We performed a comparison between IBM Security QRadar and Logsign Next-Gen SIEM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"No doubt about it, the solution is extremely stable."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"The product has plenty of features and capabilities."
"It is the core of our entire SOX."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"The most valuable features of Logsign SIEM are its cloud capabilities, alerting functionality, integration with Elastic Search, and configuration options."
"Logsign provides sample logs within the product, allowing users to see how logs will appear before integration, which is a valuable feature for testing and understanding log formats."
"The AI capabilities must be improved."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The playbook is a bit difficult and could be improved."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
"The user interface is a bit clunky, a bit hard to find what you need."
"I would like to see a better GUI."
"I would like to see the update process simplified."
"The usability of interfaces could be improved."
"The user interface is a bit difficult to get used to."
"The implementation and configuration are not easy."
"We have had problems with networking."
"Improvements needed in Logsign SIEM are providing specific security alerts that can be filtered and configured more effectively."
"I hope they address the pricing model for Logsign Next-Gen SIEM, especially regarding regional variations. The pricing should not differ based on the country of operation as it can lead to dissatisfaction among customers. A fixed pricing structure would be more favorable for us. I would also suggest enhancing the GUI interface and adding features similar to xFi Exchange from IBM Pure. This would streamline operations and save time for analysts."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Logsign Next-Gen SIEM is ranked 39th in Security Information and Event Management (SIEM) with 3 reviews. IBM Security QRadar is rated 8.0, while Logsign Next-Gen SIEM is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Logsign Next-Gen SIEM writes "Easy to use and find the features that you need". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Logsign Next-Gen SIEM is most compared with Grafana Loki, Wazuh, Logpoint, ManageEngine EventLog Analyzer and Sematext Logs. See our IBM Security QRadar vs. Logsign Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.