Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Microsoft Purview Insider Risk Management comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

IBM Security QRadar
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
204
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
Microsoft Purview Insider R...
Average Rating
7.0
Number of Reviews
2
Ranking in other categories
Microsoft Security Suite (33rd), Insider Risk Management (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. IBM Security QRadar is designed for Security Information and Event Management (SIEM) and holds a mindshare of 10.2%, up 10.1% compared to last year.
Microsoft Purview Insider Risk Management, on the other hand, focuses on Insider Risk Management, holds 7.4% mindshare, down 21.7% since last year.
Security Information and Event Management (SIEM)
Insider Risk Management
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
DC
The solution's graphing is highly specific and useful
Implementing policies in the solution isn't easy, and it takes time. For example, you need to use some secrets in Windows or Mac to execute your policies, and you can assign these policies with Microsoft Intune. However, when you execute a policy, you still need to wait up to two days to see alerts. Some of our customers aren't happy because they didn't expect it to take so long. They're satisfied once it starts working because they see the alerts and graphs. The user interface also isn't user-friendly. When we introduce Insider Risk Management to our clients, they often find it difficult to understand. There is too much information, and the UI is not scalable. Also, entry-level IT technicians are not always interested in learning something new. It should be clearer and easier to understand. Microsoft is still working on machine learning and AI components. They're constantly updating the product. However, from my experience, most of my customers are not ready or able to use the AI solution. They are creating some project plans and specific policies. They don't want to see dozens of alerts when they use Microsoft's recommendations or the AI-based solution.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"It has very rich functionality."
"Most valuable features include the granularity of information."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"The solution is reliable."
"Most of the features are good. It is an excellent solution."
"Insider Risk Management's graphing is highly specific and useful. You can see the last six months of data for the Microsoft tenant. You can easily find what you need. For example, you can filter for alerts about devices, emails, etc."
"The best thing about Purview is that it's easy to integrate with our day-to-day environment. We have Active Directory, and Word and Excel. Using a third-party vendor and trying to integrate with our existing environment would be much more challenging."
 

Cons

"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The solution is expensive compared to other products."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"Its architecture is very complicated."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier."
"The user interface also isn't user-friendly. When we introduce Insider Risk Management to our clients, they often find it difficult to understand. There is too much information, and the UI is not scalable. Also, entry-level IT technicians are not always interested in learning something new. It should be clearer and easier to understand."
 

Pricing and Cost Advice

"The pricing is good."
"We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
"When compared with other SIM solutions, QRadar is considerably less expensive."
"IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs."
"There is a license required for this solution. There are some limitations depending on what license you purchase."
"On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product."
"The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it."
"The price of this solution is a little high."
Information not available
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
823,875 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
6%
Computer Software Company
19%
Financial Services Firm
14%
Manufacturing Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What needs improvement with Microsoft Purview Insider Risk Management?
Implementing policies in the solution isn't easy, and it takes time. For example, you need to use some secrets in Windows or Mac to execute your policies, and you can assign these policies with Mic...
What is your primary use case for Microsoft Purview Insider Risk Management?
Insider Risk Management is useful for cybersecurity. It can be used to protect against attacks or for attack simulations. Insider Risk Management is another approach to security because it's about ...
What advice do you have for others considering Microsoft Purview Insider Risk Management?
I rate Microsoft Purview Insider Risk Management six out of 10. I've had trouble using the product, and the UI isn't user-friendly. I don't mind the difficulties, but Microsoft's technical team doe...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
Microsoft Insider Risk Management
 

Learn More

 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: November 2024.
823,875 professionals have used our research since 2012.