Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs USM Anywhere comparison

IBM and LevelBlue are both solutions in the Security Information and Event Management (SIEM) category. IBM is ranked #4 with an average rating of 7.7, while LevelBlue is ranked #29 with an average rating of 7.3. IBM holds a 10.2% mindshare in SIEM, compared to LevelBlue’s 1.2% mindshare. Additionally, 91% of IBM users are willing to recommend the solution, compared to 92% of LevelBlue users who would recommend it.
IBM Security QRadar
Read 204 IBM Security QRadar reviews
  • 15,907 Views
  • 10,366 Comparison Views
91% willing to recommend
USM Anywhere
Read 115 USM Anywhere reviews
  • 3,229 Views
  • 2,226 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

IBM Security QRadar and USM Anywhere are strong contenders in the security information and event management industry. Users favor USM Anywhere for its feature set, while IBM Security QRadar is praised for its support and pricing.

Features: Users appreciate the robust detection and response capabilities of IBM Security QRadar, along with its comprehensive monitoring tools and valuable threat hunting features. USM Anywhere stands out for its all-in-one functionality, integrating asset discovery, vulnerability assessment, and intrusion detection. Its cloud-native architecture and seamless integration with other tools make it a preferred choice for flexibility and scale.

Room for Improvement: IBM Security QRadar users often cite better scalability, more intuitive configurations, and enhanced user experience as areas for improvement. USM Anywhere users desire enhancements in reporting functions, more comprehensive threat intelligence feeds, and improvements in analytical capabilities.

Ease of Deployment and Customer Service: IBM Security QRadar typically receives praise for its on-premises deployment model and responsive customer service, despite the complex initial setup. USM Anywhere, with its cloud-based deployment, is appreciated for quick implementation. Customer support for USM Anywhere is positively reviewed, though some users experience occasional delays.

Pricing and ROI: IBM Security QRadar is viewed as cost-effective with potential for good ROI. USM Anywhere, despite being more expensive, is considered worth the price for its comprehensive features and ease of use. Both products are seen as good investments based on user reviews.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Security QRadar vs. USM Anywhere Report (Updated: November 2024).
Buyer's Guide
IBM Security QRadar vs. USM Anywhere
November 2024
Download the complete report
Helped 824,053 peers since 2012
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Ranking in Endpoint Detection and Response (EDR)
18th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
USM Anywhere
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
29th
Ranking in Endpoint Detection and Response (EDR)
52nd
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
115
Ranking in other categories
Compliance Management (12th)
 

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of IBM Security QRadar is 10.2%, up from 10.1% compared to the previous year. The mindshare of USM Anywhere is 1.2%, down from 2.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Q&A Highlights

it_user108681 - PeerSpot reviewer
Apr 04, 2017
Has anyone got experience in deployment of a SIEM solution?
This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.
See all answers
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
Read full review
Omer Jamil - PeerSpot reviewer
An easy-to-deploy tool that needs to improve its vulnerability scanning feature
To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The UBA feature is the most valuable because you can see everything about users' activities."
"I like that it's easy to use and the performance is good."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
More IBM Security QRadar pros
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"It has powerful threat detection, incident response, and compliance management."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Ease of deployment across various environments."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"Reports are customized, so you can present them to executives or engineers.​"
More USM Anywhere pros
 

Cons

"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"The user interface is a bit clunky, a bit hard to find what you need."
"The Indian tech support is not helpful."
"They should provide more manual examples online so that I can learn it myself."
More IBM Security QRadar cons
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"I'd like to see a dashboard that's a little more descriptive."
"It should be able to communicate with other security solutions to stop threats."
"We develop additional rules and scripts to make it more usable."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
"The GUI needs to improve because it's not user-friendly."
More USM Anywhere cons
 

Pricing and Cost Advice

"There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
"QRadar is quite expensive. It wouldn't be worth it for a small business..."
"The price could be better. I bought a subscription for three years."
"think the pricing is quite flexible."
"IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
"I would like for them to lower the price."
"In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
"Pricing and licensing are competitive. Their new licensing options allow logs to bypass the correlation engine for a flat rate, which is also appealing for log data that is compliance-driven for a small amount of money."
More IBM Security QRadar pricing and cost advice
"Pricing is very competitive with other products and you get much more functionality from AlienVault."
"AlienVault is flexible on their pricing for unlimited licenses."
"Its price is in the medium to upper range."
"The price for this solution is very good, but since the features do not work the price is expensive."
"The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up."
"It is a product that is priced in a medium range, making it neither a cheap nor a costly product."
"We checked out several competitors. For what it can do and the cost, it was the best option!"
"I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get."
More USM Anywhere pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
824,053 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Answers from the Community

it_user108681 - PeerSpot reviewer
Apr 4, 2017
Apr 4, 2017
Has anyone got experience in deployment of a SIEM solution?
This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.
2 out of 9 answers
it_user102447 - PeerSpot reviewer
May 8, 2014
We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.
Read full answer
it_user113184 - PeerSpot reviewer
May 15, 2014
That's the problem with the SIEM solutions that have no built-in intelligence.
Read full answer
See all 9 answers
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
6%
Computer Software Company
18%
Educational Organization
8%
Financial Services Firm
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
See all answers
What do you like most about AT&T AlienVault USM?
The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.
See all answers
What is your experience regarding pricing and costs for AT&T AlienVault USM?
The pricing is amazing and really cheap.
See all answers
What needs improvement with AT&T AlienVault USM?
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.
See all answers
 

Comparisons

Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 12% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 6% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 6% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
AlienVault OSSIM vs USM Anywhere Logo
AlienVault OSSIM vs USM Anywhere
Compared 18% of the time
Wazuh vs USM Anywhere Logo
Wazuh vs USM Anywhere
Compared 17% of the time
Splunk Enterprise Security vs USM Anywhere Logo
Splunk Enterprise Security vs USM Anywhere
Compared 10% of the time
Rapid7 InsightIDR vs USM Anywhere Logo
Rapid7 InsightIDR vs USM Anywhere
Compared 9% of the time
CrowdStrike Falcon vs USM Anywhere Logo
CrowdStrike Falcon vs USM Anywhere
Compared 8% of the time
More USM Anywhere Competitors
 

Product Reports

Buyer's Guide
IBM Security QRadar
December 2024
IBM Security QRadar reportDownload IBM Security QRadar product report
Buyer's Guide
USM Anywhere
November 2024
USM Anywhere reportDownload USM Anywhere product report
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Learn More

IBM
Video not available
LevelBlue
 

Overview

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

  • Network asset discovery
  • Software & services discovery
  • AWS asset discovery
  • Azure asset discovery
  • Google Cloud Platform asset discovery

Analyze

  • SIEM event correlation, auto-prioritized alarms
  • User activity monitoring
  • Up to 90-days of online, searchable events

Detect

  • Cloud intrusion detection (AWS, Azure, GCP)
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • Endpoint Detection and Response (EDR)

Respond

  • Forensics querying
  • Automate & orchestrate response
  • Notifications and ticketing

Assess

  • Vulnerability scanning
  • Cloud infrastructure assessment
  • User & asset configuration
  • Dark web monitoring

Report

  • Pre-built compliance reporting templates
  • Pre-built event reporting templates
  • Customizable views and dashboards
  • Log storage
 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Buyer's Guide
IBM Security QRadar vs. USM Anywhere
November 2024
Free Report: IBM Security QRadar vs. USM Anywhere
Find out what your peers are saying about IBM Security QRadar vs. USM Anywhere and other solutions. Updated: November 2024.
DOWNLOAD NOW
824,053 professionals have used our research since 2012.
See our IBM Security QRadar vs. USM Anywhere report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.