Try our new research platform with insights from 80,000+ expert users

Anomali vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
56th
Ranking in User Entity Behavior Analytics (UEBA)
25th
Ranking in Extended Detection and Response (XDR)
41st
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
3
Ranking in other categories
Advanced Threat Protection (ATP) (31st), Threat Intelligence Platforms (9th)
IBM Security QRadar
Ranking in Security Information and Event Management (SIEM)
4th
Ranking in User Entity Behavior Analytics (UEBA)
1st
Ranking in Extended Detection and Response (XDR)
11th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
208
Ranking in other categories
Log Management (6th), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 0.2%, down from 0.2% compared to the previous year. The mindshare of IBM Security QRadar is 8.7%, down from 9.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

PP
Easy and quick credential monitoring; tech support could be improved
Currently, we are not using any other solution for this use case, but previously we used MISP, which is an open-source project that requires a lot of effort to make work. That way, it required a lot of attention from our system administrator, and we had to sanitize the data very frequently because the peers we had. Sometimes they flooded our systems with chunk data and that needs to be handled and we decided to go with a paid solution instead.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"The most valuable aspect of Anomali is the threat modeling capability."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"We run 65 servers globally with just two people: an engineering person and me."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"I have found visibility very helpful for analytics."
"The pre-canned rules and reports in this product are a huge plus."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"Technical support is good overall."
 

Cons

"Less code in integration would be nice when building blocks."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"I would like to see a more user-friendly product."
"From a functionality point of view there are issues sometimes."
"IBM needs to invest more into the collaboration with other vendors."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"There needs to be better integration with other applications."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"The solution is priced fairly, there is a license for the solution, and we pay annually."
"It is cheaper than ArcSight."
"The price of this solution is a little bit expensive, so if it were cheaper then it would help."
"It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
"The pricing needs to be such that they are more competitive with other vendors."
"IBM Security QRadar is a very expensive tool."
"The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately."
"The solution is costly and the price differs depending on the vendor you use."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
849,600 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
7%
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Anomali vs. IBM Security QRadar and other solutions. Updated: April 2025.
849,600 professionals have used our research since 2012.