We performed a comparison between IBM Resilient and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The automation feature is valuable."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It's really simple and has a flexible interface."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The solution is easy to use."
"As a whole, the product is stable...Technical support is very good."
"The product is very good at incident response."
"The most valuable thing about it is how easy it is to navigate the user interface."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"The scalability is very good. It's not a problem."
"We've found the technical support to be very good."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"The scalability is good."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"This solution has excellent security analytics."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The reporting could be more structured."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The product can be improved by reducing the cost to use AI machine learning."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"IBM Resilient is quite complex, including its configuration."
"The integration could be improved so that it is easy to integrate with other solutions."
"The tool needs to improve its documentation on license scripts."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"The product needs a bit more development."
"The ability to analyze incidents needs to be improved in the solution."
"The product must provide more integration with other tools."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"They should introduce some automation into the product."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"Technical support could be improved by a bit."
"The dashboards are all legacy and old."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
IBM Resilient is ranked 8th in Security Orchestration Automation and Response (SOAR) with 17 reviews while IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews. IBM Resilient is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Cloud Pak for Security, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our IBM Resilient vs. IBM Security QRadar report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.