Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs USM Anywhere comparison

IBM and LevelBlue are both solutions in the Security Information and Event Management (SIEM) category. IBM is ranked #4 with an average rating of 7.8, while LevelBlue is ranked #31 with an average rating of 7.3. IBM holds a 9.5% mindshare in SIEM, compared to LevelBlue’s 1.2% mindshare. Additionally, 91% of IBM users are willing to recommend the solution, compared to 92% of LevelBlue users who would recommend it.
IBM Security QRadar
Read 204 IBM Security QRadar reviews
  • 17,086 Views
  • 10,926 Comparison Views
91% willing to recommend
USM Anywhere
Read 114 USM Anywhere reviews
  • 3,529 Views
  • 2,406 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

IBM Security QRadar and USM Anywhere are strong contenders in the security information and event management industry. Users favor USM Anywhere for its feature set, while IBM Security QRadar is praised for its support and pricing.

Features: Users appreciate the robust detection and response capabilities of IBM Security QRadar, along with its comprehensive monitoring tools and valuable threat hunting features. USM Anywhere stands out for its all-in-one functionality, integrating asset discovery, vulnerability assessment, and intrusion detection. Its cloud-native architecture and seamless integration with other tools make it a preferred choice for flexibility and scale.

Room for Improvement: IBM Security QRadar users often cite better scalability, more intuitive configurations, and enhanced user experience as areas for improvement. USM Anywhere users desire enhancements in reporting functions, more comprehensive threat intelligence feeds, and improvements in analytical capabilities.

Ease of Deployment and Customer Service: IBM Security QRadar typically receives praise for its on-premises deployment model and responsive customer service, despite the complex initial setup. USM Anywhere, with its cloud-based deployment, is appreciated for quick implementation. Customer support for USM Anywhere is positively reviewed, though some users experience occasional delays.

Pricing and ROI: IBM Security QRadar is viewed as cost-effective with potential for good ROI. USM Anywhere, despite being more expensive, is considered worth the price for its comprehensive features and ease of use. Both products are seen as good investments based on user reviews.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Security QRadar vs. USM Anywhere Report (Updated: November 2024).
Buyer's Guide
IBM Security QRadar vs. USM Anywhere
November 2024
Download the complete report
Helped 816,636 peers since 2012
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Ranking in Endpoint Detection and Response (EDR)
18th
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
USM Anywhere
Ranking in Log Management
34th
Ranking in Security Information and Event Management (SIEM)
31st
Ranking in Endpoint Detection and Response (EDR)
51st
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
114
Ranking in other categories
Compliance Management (11th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of IBM Security QRadar is 9.5%, up from 9.3% compared to the previous year. The mindshare of USM Anywhere is 1.2%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Q&A Highlights

it_user108681 - PeerSpot reviewer
Apr 04, 2017
Has anyone got experience in deployment of a SIEM solution?
This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.
See all answers
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
Read full review
Omer Jamil - PeerSpot reviewer
An easy-to-deploy tool that needs to improve its vulnerability scanning feature
To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We find predictive analysis capabilities valuable."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"Integration is very easy and the reporting is good."
"The most valuable feature is the integration with the GRD, for banking."
"The detection rate is good and the false positive rate is low."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"The best part of this solution is having a third-party SOC."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
More IBM Security QRadar pros
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"This solution can completely detect and prevent incidents on your network."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
More USM Anywhere pros
 

Cons

"Technical support is good, but not great."
"QRadar needs a lot of fine tuning"
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The whole process for support is something that needs to be improved."
"GUI needs to be improved."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
More IBM Security QRadar cons
"Different functions to customize reports should be added."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The only complex area of the setup was writing the custom scripts."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"It should be able to communicate with other security solutions to stop threats."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
More USM Anywhere cons
 

Pricing and Cost Advice

"Pricing and licensing are competitive. Their new licensing options allow logs to bypass the correlation engine for a flat rate, which is also appealing for log data that is compliance-driven for a small amount of money."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"Only enterprise businesses can afford the tool."
"QRadar is quite expensive. It wouldn't be worth it for a small business..."
"IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs."
"QRadar UBA's price is a little more than street price and could be reduced."
"It would be great if this product were cheaper."
"There is an annual license required for this solution."
More IBM Security QRadar pricing and cost advice
"​The price point is good.​"
"The ROI is quite good."
"I rate the price of AT&T AlienVault USM a four out of five."
"AlienVault is flexible on their pricing for unlimited licenses."
"Use the AlienVault team. They are helpful and the documentation that they provide is second to none."
"Negotiate the best package for your environment."
"They charge a license based on the storage. ATT AlienVault USM is a less expensive solution than IBM QRadar."
"The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up."
More USM Anywhere pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
816,636 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Answers from the Community

it_user108681 - PeerSpot reviewer
Apr 4, 2017
Apr 4, 2017
Has anyone got experience in deployment of a SIEM solution?
This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.
2 out of 9 answers
it_user102447 - PeerSpot reviewer
May 8, 2014
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.
Read full answer
it_user113184 - PeerSpot reviewer
May 15, 2014
That's the problem with the SIEM solutions that have no built-in intelligence.
Read full answer
See all 9 answers
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Manufacturing Company
6%
Computer Software Company
18%
Educational Organization
9%
Financial Services Firm
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
See all answers
What do you like most about AT&T AlienVault USM?
The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.
See all answers
What is your experience regarding pricing and costs for AT&T AlienVault USM?
The price is really variable depending on what tier the customer is subscribing to. I think USM Anywhere recently started a 125, a 250, and then 500 and 1000 tier. So it depends on the organization...
See all answers
What needs improvement with AT&T AlienVault USM?
The only issue that you need to bypass is the issue with integration with some other log sources, some other application security applications. The issue is still present. The process of collecting...
See all answers
 

Comparisons

Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 12% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 6% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 6% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
Wazuh vs USM Anywhere Logo
Wazuh vs USM Anywhere
Compared 19% of the time
AlienVault OSSIM vs USM Anywhere Logo
AlienVault OSSIM vs USM Anywhere
Compared 18% of the time
Splunk Enterprise Security vs USM Anywhere Logo
Splunk Enterprise Security vs USM Anywhere
Compared 11% of the time
Rapid7 InsightIDR vs USM Anywhere Logo
Rapid7 InsightIDR vs USM Anywhere
Compared 9% of the time
Microsoft Sentinel vs USM Anywhere Logo
Microsoft Sentinel vs USM Anywhere
Compared 8% of the time
More USM Anywhere Competitors
 

Product Reports

Buyer's Guide
IBM Security QRadar
November 2024
IBM Security QRadar reportDownload IBM Security QRadar product report
Buyer's Guide
USM Anywhere
October 2024
USM Anywhere reportDownload USM Anywhere product report
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Learn More

IBM
Video not available
LevelBlue
 

Overview

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

  • Network asset discovery
  • Software & services discovery
  • AWS asset discovery
  • Azure asset discovery
  • Google Cloud Platform asset discovery

Analyze

  • SIEM event correlation, auto-prioritized alarms
  • User activity monitoring
  • Up to 90-days of online, searchable events

Detect

  • Cloud intrusion detection (AWS, Azure, GCP)
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • Endpoint Detection and Response (EDR)

Respond

  • Forensics querying
  • Automate & orchestrate response
  • Notifications and ticketing

Assess

  • Vulnerability scanning
  • Cloud infrastructure assessment
  • User & asset configuration
  • Dark web monitoring

Report

  • Pre-built compliance reporting templates
  • Pre-built event reporting templates
  • Customizable views and dashboards
  • Log storage
 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Buyer's Guide
IBM Security QRadar vs. USM Anywhere
November 2024
Free Report: IBM Security QRadar vs. USM Anywhere
Find out what your peers are saying about IBM Security QRadar vs. USM Anywhere and other solutions. Updated: November 2024.
DOWNLOAD NOW
816,636 professionals have used our research since 2012.
See our IBM Security QRadar vs. USM Anywhere report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.