We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"It is the core of our entire SOX."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"Improved our organization's TCO."
"The product can scale."
"The solution is definitely scalable."
"The most valuable features are the indexing and powerful search features."
"The solution appears to be stable, although we haven't used it heavily."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."
"The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."
"The product is at the forefront of auto-remediation networking. It's great."
"The most valuable feature is the ability to search through a large amount of data."
"The interface is very old. IBM should remake it into a more modern interface."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"I would like improved downward integration with other tools such as McAfee and other GCP solutions."
"The price of Splunk UBA is too high."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
"There are occasional bugs."
"The correlation engine should have persistent and definable rules."
"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."
"It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries."
More Splunk User Behavior Analytics Pricing and Cost Advice →
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 18 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Datadog, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Cynet, Exabeam Fusion SIEM and Varonis Datalert. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
