Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
NetWitness Platform
Ranking in Log Management
25th
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
7.4
Reviews Sentiment
7.5
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of IBM Security QRadar is 4.7%, down from 5.7% compared to the previous year. The mindshare of NetWitness Platform is 0.4%, down from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"The event collector, flow collector, PCAP and SOAR are valuable."
"This solution provides me with various alarms, and I have found security issues with some of my other products."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"The scalability is very good. It's not a problem."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable features are the threat prediction and network forensics."
"Performance and reporting are very good."
"Incident management is its most valuable feature."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
 

Cons

"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
"They should provide more manual examples online so that I can learn it myself."
"The tech support is not that good."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"In a future release, the solution could provide malware analysis."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"IBM technical support is always terrible."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"Health monitoring of the event sources and devices."
"The solution should have more integration capabilities with different platforms."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The initial setup is complex. There are other solutions that are easier to implement."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
 

Pricing and Cost Advice

"There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well."
"We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
"The tool's price is high."
"found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
"The price of this solution is a little high."
"The cost of this product is expensive."
"The solution is priced fairly, there is a license for the solution, and we pay annually."
"It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
"The product is expensive."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"It’s cheaper to run virtual machines in a VMware environment."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"We are on an annual license for the use of the solution."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
816,406 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Financial Services Firm
18%
Computer Software Company
17%
Government
8%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
RSA Security Analytics
 

Learn More

Video not available
 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Los Angeles World Airports, Reply
Find out what your peers are saying about IBM Security QRadar vs. NetWitness Platform and other solutions. Updated: October 2024.
816,406 professionals have used our research since 2012.