We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The most valuable feature is the machine learning module."
"Vulnerability data, network data and the like, are part of correlation and detection."
"It is the core of our entire SOX."
"It has very rich functionality."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"Search capabilities are sufficient for most tasks."
"The product is at the forefront of auto-remediation networking. It's great."
"The most valuable features are the indexing and powerful search features."
"Splunk is more user-friendly than some competing solutions we tried."
"It is a solution that helps test and measure customer satisfaction."
"The most valuable feature is the ability to search through a large amount of data."
"This is a good security product."
"Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"The solution lacks some maturity."
"There needs to be better integration with other applications."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"Dashboards and reports could provide better visualization of SIEM activity."
"The tech support is not that good."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"The correlation engine should have persistent and definable rules."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"The initial setup was complex because some of the configurations that we required needed customization."
"I'm not aware of any lacking features."
"There are occasional bugs."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
"In the future I would like to see simplified statistics and analytical threats."
More Splunk User Behavior Analytics Pricing and Cost Advice →
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 18 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Datadog, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Cynet, Exabeam Fusion SIEM and Varonis Datalert. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.