We performed a comparison between IBM Security QRadar and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Free ingestion for Azure logs (with E5 licence)"
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"I have found IBM QRadar to be scalable."
"The best part of this solution is having a third-party SOC."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature is the security that it provides."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable features are the integration and ease of use."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"There is room for improvement in entity behavior and the integration site."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The troubleshooting has room for improvement."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"I think the number one area of improvement for Sentinel would be the cost."
"We'd like to see more connectors."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"It's resource-intensive."
"Technical support could be improved by a bit."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"Some of the cloud apps need improvement."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Health monitoring of the event sources and devices."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"It is not so easy to customize this product."
"More customizability is required, which is something that they need to improve on."
"The tool's integration capability isn't so great."
"The initial setup is complex. There are other solutions that are easier to implement."
"Technical support could be improved."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. IBM Security QRadar is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM. See our IBM Security QRadar vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.