We performed a comparison between AWS Security Hub and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The automation feature is valuable."
"Easily integrates with third-party tools"
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"Finding out if your infrastructure is secure is a valuable feature."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"Technical support is good overall."
"This solution has allowed us to correlate logs from multiple sources."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"We are using the platform version, which I like."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"It has improved my efficiency."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
"The best part of this solution is having a third-party SOC."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The playbook is a bit difficult and could be improved."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The reporting could be more structured."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"The support must be quicker."
"It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better."
"It is not flexible for multi-cloud environments."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"I would like for Yara to be supported by all components."
"The solution lacks some maturity."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"IBM is going through some problems with its resources currently making its support response time slow."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. AWS Security Hub is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Tenable Security Center, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our AWS Security Hub vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.