Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
28th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Log Management
6th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
204
Ranking in other categories
Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
 

Mindshare comparison

As of December 2024, in the Log Management category, the mindshare of ArcSight Logger is 0.9%, down from 1.4% compared to the previous year. The mindshare of IBM Security QRadar is 4.5%, down from 5.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"The technical support team is good...It is a scalable solution."
"It's a robust, mature product and you can do some really complex operations and analytics."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"IBM QRadar Advisor with Watson is a stable solution."
"There are other third-party plugins that we can use."
"It has improved my efficiency."
"The most valuable feature is user behavior analytics (UBA)."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"It is a scalable solution."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"Overall a great solution."
 

Cons

"The console in older versions is not user-friendly."
"We have had problems with archiving."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"ArcSight has been sold two or three times, and the quality has decreased."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"The solution could be improved in maintenance settings."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"The integration with other systems could be improved."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"I would like to see the update process simplified."
"The implementation and configuration are not easy."
"There could be better integration with the solution."
"Needs better visualization options beyond the time series charts and a few other options that they have."
 

Pricing and Cost Advice

"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"The pricing is quite harsh."
"ArcSight is an expensive solution."
"I would rate the product a seven out of ten since it's an enterprise product."
"We have a lifetime license, so we don't pay a monthly fee."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"think the pricing is quite flexible."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate IBM Security QRadar's pricing a five out of ten."
"The solution comes with a high price tag, while some of the competitors provide identical functionality in their offerings at no extra cost."
"It would be great if this product were cheaper."
"There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk."
"The price of this solution is reasonable."
"The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately."
"It is very expensive."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
15%
Government
10%
Manufacturing Company
6%
Educational Organization
23%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
 

Learn More

 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about ArcSight Logger vs. IBM Security QRadar and other solutions. Updated: December 2024.
824,168 professionals have used our research since 2012.