Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
NetWitness Platform
Ranking in Log Management
22nd
Ranking in Security Information and Event Management (SIEM)
22nd
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of IBM Security QRadar is 3.8%, down from 5.2% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"It is a very good SIEM."
"I think QRadar is stable and currently satisfies my needs."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"The most valuable feature currently is security behaviors and the pdf files."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
"The most valuable feature is user behavior analytics (UBA)."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable features are the integration and ease of use."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable features are the threat prediction and network forensics."
"It's quite economical compared to other solutions in the market."
"The most valuable feature is the security that it provides."
"NetWitness Platform is valuable for creating rules that the solution must detect."
 

Cons

"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details."
"The solution is expensive compared to other products."
"We sometimes experience downtime, but it depends on the version. There is some variability."
"The AI engine could be smarter."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"While the interface is easy to use, it could be a little more responsive."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The log system is a bit complex and has room for improvement."
"Health monitoring of the event sources and devices."
"Security needs improvement."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Its technical support could be better."
 

Pricing and Cost Advice

"There is a license to use this solution, which is paid annually. However, there are subscription options available."
"An X-Force feed is free with QRadar."
"It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
"There is an annual license required for this solution."
"IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs."
"There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk."
"The price of this product is high."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"The product is expensive."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"We are on an annual license for the use of the solution."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"Compared to the competition, the is price is not that high."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Financial Services Firm
18%
Computer Software Company
17%
Government
6%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
RSA Security Analytics
 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Los Angeles World Airports, Reply
Find out what your peers are saying about IBM Security QRadar vs. NetWitness Platform and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.