IBM Security QRadar SIEM vs. Splunk Enterprise Security

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
IBM Security QRadar SIEM
Score 8.8 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.N/A
Splunk Enterprise Security
Score 8.1 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.N/A
Pricing
IBM Security QRadar SIEMSplunk Enterprise Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IBM Security QRadar SIEMSplunk Enterprise Security
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
IBM Security QRadar SIEMSplunk Enterprise Security
Considered Both Products
IBM Security QRadar SIEM
Chose IBM Security QRadar SIEM
Due to its performance, it is a more practical way to analyze and respond to an incident. It is a graphic with good interaction and multiple integrated platforms.
Chose IBM Security QRadar SIEM
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I …
Chose IBM Security QRadar SIEM
We chose IBM Security QRadar SIEM not only because it was a leader but because it convinced us it was a solid product suitable for multiple scenarios but most importantly we needed a really secure and powerful software for our infrastructure.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM has been quite a revolutionary siem solution compared to its counterparts. Be it the use case building to maintaining log source integrations, Qradar has proved to be one of the most efficient and easy to use solution. Having IBM SOAR along with the …
Chose IBM Security QRadar SIEM
Because is easy to use and if you don't have analysts with database language skills IBM Security QRadar SIEM is easy to use in comparison to Splunk.
Chose IBM Security QRadar SIEM
Because they are the best and most used tools in the Cyber ​​Security market for event correlation.
Chose IBM Security QRadar SIEM
It provides practicality by containing several domains in a single tenant and being able to subdivide them in a single place, in addition to the fact that the price is very competitive in the market.
Chose IBM Security QRadar SIEM
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can …
Chose IBM Security QRadar SIEM
We select a IBM Security QRadar SIEM because is better to integrate a our SIEM QRADAR.
Chose IBM Security QRadar SIEM
I still don't have experience with other SIEM solutions.
Chose IBM Security QRadar SIEM
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar …
Chose IBM Security QRadar SIEM
Qradar is on my top choice because I have hands-on experience on it. on qradar it is much easier to investigate in case of any incident happend.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM offers a wide range of features and capabilities, such as behavioral analysis, event correlation and incident management, making it a robust and effective choice.
Chose IBM Security QRadar SIEM
Rapid7 InsightIDR and Paladion
Chose IBM Security QRadar SIEM
QRadar's open architecture is easy to integrate with a wide range of security tools and third-party applications, which are available at the IBM X-force library to enhance overall flexibility. Its powerful analytics and correlation capabilities provide advanced threat detection …
Chose IBM Security QRadar SIEM
I would take below parameters to say IBM Security QRadar SIEM is better than other SIEM tools such as netwitness SIEM"

1) Easy to Use
Chose IBM Security QRadar SIEM
I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better …
Chose IBM Security QRadar SIEM
User friendly and use case management portal which helps to get brief idea about security posture based on mitre mapping is best thing i have experienced in qradar.
Chose IBM Security QRadar SIEM
price, to be honest IBM Security QRadar SIEM package is very good for most customers than Splunk and Sentinel
Chose IBM Security QRadar SIEM
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its …
Chose IBM Security QRadar SIEM
It's in the middle of this chart, Splunk from my point of view it's still the best SIEM actually and Sentinel it's very easy to use.
Chose IBM Security QRadar SIEM
IBM Qradar is cheaper and also easy to use.
For splunk you need dedicated team of experts.
Chose IBM Security QRadar SIEM
As a part of core security service provider, we could not stand with the tools that are used as a generic data processor. The compliance, log reading and events are well managed in QRadar compared to other tools
Splunk Enterprise Security
Chose Splunk Enterprise Security
In my experience, Sentinel only works well for clients invested in azure. But the moment you step outside that ecosystem, mixing AWS , on prem and custom logs, things fall into shambles and feel fragmented
Chose Splunk Enterprise Security
Before Splunk, we ran Elastic Security for our log aggregation and alerting platform. Unfortunately, the solution was not a good fit for many logs and mixed on-prem/cloud infrastructure, as our. For cost or small infrastructure, Elastic is a very good, strong, and credible …
Chose Splunk Enterprise Security
The cost of Splunk Enterprise Security is very low as this can be hosted on private cloud. Google secops has very good UI and better log query speed and other features but cost sooo much.
Chose Splunk Enterprise Security
High-fidelity analytics with machine learning and customizable correlation rules.
Chose Splunk Enterprise Security
The fact that it is used by many large companies was a strong reason for selecting Splunk Enterprise Security.
After several demos and POCs, the teams were convinced of the value it brings: it demands the right amount of customization to fit with the company data sources.
Also …
Chose Splunk Enterprise Security
We piloted Sentinel for one of our regional logistics hubs but it struggled to handle our volume on-prem iot and telematics data cleanly. Splunk on the other hand gave us more control than its competitors
Chose Splunk Enterprise Security
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and …
Chose Splunk Enterprise Security
Imperva Web Application Firewall (WAF), Juniper Mist Edge, Wazuh
Chose Splunk Enterprise Security
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some …
Chose Splunk Enterprise Security
Splunk Enterprise Security (ES) is much faster and easier to integrate logs and work on alerts to detect suspicious security events.
Chose Splunk Enterprise Security
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.
Chose Splunk Enterprise Security
These two really helps in better way and low cost and high productivity. Automatic detection ML help you to detect many ways and create cases based on risk score
GRS UBA helps to protect organization from data ,via sharing through emails and USB s .
Gurucu product license once …
Chose Splunk Enterprise Security
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review …
Chose Splunk Enterprise Security
I believe it is definitely a leader in the security space
Chose Splunk Enterprise Security
I consider Splunk Enterprise Security to have the strongest deployment methodology and troubleshoot features. Other products also provide good solutions such as Riverbed, Broadcom and Solarwinds but I think Splunk Enterprise Security is a great and trustable option to use for …
Chose Splunk Enterprise Security
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.
Chose Splunk Enterprise Security
Traditional hardware logging mechanisms do not provide in-depth research data on the threats and signatures, while Splunk Enterprise Security could easily achieve this feat.
Chose Splunk Enterprise Security
FortiAnalzer is a hardware solution, but with Splunk, we could identify as well get the correct solution for the active threats and too with accurate and precise detailing.
Chose Splunk Enterprise Security
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well.
- Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem.
- With lookups and trust, …
Chose Splunk Enterprise Security
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for …
Chose Splunk Enterprise Security
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES …
Chose Splunk Enterprise Security
Splunk Enterprise Security allows for data normalization that does not compare to other SIEMs such as QRadar or Trustwave. QRadar requires custom dsm parsers before the data can be onboarded. I appreciate that Splunk Enterprise Security can ingest any source of data and …
Chose Splunk Enterprise Security
N/A - Have only used Splunk Enterprise Security since coming to Deloitte
Features
IBM Security QRadar SIEMSplunk Enterprise Security
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
IBM Security QRadar SIEM
8.5
Ratings
8% above category average
Splunk Enterprise Security
8.1
Ratings
3% above category average
Centralized event and log data collection9.90 Ratings7.50 Ratings
Correlation8.60 Ratings8.90 Ratings
Event and log normalization/management9.50 Ratings8.90 Ratings
Deployment flexibility7.80 Ratings7.00 Ratings
Integration with Identity and Access Management Tools8.90 Ratings8.00 Ratings
Custom dashboards and workspaces7.50 Ratings8.90 Ratings
Host and network-based intrusion detection9.70 Ratings8.00 Ratings
Data integration/API management9.00 Ratings7.90 Ratings
Behavioral analytics and baselining7.60 Ratings7.40 Ratings
Rules-based and algorithmic detection thresholds8.00 Ratings8.50 Ratings
Response orchestration and automation7.70 Ratings7.50 Ratings
Reporting and compliance management7.90 Ratings8.90 Ratings
Incident indexing/searching8.90 Ratings8.00 Ratings
Best Alternatives
IBM Security QRadar SIEMSplunk Enterprise Security
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 8.0 out of 10
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 8.0 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
IBM Security QRadar SIEMSplunk Enterprise Security
Likelihood to Recommend
8.5
(0 ratings)
7.0
(0 ratings)
Likelihood to Renew
8.7
(0 ratings)
9.1
(0 ratings)
Usability
8.0
(0 ratings)
7.1
(0 ratings)
Availability
9.0
(0 ratings)
9.1
(0 ratings)
Performance
9.0
(0 ratings)
7.0
(0 ratings)
Support Rating
8.1
(0 ratings)
7.3
(0 ratings)
In-Person Training
9.0
(0 ratings)
9.1
(0 ratings)
Online Training
9.0
(0 ratings)
8.2
(0 ratings)
Implementation Rating
8.0
(0 ratings)
9.1
(0 ratings)
Configurability
8.0
(0 ratings)
7.3
(0 ratings)
Ease of integration
8.1
(0 ratings)
6.4
(0 ratings)
Product Scalability
8.0
(0 ratings)
8.7
(0 ratings)
Vendor post-sale
9.0
(0 ratings)
8.2
(0 ratings)
Vendor pre-sale
9.0
(0 ratings)
8.2
(0 ratings)
User Testimonials
IBM Security QRadar SIEMSplunk Enterprise Security
Likelihood to Recommend
QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Read full review
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
Read full review
Pros
  • Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
  • Facilitates security incident investigation and forensic analysis.
  • Provides a real-time view of security events, enabling immediate incident response.
  • Can integrate with external threat intelligence sources to enrich data and improve threat detection.
  • Enables the generation of detailed and customized reports.
Read full review
  • Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
  • Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
Read full review
Cons
  • Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
  • While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
  • IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
Read full review
  • ES on the cloud (SaaS) has too many limitations with platform administration.
  • Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
  • In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
Read full review
Likelihood to Renew
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review
We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.
Read full review
Usability
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
Read full review
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
Read full review
Reliability and Availability
No answers on this topic
I don't think I've ever seen Splunk ES go fully offline or have any downtime greater than a few minutes on rare occasions.
Read full review
Performance
No answers on this topic
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
Read full review
Support Rating
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
Read full review
In-Person Training
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
Read full review
Online Training
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
Read full review
Implementation Rating
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
Read full review
It's a fantatic product and it was very useful the presence of Splunk Professional Services for the Design Phase and the final Health Check.
Read full review
Alternatives Considered
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.
Read full review
Before Splunk, we ran Elastic Security for our log aggregation and alerting platform. Unfortunately, the solution was not a good fit for many logs and mixed on-prem/cloud infrastructure, as our. For cost or small infrastructure, Elastic is a very good, strong, and credible choice. But if you need a performant SIEM, enjoy Splunk.
Read full review
Scalability
No answers on this topic
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
Read full review
Return on Investment
  • Like any cybersecurity product, any money you don't lose on a prevented attack is money that you saved
  • Most of the apps are free and provides great enrichment like User Behaviour Analytics
  • Top quality alerts gives enormous value to the "passive" data that flows into the infrastructure
Read full review
  • Swift Incident Response: ES's real-time monitoring and correlation capabilities have notably reduced our mean time to detect (MTTD) and respond (MTTR) to security incidents.
  • Cost Efficiency: ES streamlined operations, lowering operational costs through task automation and effective resource allocation.
  • Compliance Simplification: ES's robust reporting and compliance features have eased audits, reducing related costs and efforts.
Read full review
ScreenShots

IBM Security QRadar SIEM Screenshots

Screenshot of QRadar SIEM Cloud native- Threat intelligence preview