We performed a comparison between IBM Security QRadar and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA)."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"Vulnerability data, network data and the like, are part of correlation and detection."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"The threat hunting capabilities in general are great."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"It can be easily deployed with the other solutions."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"I like the ease of deployment."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"Compared to other solutions, the user interface is good."
"One key area that can be improved is by building a strong integration with our XDR platform."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The troubleshooting has room for improvement."
"We are invoiced according to the amount of data generated within each log."
"Some of the cloud apps need improvement."
"IBM is going through some problems with its resources currently making its support response time slow."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"It is not app based."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"I would like to see more integration in place after the security lock."
"It needs more resilience and functionality."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"There should be support for multitenancy in the product."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The initial setup is difficult and could improve."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. IBM Security QRadar is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), LogRhythm SIEM, Splunk Enterprise Security, Trellix Helix and SQRRL. See our IBM Security QRadar vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.
The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.
I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.
Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.
is it the same now for Alienvault? What level of Linux knowledge is needed?
I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.