has been a great substitute. Dollars to dollars this product performs fairly well.
SEM is much better value proposition due to being priced by node and not by size of the event database. It's also much easier to configure that splunk and needs much less infrastructure to run. Out of the box SEM beats splunk on functionality. We looked at many products and …
I find Tripwire Log Center to be adequate and stable but it lacks the graphics and the unified UI that you can have with SolarWinds products. It is also not as simple to set up and operate. One more advantage that SolarWinds products have is the THWACK forum, a big user base …
It is a bit hard to compare, since Cortex XDR is kind of a different starship, with endpoint protection and such, and not really great for auditing Windows Event Logs. ELK stack on the other hand is free in some of it's editions but seems much similar then Cortex. SolarWinds SEM …
We picked SolarWinds because of the better price point, integration with other SolarWinds products, and the ease of training. Because we were already familiar with the SolarWinds way of doing alerts and reports, it made this product a nice fit for our company and it has great …
The first reason is the ease of installation. Unlike competitor, SEM was running and partially deployed within a day. With the defaults already in the SEM, it's super easy to get result quickly, without a consultant. Also, it's not too resource-intensive, and does not …
SolarWinds SEM was selected because it integrates with VMAN on the Orion platform and allows all monitoring information and alerts to be aggregated in one place.
Several clients have moved away from LogRhythm because of cost. SEM offers the best ROI for the function. Its interface is much cleaner then LogRhythm. However, there is a steeper learning curve with SEM. The ease of search and data integrity offered by SEM is definitely a …
I know the Qradar is not the right SIEM tool to compete with Solarwinds SEM but when we looked from a cost, audit & compliance perspective (which are major for many customers), we knew the log management and compliance with regulation would be achieved with SEM. But no machine …
SolarWinds provides support so when you have problems you don't need to turn to information bases as you can just get a hold of SolarWinds support. I would say another reason for getting SEM is that it is generally easier to configure and easier to learn than the other …
I have additionally used Netwrix Auditor, which has some similarity with SolarWinds SEM. I use both hand in hand, but typically use the SEM first since it is easier to manage. With Netwrix custom searches are more complex than customer searches in the SEM. The SEM makes it easy …
We implemented SolarWinds Security Event Manager to replace our Cisco MARS appliance. We found the Cisco MARS appliance cumbersome and difficult to connect to and use, as well as very costly from a support and maintenance perspective. SolarWinds Security Event Manager has more …
QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Solarwinds SEM is great for generating reports for investigation purposes. Once you set up the connectors you can walk away and the product runs without needing maintenance. It was however pretty difficult to create the reports and alerts when now starting out and it can be very intimidating for new users.
SolarWinds easily provides the much needed visibily into changes in an Active Directory (AD) environment. Email alerting can be configured to alert a team if an account is locked out, disabled by another users, or if users and/or computers accounts are created.
SolarWinds allowed a searchable audit feature. Microsoft Windows can be configured to log many different parts of a system, but search those logs can be difficult. SEM allows you to search for specific users or events.
Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
It is pretty likely that we will renew SEM when the time comes up. It is easy to use and maintain so there isn't much of a need to replace this product. It is also a pretty fair price for the capabilities provided by the SEM
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
It is very good - but you get what you pay for. The intent is not for a Fortune 500 that needs more "heavy lifting" with SolarWinds Security Event Manager & for whom the price tag is not (much of) a consideration.
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.
The compare well against the others - the pricing models for all but Splunk (free version) are based on EPS/TB consumed... the problem they pose is guesstimating the price tag per month. SolarWinds Security Event Manager gets around that.
It saves a lot of time when we had issues trying to figure out where the user account lockout was coming from.
With it being an affordable SIEM, we are able to have the ability to do the actions associated with a SIEM and the advantages of not “breaking the bank account”.