Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
31st
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Log Management
6th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of ArcSight Logger is 0.8%, down from 1.2% compared to the previous year. The mindshare of IBM Security QRadar is 3.8%, down from 5.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"ArcSight's robustness is its most valuable feature."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
"ArcSight provides the basic information that we want."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"It's an efficient solution."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"It is very stable. We have not faced interruptions in the past four and a half years."
"What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
"The timeline and machine learning features are great."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"We've found the technical support to be very good."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"The UBA feature is the most valuable because you can see everything about users' activities."
 

Cons

"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"The integration with other systems could be improved."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"We find that the search and access functionality is quite slow."
"The solution should make it possible to integrate network analysis features."
"The platform is quite expensive. They should reduce its cost."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"The next release should have AI capabilities."
"Integration could be better. They should make it easy to integrate with other solutions."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"The reporting system could use some upgrading."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
 

Pricing and Cost Advice

"ArcSight is an expensive solution."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"We have a lifetime license, so we don't pay a monthly fee."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"The pricing is quite harsh."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"I would rate the product a seven out of ten since it's an enterprise product."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"The price of this solution is a little bit expensive, so if it were cheaper then it would help."
"QRadar is quite expensive. It wouldn't be worth it for a small business..."
"IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs."
"I think my company pays for the license yearly."
"think the pricing is quite flexible."
"Pricing (based on EPS) will be more accurate."
"The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately."
"The solution comes with a high price tag, while some of the competitors provide identical functionality in their offerings at no extra cost."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
16%
Government
8%
Manufacturing Company
6%
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about ArcSight Logger vs. IBM Security QRadar and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.