AlienVault vs QRadar

Posted by UpGuard

AlienVault vs QRadar

It's not uncommon for organizations to encounter hundreds of security incidents on a daily basis—from the trivial poking and prodding of script kiddies to nefarious activities that constitute the inner workings of advanced persistent threats (APTs). Transforming this volume of data into actionable information is impossible without the assistance of security intelligence, specifically, the analytic capabilities of security information and event management (SIEM) tools. AlienVault USM and IBM QRadar are two leading platforms that focus heavily on these areas—let's see how they stack in this comparison.

These platforms of course do alot more than SIEM, as no single technology or approach to cybersecurity can fully protect against the myriad of threats that confront today's enterprises. Layered security is the best bet for protecting against cyber attacks, and both AlienVault and IBM QRadar consist of a combination vulnerability management, anomaly detection, security monitoring, incident response capabilities, and more.

Get the Digital Resilience eBook

AlienVault

AlienVault's Open Source Security Information Management (OSSIM) project—an leading SIEM platform in widespread use—is arguably the company's claim to fame. Its suite of security solutions essentially revolve around OSSIM to provide organizations with enterprise-grade threat protection on various levels. The AlienVault Unified Security Platform (USM) is the company's flagship offering that combines a virtual appliance with both network and host-based intrusion detection, SIEM, and continuous threat intelligence.

AlienVault UIThe AlienVault UI. Source: alienvault.com.

Another notable feature of AlienVault USM is the Open Threat Exchange: a security database consisting of 26,000+ participants in 140 countries crowdsharing over a million potential threats on a daily basis.

QRadar

IBM has been steadily adding security vendors to its list of acquisitions over the years: Internet Security Systems, BigFix, Trusteer, and more recently Resilient Systems, to name a few. In 2011 it picked up security intelligence software developer Q1 Labs, and with it QRadar—marking its first foray into the SIEM space.

QRadar UIThe QRadar interface. Source: ibm.com.

As it stands today, the IBM QRadar Security Intelligence Platform consists of various components managed under a unified console: QRadar SIEM, QFlow Collector for analyzing application level traffic, log manager, and QRadar vulnerability scanner.

Side-by-Side Scoring: AlienVault vs. QRadar

1. Capability Set

Both platforms possess powerful capabilities that you'd expect from enterprise-grade layered security platforms. AlienVault USM was designed to be an all-in-one platform combining SIEM, network/host-based IDS, file integrity monitoring, vulnerability assessment, asset discovery, and netflow analysis. While QRadar provides features such as vulnerability scanning and traffic analysis, its primary strength lies in its SIEM and security data aggregation/analysis capabilities.

 

AlienVault score_570.png
QRadar score_570.png


2. Ease of Use

QRadar is a robust platform heavily focused on the SIEM side of the security equation, but with this power comes complexity, especially when it comes to set up and tuning the product. In contrast, AlienVault USM is targeted at mid-market firms—this is reflected in its relatively intuitive, easy-to-use interface. Each management console page consists of interactive and customizable elements.

AlienVault score_4.png
QRadar score_2.png


3. Community Support

With the popular open source OSSIM project under its belt, AlienVault has maintained a strong and loyal following amongst the open source community, with ample community support resources for OSSIM to boot. IBM QRadar is primarily an enterprise offering with minimal support resources outside of IBM and its partner network, though substantial online help materials can be accessed via the IBM developerWorks community wikis. Additionally, non-IBM affiliated websites like QRadar Insights offer tutorials and limited support materials.

AlienVault score_5.png
QRadar score_3.png


4. Release Rate

AlienVault USM is currently on version 5.3; IBM QRadar is on version 7.0. Both AlienVault and QRadar have seen regular releases over the years, and both vendors maintain publicly available version histories for their respective platforms.

AlienVault score_570.png
QRadar score_570.png


5. Pricing and Support

As mentioned previously, AlienVault USM targets mid-market organizations, and this fact is reflected in its pricing: at the lowest tier, the all-in-one virtual appliance can be had for $5050—an affordable price point for organizations with modest security budgets. The IBM QRadar platform is a modular product with multiple options per component; suffice to say, it's an enterprise product and is priced as such. Typical deployments run in the tens of thousands and can surpass the six-figure mark with all the bells and whistles. When compared with QRadar, support options are more inexpensive and readily available for AlienVault USM.

AlienVault score_4.png
QRadar

score_2.png


6. API and Extensibility

AlienVault offers no REST API for integrating/customizing its USM Platform; that said, it does offer a Golang-based API for its OTX crowdsourced intelligence platform. The platform can be extended with a variety of 3rd-party datasource plugins in its USM plugin library. In contrast, QRadar offers a well-documented RESTful API for accessing various platform feature endpoints, from the SIEM and analytics engine to the vulnerability scanner. 

AlienVault score_3.png
QRadar score_570.png


7. 3rd Party Integrations

AlienVault OSSIM is itself an assembage of open source integrations: Snort for IDS, Nagios for monitoring, and OpenVAS for vulnerability assessment, to name a few. Additionally, the USM platform integrates with various security devices and offers several 3rd-party datasource plugins from its plugin library. Similarly, QRadar offers a vast library of 3rd-party plugins—known as device support modules (DSMs)—for collecting security events generated by a myriad of vendors' products: McAfee, Microsoft, Cisco, Salesforce, VMWare, Kaspersky, and Juniper Networks, to name a few. The offering's Security App Exchange also enables customers to write and share custom apps; the exchange includes contributions from Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems, to name a few.

AlienVault score_570.png
QRadar score_5.png


8. Companies that Use It

Both AlienVault USM and IBM QRadar are used by prominent enterprises worldwide. AlienVault counts Subaru, Focus Brands, Hulu, and the U.S. Air Force as some of its customers; IBM QRadar is used by Fidelity National Financial, The University of Chicago, Gamestop, and more.

AlienVault score_570.png
QRadar score_5.png


9.
Learning Curve

 

Despite a relatively easy to navigate and user-friendly dashboard, QRadar's learning curve is fairly steep, especially when compared to AlienVault USM. The latter's wizard-driven set up and intuitive management console make getting up to speed with the platform a trivial affair.

AlienVault score_570.png
QRadar score_2.png


10. CSTAR

AlienVault has a better-than-average 884 CSTAR score, though lack of HTTP strict transport security and DNSSEC keep it from achieving top marks. IBM QRadar's disappointing 608 CSTAR score is certainly not the worst of the lot; that said, lack of SSL and HTTP strict transport security/DNSSEC could render its website exploitable by cyber attackers.

AlienVault

CSTAR AlienVault

QRadar

Screen Shot 2016-11-07 at 9.50.53 PM.png


Scoreboard and Summary

  AlienVault QRadar
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

CSTAR AlienVault

Screen Shot 2016-11-07 at 9.50.53 PM.png

Total  4.6 out of 5  3.7 out of 5

In short, AlienVault USM is a safe bet for organizations looking for a relatively affordable and competent all-in-one security platform. IBM QRadar is a powerful SIEM and security data aggregation platform, but its cost-prohibitive price tag and steep learning curve make it an option restricted to enterprises with ample budgetary and professional resources.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: vulnerabilities, continuous security

UpGuard customers