We compared IBM Security QRadar and Microsoft Sentinel based on our users' reviews across several parameters.
IBM Security QRadar is praised for its advanced threat detection, customizable dashboards, and integration capabilities, while users mention concerns about its complex interface and lack of flexibility. Microsoft Sentinel is highlighted for its affordability, intuitive interface, and automation options, with users mentioning the need for improved customization and integration features. Users find value in both products, with IBM Security QRadar focusing on comprehensive features and advanced threat detection, while Microsoft Sentinel offers affordability and streamlined incident response capabilities.
Features: IBM Security QRadar excels in customizable dashboards and seamless integration with security tools, offering real-time threat detection. Microsoft Sentinel stands out for its advanced threat visibility and streamlined incident response with machine learning capabilities.
Pricing and ROI: IBM Security QRadar has a higher setup cost, with some users mentioning the need for experienced personnel. Licensing is seen as complex but offers flexibility. Microsoft Sentinel has affordable, minimal setup costs and flexible, easy-to-understand licensing options. With comprehensive features and an intuitive interface, IBM Security QRadar offers great value in detecting and managing threats. Users highlighted its ability to streamline operations and improve security posture. Microsoft Sentinel users also praised its positive impact on organizations, noting benefits like improved security, reduced incident response time, and enhanced threat visibility. Despite some initial setup complexities, they appreciate its ease of use and integration with other Microsoft products.
Room for Improvement: IBM Security QRadar could improve user interface intuitiveness, performance speed, customization flexibility, and support resources. Microsoft Sentinel users seek better platform usability, customization options, integration with other tools, enhanced reporting, and improved documentation.
Deployment and customer support: Users found IBM Security QRadar quicker to deploy and set up compared to Microsoft Sentinel, which, although quicker to deploy, had a more complex setup process, according to some users. IBM Security QRadar's highly knowledgeable and responsive customer service provides prompt assistance. Microsoft Sentinel's customer service is praised for its effectiveness and quick issue resolution, creating positive user experiences.
The summary above is based on 144 interviews we conducted recently with IBM Security QRadar and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"It helps us discover any threats with their alerts and tracking."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"We've found the solution to be scalable."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The pricing of the product is excellent."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Free ingestion for Azure logs (with E5 licence)"
"IBM is going through some problems with its resources currently making its support response time slow."
"The initial setup was complex, and it took six months."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"The threat detection needs improvement, they have many false positives."
"I would like to see the update process simplified."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"Technical support could be improved by a bit."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The reporting could be more structured."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. IBM Security QRadar is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Microsoft Sentinel is most compared with AWS Security Hub, Splunk Enterprise Security, Microsoft Defender for Cloud, Elastic Security and Wazuh. See our IBM Security QRadar vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.