Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
NetWitness Platform
Ranking in Log Management
25th
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of IBM Security QRadar is 4.7%, down from 5.7% compared to the previous year. The mindshare of NetWitness Platform is 0.4%, down from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Aug 1, 2024
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
MdZaman - PeerSpot reviewer
Oct 22, 2021
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"The solution is easy to use, manage, and review all incidents."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"The interface is good."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable feature is the security that it provides."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The most valuable features are the integration and ease of use."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The solution is really scalable for the high-end power, enterprise customer."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
 

Cons

"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"For future updates, I'd like to see more advanced threat intelligence features integrated with AI. This would help with analyzing traffic patterns and improving protection. QRadar currently doesn't integrate with AI for threat analysis. However, AI could enhance its capabilities by learning traffic patterns and automatically blocking or quarantining suspicious traffic. This would be especially useful when administrators are not actively monitoring. AI could help by analyzing incoming and outgoing traffic and adjusting policies accordingly."
"I would like to see a more user-friendly product."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"The technical support can be improved a little bit, and the price could be cheaper."
"The threat detection needs improvement, they have many false positives."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"IBM Security QRadar’s GUI could be improved."
"The initial setup is complex. There are other solutions that are easier to implement."
"It is not so easy to customize this product."
"Security needs improvement."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The initial setup is very complex and should be simplified."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
 

Pricing and Cost Advice

"There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk."
"Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years."
"Pricing is good."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"The maintenance costs are high."
"It's very expensive but it fits our budget."
"found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
"When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products."
"Our license is for one year."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"It is cheap."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"We are on an annual license for the use of the solution."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"This is a pricey solution; it's not cheap."
"The product price was reasonable for my region and the market."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Financial Services Firm
17%
Computer Software Company
17%
Government
7%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
RSA Security Analytics
 

Learn More

Video not available
 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Los Angeles World Airports, Reply
Find out what your peers are saying about IBM Security QRadar vs. NetWitness Platform and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.