IBM Security® QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks.
N/A
Zerto
Score 9.1 out of 10
Enterprise companies (1,001+ employees)
Zerto, a Hewlett Packard Enterprise company, aims to enable customers to run an always-on business by simplifying the protection,
recovery, and mobility of on-premises and cloud applications. Zerto’s cloud
data management and protection platform is designed to eliminate the risks and complexity of
modernization and cloud adoption across private, public, and hybrid
deployments. The software-only platform uses continuous data protection
at scale to converge disaster recovery, backup, and data…
N/A
Pricing
IBM Security QRadar SOAR
Zerto
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IBM Security QRadar SOAR
Zerto
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
Usage-based pricing: This simple, scalable option allows starting small with an initial users and capabilities and scaling up as more users are added, as well as capabilities and data.
Enterprise-wide pricing: This option is based on either the size of the enterprise-wide IT infrastructure or the size and type of data sources being secured.
IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities. If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.
Zerto is well suited for disaster recovery and virtual machine replication between multiple data centers. DR testing for audit or regulations is much easier with Zerto, great reporting, dashboard etc. It is not well suited for physical server replication for disaster recovery or as a primary backup solution.
QRadar's ability to collect, analyze and normalize vast amount of security data from various sources is remarkable.
QRadar allows us to define and automate incident response playbooks which have been amazing for streamlining the response to security incidents.
It offers and extensive library of pre-built connectors and support for common security standards facilitating seamless integration with a wide range of security tools.
Anyone with a large disk (VMDK) knows the issues of VMware snapshots. Most backup software is a "point in time backup" that uses snapshots. While the backup can be run multiple times per day the stress of the snapshot on the host and storage is eliminated by the continuous protection of Zerto log replication.
A client had a the disks on a VM go missing for some reason. We had them "flip the switch" for a real fail over and press the fail over button. The VM on our DR site started to come alive as the VM at the customer site was brought down. When the DR VM was fully up, automatic reverse replication started. The DR machine was available in a few minutes (to take into account different host hardware) for access. One the vm at both sites were in sync, we had the customer again repeat the fail over process and the DR site VM was turned off and the Production site VM was brought back on line. This was a 200 GB VM and the whole process was finished in about 3 hours.
Zerto also allows for "Test" fail overs that can be configured on many different functions, such as host, datastore, network and IP usage. Configuring the IPs is crucial to avoid inadvertent site cross contamination of the same VM.
Zerto can also retrieve files from any VM disk on the DR site without starting a VM. Very handy for retrieving files or directories.
Since Zerto is running continuous log replication, changes on the production VM are nearly instantaneously copied to the DR site. As with any data process, having sufficient bandwidth for "churn" peaks minimizes the delay in updating the DR site.
We really like the easy setup of this replication solution, as well as the ease of management. Not to mention, our internal IT Economist determined that the Zerto solution would provide the best ROI out of the competing solutions we analyzed. So far, his calculations have been spot on, and we have saved substantially
Usability was the primary reason we purchased the software in the first place. We had compared it to several other software products in the same area, and it was by far the easiest to set up and use. Long-term maintenance proved to be similar, with updates driven by updates to VMware and vSphere, rather than the product itself.
Overall support is very good. We sometimes get pushback when asking Level 1 support to escalate to Level 2. This causes undue frustrations when you need a more knowledgeable support person to get involved. We've had to escalate to account reps a few times for this scenario. Zerto is very responsive and normally handles our requests very quickly.
Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by Splunk SOAR, but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made implementation of a SOAR solution much faster.
We started out using Backup Exec which was in service until we virtualized our environment where it didn't perform as well at the time. Then we switched to Veeam which worked well, but then as we started needing to do migrations and off-site DR, we found ourselves relying on Zerto more often.
For my organization, the pricing model was an upfront investment for the Zerto licenses. My organization prefers to pay upfront and not deal with month-to-month or year-to-year pricing models that most companies are moving to. But for some, the investment may be more than they can afford, and would prefer the year-to-year pricing model.
I mean, it was 6 years ago, but we were up and going with all applications synchronizing in short order. The longest tasks was getting the 30 TB of application data synchronized between the datacenters.
Zerto is like having the best possible insurance ... it just works, and often provides the backups taken overnight that are key in recovering data/work between overnight backups.
Zerto easily enabled the move of primary datacenters by allowing easy failover to a secondary site, and failback to the primary site.
