We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"It has great stability."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The solution is quite stable. The performance has been good."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The most valuable feature is the ability to collect authentication information from service providers."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA)."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"Stability could be improved by avoiding frequent changes to the interface."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The tool gives inconsistent answers and crashes a lot."
"Sometimes, configurations take much longer than expected."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"There isn't really a very good user experience. You need a lot of training."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"This solution is on-premise and many customers are moving to the cloud base solution."
"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
"The modularity could be improved."
"The usability of interfaces could be improved."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Sentinel. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
