Try our new research platform with insights from 80,000+ expert users

Gurucul UEBA vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Gurucul UEBA
Ranking in User Entity Behavior Analytics (UEBA)
6th
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
4
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in User Entity Behavior Analytics (UEBA)
1st
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
 

Mindshare comparison

As of April 2025, in the User Entity Behavior Analytics (UEBA) category, the mindshare of Gurucul UEBA is 4.0%, up from 2.6% compared to the previous year. The mindshare of IBM Security QRadar is 11.9%, down from 17.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Entity Behavior Analytics (UEBA)
 

Featured Reviews

Ravi Shekharan - PeerSpot reviewer
Helped reduce our operational costs and increase our efficiency, but it can be more user-friendly
Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design. Gurucul UEBA needs to be more user-friendly. I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS."
"The most valuable feature of Gurucul is the ability to customize and it is on the Hadoop platform that has a lot of flexibility."
"If you are genuinely looking for a UEBA solution, you should choose Gurucul confidently if your need is strictly UEBA."
"The reporting feature was the key differentiator. I also liked the ability to create dynamic rules in the environment."
"Regarding the tool's ability to maintain high-security standards, I rate it ten out of ten."
"The dashboard is easy to use and easy to understand what's going on and what the alerts mean."
"I have found its network traffic log, network bit log, and QBI most valuable."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"Technical support is good overall."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
 

Cons

"It could be more stable."
"Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves."
"Technical support is good but can improve. I would rate it six to seven out of ten. The main issue is response time, which can take three to four hours even for simple queries."
"Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system."
"I would like the rule creation interface to be much more user-friendly in the next release."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"Some of the cloud apps need improvement."
"For future updates, I'd like to see more advanced threat intelligence features integrated with AI. This would help with analyzing traffic patterns and improving protection. QRadar currently doesn't integrate with AI for threat analysis. However, AI could enhance its capabilities by learning traffic patterns and automatically blocking or quarantining suspicious traffic. This would be especially useful when administrators are not actively monitoring. AI could help by analyzing incoming and outgoing traffic and adjusting policies accordingly."
"The implementation and configuration are not easy."
"While the interface is easy to use, it could be a little more responsive."
"The solution is expensive compared to other products."
"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
 

Pricing and Cost Advice

"The price of Gurucul is competitive."
"The price is fair. In fact, I believe it was on the cheaper side when compared to the competition."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"The tool's price is high."
"The price of this solution is a little high."
"There is an annual license required for this solution."
"There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
"Our licensing costs for this solution is on a yearly basis."
"It is a perpetual license that we have for the event collector. The licensing is done based on the number of events and flows that you receive on this particular device. These are perpetual licenses, which means once you purchase them, they don't expire, which means that the support to IBM is definitely renewed after every one year. We have an enterprise agreement with IBM, which puts the cost in a totally different category as compared to someone who is not an IBM partner and is approaching IBM for this solution. We were able to get massive discounts. To give you an idea, we recently purchased 30,000 event licenses, and it costs around $480,000. It is definitely not a cheap product. We have licenses for about 270,000 events per second and 3 million flows per second. All the appliances and their events and flows are basically clubbed together and charged or rather calculated through a single source. The console receives all the details from all the event processes that we have globally. So, the license that we have is a single license for 270,000 events per second and 3 million flows per second, but that can be managed centrally. I was only part of the secondary purchase, which was 30,000 events per second for about $480,000. You can calculate how much we paid for 270,000 events. Reducing its price would be a compromise. We have already used a lower-priced product in the form of NNT, but we had to get rid of it because it was not doing the job that we actually wanted to do. You get what you pay for."
report
Use our free recommendation engine to learn which User Entity Behavior Analytics (UEBA) solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
9%
Healthcare Company
7%
Government
5%
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Gurucul?
I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS.
What needs improvement with Gurucul?
For improvement, I have requested three enhancement tickets, which are already lodged with the Gurucul support team. The first request is to add a visualization option in reports for charts or grap...
What is your primary use case for Gurucul?
Regarding the use cases, I have created many use cases in Gurucul UEBA. It's easy to create use cases based on behaviors.
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
 

Also Known As

No data available
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Global semi-conductor company
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Gurucul UEBA vs. IBM Security QRadar and other solutions. Updated: March 2025.
845,406 professionals have used our research since 2012.