Try our new research platform with insights from 80,000+ expert users

Anomali vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
56th
Ranking in User Entity Behavior Analytics (UEBA)
25th
Ranking in Extended Detection and Response (XDR)
41st
Average Rating
7.0
Reviews Sentiment
7.2
Number of Reviews
2
Ranking in other categories
Advanced Threat Protection (ATP) (31st), Threat Intelligence Platforms (9th)
IBM Security QRadar
Ranking in Security Information and Event Management (SIEM)
4th
Ranking in User Entity Behavior Analytics (UEBA)
1st
Ranking in Extended Detection and Response (XDR)
11th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
Log Management (6th), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 0.2%, down from 0.2% compared to the previous year. The mindshare of IBM Security QRadar is 8.7%, down from 9.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

PP
Easy and quick credential monitoring; tech support could be improved
Currently, we are not using any other solution for this use case, but previously we used MISP, which is an open-source project that requires a lot of effort to make work. That way, it required a lot of attention from our system administrator, and we had to sanitize the data very frequently because the peers we had. Sometimes they flooded our systems with chunk data and that needs to be handled and we decided to go with a paid solution instead.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The timeline and machine learning features are great."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"It is the core of our entire SOX."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
 

Cons

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Less code in integration would be nice when building blocks."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"In a future release, the solution could provide malware analysis."
"I would like to see a more user-friendly product."
"This solution is on-premise and many customers are moving to the cloud base solution."
"The advanced planning management (APM) features should be included."
"They should introduce some automation into the product."
"Communication between the silos sometimes becomes an issue, making it an area where improvements are required."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
"The solution is costly and the price differs depending on the vendor you use."
"You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or 10 years, Azure Sentinel can be more expensive than QRadar."
"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
"We use QRadar as a managed service and we pay licensing fees to the partner."
"The solution has a licensing model that is based on events per second so it scales to need and budget."
"When compared with other SIM solutions, QRadar is considerably less expensive."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
14%
Government
11%
Manufacturing Company
8%
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Anomali ThreatStream?
The feature I have found most valuable is credential monitoring. This feature is easy and quick.
What needs improvement with Anomali ThreatStream?
I think that this solution should improve its integrations. This part of the solution could be bigger and moved into the no-code direction. Less code in integration would be nice when building blocks.
What is your primary use case for Anomali ThreatStream?
Our primary use case for this solution is as a threat intelligence platform. We stream various threat feeds into this platform. We also make correlations between the feeds to duplicate the data, ag...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Anomali vs. IBM Security QRadar and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.