Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

IBM Security QRadar
Ranking in Log Management
6th
Ranking in Security Information and Event Management (SIEM)
4th
Ranking in Extended Detection and Response (XDR)
14th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
204
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th)
Wazuh
Ranking in Log Management
2nd
Ranking in Security Information and Event Management (SIEM)
2nd
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
45
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of December 2024, in the Log Management category, the mindshare of IBM Security QRadar is 4.5%, down from 5.6% compared to the previous year. The mindshare of Wazuh is 17.0%, up from 13.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
AKASH MAJUMDER - PeerSpot reviewer
Open-source platform with custom alerting
There are three key strengths of Wazuh that stand out to me. Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly. Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in. Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The rule engine is very easy to use — very flexible."
"The product can scale."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"IBM QRadar Advisor with Watson is a stable solution."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"The event collector, flow collector, PCAP and SOAR are valuable."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"It's stable."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"Wazuh is simple to use for PCI compliance."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
 

Cons

"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"The solution could improve by having more out-of-the-box use cases."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"The price of IBM Security QRadar is an area of concern where improvements are required."
"I would like the rule creation interface to be much more user-friendly in the next release."
"The initial setup was complex, and it took six months."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"An issue I noticed is with tag values in certain rules not functioning properly."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Wazuh is missing many things that a typical SIEM should have."
"There could be a hardware monitoring tool for the solution."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
 

Pricing and Cost Advice

"The cost of this product is expensive."
"think the pricing is quite flexible."
"Our licensing costs for this solution is on a yearly basis."
"Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar."
"On a scale of one to ten, I rate the price a one, where one is an extremely expensive product, and ten is a cheap product."
"The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace."
"The license is not subscription-based."
"The pricing is higher but cheaper than others and there are no additional costs."
"The solution's cost is above the average."
"Wazuh is a cheaply priced product."
"It is an open-source product."
"It is a free-of-cost solution."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"We use the free version of Wazuh."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
"Wazuh is an open-source tool."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
823,795 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
6%
Computer Software Company
16%
University
7%
Comms Service Provider
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear...
What is your primary use case for Wazuh?
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and...
 

Comparisons

 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
No data available
 

Learn More

 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Find out what your peers are saying about IBM Security QRadar vs. Wazuh and other solutions. Updated: November 2024.
823,795 professionals have used our research since 2012.