Snort vs. IBM Security QRadar SIEM

Snort

Snort

26 Reviews and Ratings

IBM Security QRadar SIEM

IBM Security QRadar SIEM

287 Reviews and Ratings

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Snort	Score 8.4 out of 10	N/A	Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.	N/A
IBM Security QRadar SIEM	Score 8.7 out of 10	N/A	IBM Security QRadar is security information and event management (SIEM) Software.	N/A

Pricing

Snort

IBM Security QRadar SIEM

Editions & Modules

No answers on this topic

No answers on this topic

Offerings

Pricing Offerings
Snort	IBM Security QRadar SIEM
Free Trial
No	Yes
Free/Freemium Version
No	No
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

No setup fee

Additional Details

—

—

More Pricing Information

Community Pulse
	Snort	IBM Security QRadar SIEM

Features

Snort

IBM Security QRadar SIEM

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Snort - Ratings	IBM Security QRadar SIEM 8.6 69 Ratings 9% above category average
Centralized event and log data collection	00 Ratings	9.927 Ratings
Correlation	00 Ratings	8.869 Ratings
Event and log normalization/management	00 Ratings	9.527 Ratings
Deployment flexibility	00 Ratings	7.827 Ratings
Integration with Identity and Access Management Tools	00 Ratings	8.765 Ratings
Custom dashboards and workspaces	00 Ratings	7.469 Ratings
Host and network-based intrusion detection	00 Ratings	9.725 Ratings
Data integration/API management	00 Ratings	9.07 Ratings
Behavioral analytics and baselining	00 Ratings	7.848 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	8.449 Ratings
Response orchestration and automation	00 Ratings	7.75 Ratings
Reporting and compliance management	00 Ratings	8.147 Ratings
Incident indexing/searching	00 Ratings	8.97 Ratings

Best Alternatives
	Snort	IBM Security QRadar SIEM
Small Businesses	AlienVault USM Score 6.8 out of 10	AlienVault USM Score 6.8 out of 10
Medium-sized Companies	CrowdStrike Falcon Score 9.1 out of 10	InsightIDR Score 9.1 out of 10
Enterprises	CrowdStrike Falcon Score 9.1 out of 10	InsightIDR Score 9.1 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Snort	IBM Security QRadar SIEM
Likelihood to Recommend	8.1 (5 ratings)	8.5 (89 ratings)
Likelihood to Renew	- (0 ratings)	8.3 (5 ratings)
Usability	- (0 ratings)	8.3 (2 ratings)
Availability	- (0 ratings)	9.0 (1 ratings)
Performance	- (0 ratings)	9.0 (1 ratings)
Support Rating	- (0 ratings)	8.2 (62 ratings)
In-Person Training	- (0 ratings)	9.0 (1 ratings)
Online Training	- (0 ratings)	9.0 (1 ratings)
Implementation Rating	- (0 ratings)	8.0 (1 ratings)
Configurability	- (0 ratings)	8.0 (1 ratings)
Contract Terms and Pricing Model	- (0 ratings)	9.0 (1 ratings)
Ease of integration	- (0 ratings)	8.0 (58 ratings)
Product Scalability	- (0 ratings)	8.0 (1 ratings)
Professional Services	- (0 ratings)	10.0 (1 ratings)
Vendor post-sale	- (0 ratings)	9.0 (1 ratings)
Vendor pre-sale	- (0 ratings)	9.0 (1 ratings)

User Testimonials
	Snort	IBM Security QRadar SIEM
Likelihood to Recommend	Cisco If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me. Incentivized Verified User Anonymous Read full review	IBM I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements. Incentivized Verified User Anonymous Read full review
Pros	Cisco IPS detection. DoS detection. Packet logging. Incentivized Verified User Anonymous Read full review	IBM Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action. Facilitates security incident investigation and forensic analysis. Provides a real-time view of security events, enabling immediate incident response. Can integrate with external threat intelligence sources to enrich data and improve threat detection. Enables the generation of detailed and customized reports. Incentivized Brandon Lowry Cyber Security Specialist Read full review
Cons	Cisco At times can be unstable with Cisco bugs, require frequent upgrading. FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI. Incentivized Alan Matson, CCNA:S, MCP Senior Network Security Engineer Read full review	IBM Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources. While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete. IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting. Incentivized NP Neel Patel Sr Cloud Architect Read full review
Likelihood to Renew	Cisco No answers on this topic	IBM QRadar is an established and stable product, we have been using it for many years and want to continue to focus on it. Anyone who has used the product and knows it knows how reliable it is and how it facilitates continuous monitoring of threats from outside and inside. it is an exceptional product that is very useful for us. Incentivized Verified User Anonymous Read full review
Usability	Cisco No answers on this topic	IBM As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly. Incentivized Verified User Anonymous Read full review
Support Rating	Cisco No answers on this topic	IBM Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm Incentivized Abhishek Kumar Assistant Manager Read full review
In-Person Training	Cisco No answers on this topic	IBM The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us. Incentivized Verified User Anonymous Read full review
Online Training	Cisco No answers on this topic	IBM The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us. Incentivized Verified User Anonymous Read full review
Implementation Rating	Cisco No answers on this topic	IBM Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively Incentivized Verified User Anonymous Read full review
Alternatives Considered	Cisco For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range. Incentivized DM David Myers Network Administrator Read full review	IBM IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world. Incentivized Verified User Anonymous Read full review
Return on Investment	Cisco Being open source, ROI on free is hard to beat for something that works. I believe it greatly enhances the security of my network. CD Curt Dickman Owner Read full review	IBM Offense investigation was really helped in tackling the incidents. It was accurate and brief The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database Incentivized Verified User Anonymous Read full review
ScreenShots		IBM Security QRadar SIEM Screenshots