We compared IBM Security QRadar and Microsoft Sentinel based on our users' reviews across several parameters.
IBM Security QRadar is praised for its advanced threat detection, customizable dashboards, and integration capabilities, while users mention concerns about its complex interface and lack of flexibility. Microsoft Sentinel is highlighted for its affordability, intuitive interface, and automation options, with users mentioning the need for improved customization and integration features. Users find value in both products, with IBM Security QRadar focusing on comprehensive features and advanced threat detection, while Microsoft Sentinel offers affordability and streamlined incident response capabilities.
Features: IBM Security QRadar excels in customizable dashboards and seamless integration with security tools, offering real-time threat detection. Microsoft Sentinel stands out for its advanced threat visibility and streamlined incident response with machine learning capabilities.
Pricing and ROI: IBM Security QRadar has a higher setup cost, with some users mentioning the need for experienced personnel. Licensing is seen as complex but offers flexibility. Microsoft Sentinel has affordable, minimal setup costs and flexible, easy-to-understand licensing options. With comprehensive features and an intuitive interface, IBM Security QRadar offers great value in detecting and managing threats. Users highlighted its ability to streamline operations and improve security posture. Microsoft Sentinel users also praised its positive impact on organizations, noting benefits like improved security, reduced incident response time, and enhanced threat visibility. Despite some initial setup complexities, they appreciate its ease of use and integration with other Microsoft products.
Room for Improvement: IBM Security QRadar could improve user interface intuitiveness, performance speed, customization flexibility, and support resources. Microsoft Sentinel users seek better platform usability, customization options, integration with other tools, enhanced reporting, and improved documentation.
Deployment and customer support: Users found IBM Security QRadar quicker to deploy and set up compared to Microsoft Sentinel, which, although quicker to deploy, had a more complex setup process, according to some users. IBM Security QRadar's highly knowledgeable and responsive customer service provides prompt assistance. Microsoft Sentinel's customer service is praised for its effectiveness and quick issue resolution, creating positive user experiences.
The summary above is based on 144 interviews we conducted recently with IBM Security QRadar and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"This solution provides me with various alarms, and I have found security issues with some of my other products."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"It is a scalable solution."
"The monitoring and dashboards are great."
"IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot."
"The timeline and machine learning features are great."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The pricing of the product is excellent."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The machine learning and artificial intelligence on offer are great."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"In a future release, the solution could provide malware analysis."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"The IBM support can be better."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"IBM needs to invest more into the collaboration with other vendors."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. IBM Security QRadar is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Microsoft Sentinel is most compared with AWS Security Hub, Splunk Enterprise Security, Microsoft Defender for Cloud, Elastic Security and Wazuh. See our IBM Security QRadar vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.