Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs IBM Security QRadar comparison

OpenText and IBM are both solutions in the Security Information and Event Management (SIEM) category. OpenText is ranked #18 with an average rating of 7.1, while IBM is ranked #4 with an average rating of 7.8. OpenText holds a 1.3% mindshare in SIEM, compared to IBM’s 10.3% mindshare. Additionally, 88% of OpenText users are willing to recommend the solution, compared to 90% of IBM users who would recommend it.
ArcSight Enterprise Securit...
Read 96 ArcSight Enterprise Security Manager (ESM) reviews
  • 3,088 Views
  • 1,576 Comparison Views
88% willing to recommend
IBM Security QRadar
Read 207 IBM Security QRadar reviews
  • 15,224 Views
  • 9,991 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 5, 2025

IBM Security QRadar and ArcSight ESM are distinguished competitors in the security management tools category. IBM Security QRadar seems to have the upper hand due to its simplified usability and broad integration capabilities, though ArcSight ESM is noted for its powerful correlation and customization potential but requires more expertise.

Features: IBM Security QRadar is recognized for its scalability, ease in extracting information from raw logs/events, and the ability to support a broad range of deployments, whether on-premises or cloud-based. It has numerous built-in rules, seamless integration capabilities, and a user interface that is easy to understand without needing highly technical skills. ArcSight ESM is praised for its powerful correlation abilities, flexible customization options, and integration with a wide variety of third-party tools. It can also handle high amounts of event data for comprehensive threat detection and analysis.

Room for Improvement: IBM Security QRadar could advance by enhancing its user interface and improving integration capabilities, particularly with APIs and offering more flexible deployment options. ArcSight ESM's complexity in onboarding and user interface streamlining needs attention. It has been reported to have challenges related to performance and usability, which require specialized expertise for effective use.

Ease of Deployment and Customer Service: IBM Security QRadar can be implemented across diverse environments such as on-premises, cloud, or in hybrid models, offering flexibility for different organizational needs. User feedback varies on technical support; some praise the responsiveness while others experience delays. ArcSight ESM supports various deployment models but is noted for a complex setup process that demands specialized skills. Its customer support is also critiqued for variability in response times and expertise.

Pricing and ROI: IBM Security QRadar is often perceived as costly, particularly for smaller businesses, mostly due to its EPS-based licensing and the extra expenses related to hardware and applications. However, some users justify the cost because of its efficiency and user-friendliness. ArcSight ESM also has a high price point that aligns with enterprise requirements but might be prohibitive for smaller budgets. Its comprehensive feature set often demands additional resources for deployment and management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar Report (Updated: January 2025).
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar
January 2025
Download the complete report
Helped 831,158 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
18th
Average Rating
7.8
Reviews Sentiment
7.9
Number of Reviews
96
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
Log Management (6th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (13th)
 

Mindshare comparison

As of January 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.3%, down from 1.8% compared to the previous year. The mindshare of IBM Security QRadar is 10.3%, up from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"It makes maintenance very easy."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."
"I value the event correlation of this product."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
More ArcSight Enterprise Security Manager (ESM) pros
"I like the graphical interface. It's so good and easy."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"It is a very good SIEM."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
More IBM Security QRadar pros
 

Cons

"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"The customer experience could be improved."
"When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."
"​In certain cases, this product does have false positives, which the company should work on."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The UI interface is somewhat complex and needs to be simplified."
"The solution could be more stable."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
More ArcSight Enterprise Security Manager (ESM) cons
"The solution's technical support works, but sometimes, it can take quite a long time to get a solution from technical support."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"IBM technical support is always terrible."
"The user interface is a bit difficult to get used to."
"The product can be a bit complex."
"IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others."
"I would like for Yara to be supported by all components."
"The modularity could be improved."
More IBM Security QRadar cons
 

Pricing and Cost Advice

"The product licenses are inexpensive."
"The solution is super expensive. At our organization size and license model, I think the price is average to what anyone else would charge us."
"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
"HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
"Aggregation can help a lot in pushing down licensing costs."
More ArcSight Enterprise Security Manager (ESM) pricing and cost advice
"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"I think my company pays for the license yearly."
"found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
"A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing."
"Only enterprise businesses can afford the tool."
"On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product."
"The price of this product is high."
"It's free of charge."
More IBM Security QRadar pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
831,158 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
11%
Government
9%
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
See all answers
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
See all answers
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
ArcSight is expensive.
See all answers
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
See all answers
 

Comparisons

Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM) Logo
Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)
Compared 18% of the time
Trellix ESM vs ArcSight Enterprise Security Manager (ESM) Logo
Trellix ESM vs ArcSight Enterprise Security Manager (ESM)
Compared 17% of the time
Elastic Security vs ArcSight Enterprise Security Manager (ESM) Logo
Elastic Security vs ArcSight Enterprise Security Manager (ESM)
Compared 10% of the time
Wazuh vs ArcSight Enterprise Security Manager (ESM) Logo
Wazuh vs ArcSight Enterprise Security Manager (ESM)
Compared 7% of the time
Google Chronicle Suite vs ArcSight Enterprise Security Manager (ESM) Logo
Google Chronicle Suite vs ArcSight Enterprise Security Manager (ESM)
Compared 7% of the time
More ArcSight Enterprise Security Manager (ESM) Competitors
Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 12% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 7% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 6% of the time
Cortex XSIAM vs IBM Security QRadar Logo
Cortex XSIAM vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
 

Product Reports

Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
January 2025
ArcSight Enterprise Security Manager (ESM) reportDownload ArcSight Enterprise Security Manager (ESM) product report
Buyer's Guide
IBM Security QRadar
January 2025
IBM Security QRadar reportDownload IBM Security QRadar product report
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
 

Learn More

OpenText
IBM
 

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

  • Real-time threat detection
  • Visualization and reporting capabilities
  • Patented log management
  • Personalized dashboards
  • Scalable event monitoring
  • Seamless integration with your existing SOC tools
  • Behavior profiling
  • Data and user monitoring
  • Application monitoring
  • Analytics
  • Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

  • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
  • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
  • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
  • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
  • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
  • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
  • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
  • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar
January 2025
Free Report: ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar and other solutions. Updated: January 2025.
DOWNLOAD NOW
831,158 professionals have used our research since 2012.
See our ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.