We compared IBM Security QRadar and Microsoft Sentinel based on our users' reviews across several parameters.
IBM Security QRadar is praised for its advanced threat detection, customizable dashboards, and integration capabilities, while users mention concerns about its complex interface and lack of flexibility. Microsoft Sentinel is highlighted for its affordability, intuitive interface, and automation options, with users mentioning the need for improved customization and integration features. Users find value in both products, with IBM Security QRadar focusing on comprehensive features and advanced threat detection, while Microsoft Sentinel offers affordability and streamlined incident response capabilities.
Features: IBM Security QRadar excels in customizable dashboards and seamless integration with security tools, offering real-time threat detection. Microsoft Sentinel stands out for its advanced threat visibility and streamlined incident response with machine learning capabilities.
Pricing and ROI: IBM Security QRadar has a higher setup cost, with some users mentioning the need for experienced personnel. Licensing is seen as complex but offers flexibility. Microsoft Sentinel has affordable, minimal setup costs and flexible, easy-to-understand licensing options. With comprehensive features and an intuitive interface, IBM Security QRadar offers great value in detecting and managing threats. Users highlighted its ability to streamline operations and improve security posture. Microsoft Sentinel users also praised its positive impact on organizations, noting benefits like improved security, reduced incident response time, and enhanced threat visibility. Despite some initial setup complexities, they appreciate its ease of use and integration with other Microsoft products.
Room for Improvement: IBM Security QRadar could improve user interface intuitiveness, performance speed, customization flexibility, and support resources. Microsoft Sentinel users seek better platform usability, customization options, integration with other tools, enhanced reporting, and improved documentation.
Deployment and customer support: Users found IBM Security QRadar quicker to deploy and set up compared to Microsoft Sentinel, which, although quicker to deploy, had a more complex setup process, according to some users. IBM Security QRadar's highly knowledgeable and responsive customer service provides prompt assistance. Microsoft Sentinel's customer service is praised for its effectiveness and quick issue resolution, creating positive user experiences.
The summary above is based on 144 interviews we conducted recently with IBM Security QRadar and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"The product can scale."
"There are a lot of great out-of-the-box features included."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"Most valuable features include the granularity of information."
"Most of the features are good. It is an excellent solution."
"The detection rate is good and the false positive rate is low."
"Vulnerability data, network data and the like, are part of correlation and detection."
"The machine learning and artificial intelligence on offer are great."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The analytic rule is the most valuable feature."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The UI-based analytics are excellent."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Each module requires a separate license and a separate cost."
"The Indian tech support is not helpful."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"The usability of interfaces could be improved."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"There needs to be better integration with other applications."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The only thing is sometimes you can have a false positive."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We are invoiced according to the amount of data generated within each log."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews. IBM Security QRadar is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Microsoft Sentinel is most compared with AWS Security Hub, Wazuh, Microsoft Defender for Cloud, Elastic Security and Splunk Enterprise Security. See our IBM Security QRadar vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.