Try our new research platform with insights from 80,000+ expert users

FileAudit vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

FileAudit
Ranking in Log Management
41st
Ranking in Security Information and Event Management (SIEM)
41st
Average Rating
9.0
Number of Reviews
3
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of FileAudit is 0.1%, up from 0.1% compared to the previous year. The mindshare of IBM Security QRadar is 9.5%, up from 9.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

AntoSebastin - PeerSpot reviewer
Aug 22, 2023
A scalable SIEM solution for monitoring a user's activity in the file server
My company uses FileAudit as an SIEM solution, and it is used for monitoring the file server activity to find out what users did in the file server, which may include modifying the file, deleting it, or just copying the file from the confidential file server. FileAudit is to find out the details of…
Muzzamil Hussain - PeerSpot reviewer
Aug 1, 2024
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Our customer acquires the complete report which is kept for future auditing purposes."
"Alerting upon file changes is the most valuable aspect of the product."
"It is a good and stable solution...It is a scalable solution."
"One of the most valuable features of this solution is it has very good data correlation."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"It is a scalable solution."
"The most valuable feature currently is security behaviors and the pdf files."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
 

Cons

"Whenever someone cuts and paste, it shows as "file is deleted"."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"The updates management and central management console could be improved."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"Technical support is good, but not great."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"The solution is not as flexible as Splunk."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"The user interface is a bit clunky, a bit hard to find what you need."
 

Pricing and Cost Advice

"FileAudit provides a trial license for 30 days, and after that, customers can choose between perpetual licensing or the annual-based licensing option offered by FileAudit."
"The solution has a licensing model that is based on events per second so it scales to need and budget."
"Pricing (based on EPS) will be more accurate."
"Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
"QRadar's price is reasonable compared to LogRhythm."
"On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product."
"The maintenance costs are high."
"I think my company pays for the license yearly."
"Licensing can be costly depending on your architecture."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
No data available
Educational Organization
22%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about FileAudit?
It is a good and stable solution...It is a scalable solution.
What needs improvement with FileAudit?
The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks. It would be great if the aforementioned details wer...
What is your primary use case for FileAudit?
My company uses FileAudit as an SIEM solution, and it is used for monitoring the file server activity to find out what users did in the file server, which may include modifying the file, deleting i...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
 

Also Known As

No data available
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
 

Learn More

 

Overview

 

Sample Customers

CommuniCare Health Centre, DP World, BAE Systems, Moet Hennessy, Ernst & Young, Honda, Volswagon, VTech, GlakoSmithKline, Lockheed Martin, US Navy, University of Alabama, Ministry of Interior Saudi Arabia, Total
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about FileAudit vs. IBM Security QRadar and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.