IBM Security® QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks.
N/A
Splunk SOAR
Score 9.0 out of 10
N/A
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
N/A
Pricing
IBM Security QRadar SOAR
Splunk SOAR
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IBM Security QRadar SOAR
Splunk SOAR
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
Usage-based pricing: This simple, scalable option allows starting small with an initial users and capabilities and scaling up as more users are added, as well as capabilities and data.
Enterprise-wide pricing: This option is based on either the size of the enterprise-wide IT infrastructure or the size and type of data sources being secured.
IBM Security QRadar SOAR is particularly useful in guarding againt a phishing event. When a malware downloaded via a phishing email was detected, IBM Security QRadar SOAR was able to automate a response by isolating the infected device, blocking the malicious URL and removing the emails from all the user inbox based on hash signatures identified as attachment.
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
Increasing the severity of incidents when threats or outages happened and informing the IT team/management to take action. Our application is a .net one which is a legacy with SQL server. The number of times it is more vulnerable to threats and the action to be taken was identified using this tool.
Prior to using this tool, we were informed of threats by IBM customer support and we took action in around 2 to 3 hours to prevent using NOC team support. However, after we deployed this tool we were able to respond quickly based on the action plan provided along with threat level and severities.
Prior to deploying this tool, our incidents were provided by IBM customer support with no necessary information on the same. After this tool was installed in our organization, we were able to get the security alerts instantly and take action with the severity level for threats/attacks.
A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
I'd rate my likelihood of renewing the use of IBM Security QRadar SOAR as an 8 out of 10. Its strong automation, customization, and integration capabilities make it highly valuable for incident response and cybersecurity research. However, occasional complexity and the need for more streamlined usability prevent it from being a perfect score.
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
I would rate IBM Security QRadar SOAR's overall usability a 7 out of 10. The interface is quite functional and offers a wide range of features, but it can be somewhat complex and intimidating for beginners. Additionally, the configuration and customization can require a significant learning curve, especially for those without prior experience with security orchestration and automation platforms.
Building playbooks through the visual editor is fine for basic tasks, but once you start chaining complex logic or integrating 3rd party APIs you hit a wall that requires deep scripting knowledge.
I would rate IBM Security QRadar SOAR's availability as 9 out of 10. The platform is highly reliable, with minimal unplanned outages or application errors, ensuring it’s available when needed. However, occasional minor maintenance periods or rare connectivity issues prevent it from achieving a perfect score in terms of availability.
I would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.
It has APIs that are useful for integration with third party solutions as well as for absorbing large volumes of data from our servers, networks and apps. Splunk SOAR offers a variety of playbooks that we use in automating workflows for migrating data and for analyzing the data to ensure its security.
I would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.
I would rate my satisfaction with the implementation of IBM Security QRadar SOAR as 7 out of 10. The process was generally straightforward, supported by helpful documentation and responsive support. However, certain advanced configurations proved more challenging and required more technical effort than anticipated, making the overall experience less seamless.
The elasticity of the IBM Security QRadar SOAR solution is what had driven us. We knew that the solution would require nurturing, training over the personnel but once the initial road blocks were destroyed, we went going faster. The other solutions lacked this elasticity, meaning we did not want to work with the things that were given to us but we wanted to make our own playground. We found IBM solution is the only one to provide this answer seamlessly. Also ease-of-integration and native integration with IBM SIEM is another factor of choose on our part.
If you use Splunk SIEM, you might wanna use Splunk soar, too. one vendor for SIEM and SOAR, and you do not need to think about integration, etc. Easy to use if we compare to other SOARs, chat and war rooms are great, and almost every action that we need is already created in Splunk SOAR.
I would rate IBM Security QRadar SOAR's overall scalability as 9 out of 10. It effectively scales to handle large volumes of incidents and can be deployed across multiple departments or sites. Its architecture supports growing data and integration needs, but advanced configuration for larger deployments may require more effort, preventing a perfect score.
QRadar has significantly enhanced our security posture by enabling us to detect, respond to, and mitigate security threats more effectively.
As we expand construction projects, QRadar SOAR has seamlessly scaled with our growing security needs. We haven't needed to invest in additional security personnel at the same rate as our project expansion, resulting in cost savings and efficient resource allocation.
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task
