Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Netsurion comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

Binary Defense MDR
Sponsored
Ranking in Managed Detection and Response (MDR)
7th
Average Rating
9.2
Number of Reviews
15
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Managed Detection and Response (MDR)
10th
Average Rating
8.0
Number of Reviews
204
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Extended Detection and Response (XDR) (14th)
Netsurion
Ranking in Managed Detection and Response (MDR)
13th
Average Rating
8.4
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (5th), Security Information and Event Management (SIEM) (16th), SOC as a Service (3rd), Extended Detection and Response (XDR) (18th)
 

Featured Reviews

Rich Ullom - PeerSpot reviewer
May 1, 2023
Worth the money, fantastic communication, and fast service with an average response time of about four minutes on an alert
This is my third SOC. I have never had anybody react as well. So, it's hard for me to provide something that they could do better because I'm really happy with them. I just signed another three-year contract with them. I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine. Consistent staffing is the only challenge they have because when you're hiring level-one analysts, you go through them pretty quickly. You'll probably hire them at 50K or 55K, and after they do it for a year, they find out they can make 85K somewhere else, and they bounce. So, their turnover is a little high, but that's it.
Muzzamil Hussain - PeerSpot reviewer
Aug 1, 2024
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
John-Berry - PeerSpot reviewer
Sep 11, 2023
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed."
"With Binary Defense, we don't just get an alert, but also a detailed rundown of why they're alerting us on it. They tell us what was executed, or the username, script, or IP. That way, we're not wasting time investigating."
"The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"The speed at which their services are reactive is valuable. Nowadays, when a threat hits an endpoint, you've got minutes, not hours or days. Their average response time is about four minutes on an alert. For anything that needs to be sent to us, it's about fourteen minutes, which is pretty good. They're the third SOC that I've used in fifteen years. By far, they are the quickest ones to act. When you're looking at prevention, that's a key factor."
"Binary Defense has a human service department that provides live monitoring for our systems."
"The most valuable feature is reviewing tickets and the notes added by technicians."
"Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done."
"The most valuable part of Binary Defense is its team of cybersecurity analysts. Their analysts filter out the noise and only forward the critical threats that require a response instead of false positives."
"The solution can scale."
"It is a scalable solution."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"This solution has excellent security analytics."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"Expediting incident response is really great."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"What I like most about Netsurion is the level of visibility and reporting."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
 

Cons

"It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR."
"I would like to see more frequent check-ins with our security status."
"It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test."
"The current reporting system could benefit from improvement."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine."
"We found a couple of bugs in the user interface."
"While the interface is easy to use, it could be a little more responsive."
"The solution is clunky."
"Technical support could be improved by a bit."
"We have had problems with networking."
"The product can be a bit complex."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"IBM Security QRadar’s GUI could be improved."
"The solution does not support the integration of flat file databases."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
 

Pricing and Cost Advice

"The pricing is very good. They are definitely competitive and they were lower at the time that we went with them."
"The pricing isn't that bad, it's very competitive. I don't feel that it's over-priced and I don't feel that it's under-priced."
"After we acquired this platform, we met with a number of different vendors. Binary Defense came in with a proposal that was surprisingly affordable. In fact, we were able to recoup the cost of their services within a short period of time. This is because Binary Defense is able to provide the same level of security as a team of two or three in-house analysts but at a fraction of the cost. As a result, Binary Defense is saving us an estimated $250,000 to $300,000 per year."
"From the initial cost that Binary Defense came in with, we pared it down quite a bit over the course of 30 or 60 days. My leadership would say that their cost was high, but realistically, they were in line with the market."
"It's valued at the right price. Even with the number of endpoints we have, we don't feel that it's a lot more than any competitor. In fact, it might be less expensive when you look at the fact that you're getting a full flex SOC out of it along with the tools."
"Binary Defense has changed its pricing model from being primarily based on the volume of data to one based on escalations and incidents they handle."
"Binary Defense MDR is priced competitively and may be slightly lower than CrowdStrike."
"The solution's price is spot on; if anything, it's slightly below the norm for most services. Compared to building the same team internally, it would cost more to create the same amount of capability than what we get from an external team. Price-wise, Binary Defense is in a great spot."
"The tool's price is high."
"The pricing is higher but cheaper than others and there are no additional costs."
"Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
"The price of this solution is a little high."
"The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it."
"It is very expensive."
"The pricing is always fine."
"The maintenance costs are high."
"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
"You are paying for different levels, especially as far as the monitoring goes and how often you review it with the team. The other factor that figures in is how many nodes are on your network, such as clients, network equipment, servers, etc. There are some additional pieces on top of that, but it's laid out pretty simply, as far as how much you're going to pay for a node."
"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
"Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good."
"Our pricing for Netsurion last year was US $52,000 per year."
"Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."
"The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value."
"EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Healthcare Company
8%
Financial Services Firm
7%
Manufacturing Company
7%
Educational Organization
22%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Computer Software Company
28%
Government
9%
Manufacturing Company
8%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Binary Defense MDR?
The most valuable feature is reviewing tickets and the notes added by technicians.
What is your experience regarding pricing and costs for Binary Defense MDR?
The pricing is very competitive; it's on par with or below others. For those sensitive to pricing, I'd advise that th...
What needs improvement with Binary Defense MDR?
Sometimes, something may not install right; however, whenever we have challenges, they are very solution-oriented and...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What is your experience regarding pricing and costs for Netsurion Managed Threat Protection?
Their pricing is high. I don't know if it's a barrier. The quality speaks to the price. The price is the price. They ...
What needs improvement with Netsurion Managed Threat Protection?
There is one area that needs improvement and that is with the agents and the server that's on-site. The system requir...
 

Also Known As

Binary Defense Vision, Binary Defense Managed Detection and Response, Binary Defense Managed Detection & Response
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Learn More

Video not available
 

Overview

 

Sample Customers

Securitas USA, Black Hills Energy, Lincoln Electric,The J.M. Smuckers Company, New York Community Bank, State of Connecticut, NCR
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Find out what your peers are saying about IBM Security QRadar vs. Netsurion and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.