• Home
  • IBM Security QRadar vs. LogRhythm UEBA

IBM Security QRadar vs LogRhythm UEBA comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Defender XDR
Read 80 Microsoft Defender XDR reviews
6,230 views|4,702 comparisons
97% willing to recommend
IBM Logo
IBM Security QRadar
Read 198 IBM Security QRadar reviews
3,093 views|1,861 comparisons
91% willing to recommend
LogRhythm Logo
LogRhythm UEBA
Read 10 LogRhythm UEBA reviews
414 views|355 comparisons
62% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
IBM Security QRadar vs. LogRhythm UEBA
May 2024
Executive Summary

We performed a comparison between IBM Security QRadar and LogRhythm UEBA based on real PeerSpot user reviews.

Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed IBM Security QRadar vs. LogRhythm UEBA Report (Updated: May 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
MuhammadBilal6
Researched IBM Security QRadar but chose Microsoft Defender XDR: It also has an AI-assisted automated feature that cuts off access to persistent attacks
James Riffenburg
The solution uses AI to analyze different logged events, and network activity and create a correlation
The solution has helped improve our organization by providing the comfort and visibility that we are, meeting compliance, and doing our due... Read more →
Anonymous User
The solution makes it easy to monitor users though it needs to improve its UI
It is easy to monitor users and that is how the solution is adding value to our firm.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Microsoft 365 Defender is a good solution and easy to use.""I have found the ability to delete unwanted threats beneficial.""The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def""I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc.""The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management.""Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.""The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI.""I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."

More Microsoft Defender XDR Pros →

"The UBA feature is the most valuable because you can see everything about users' activities.""I like that it's easy to use and the performance is good.""The most valuable feature is user behavior analytics (UBA).""This solution has allowed us to correlate logs from multiple sources.""The solution is easy to use, manage, and review all incidents.""The scalability is very good. It's not a problem.""Overall a great solution.""A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."

More IBM Security QRadar Pros →

"It is easy to monitor users and that is how the solution is adding value to our firm.""It has a lot of features. It has file integration monitoring.""The tool's most valuable feature is server threat hunting.""What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems.""Good capability pinpointing specific cyber incidents.""The solution's most valuable features are the graphical user interface and the reporting.""LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs.""The most valuable features are file activity monitoring and registry activity monitoring."

More LogRhythm UEBA Pros →

Cons
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises.""I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses.""Stability could be improved by avoiding frequent changes to the interface.""The mobile app support for Android and iOS is difficult and needs improvement.""The management and automation of the cloud apps have room for improvement.""The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging.""There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial.""Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."

More Microsoft Defender XDR Cons →

"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details.""The dashboards are all legacy and old.""IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.""I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft.""Technical support is good, but not great.""The whole process for support is something that needs to be improved.""The released patch quality is poor. IBM should test those patches on their side, not on the client's side.""Whenever we are upgrading or installing any type of patch, at that time we have some delays."

More IBM Security QRadar Cons →

"The cloud version is lacking and not up to par.""It would be helpful if there were more guidance provided for integrating with unsupported devices.""The UI could be improved a little bit.""What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product.""It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved.""LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users.""The search feature needs to be improved.""The product could be user-friendly for someone who doesn’t have any prior experience working with it."

More LogRhythm UEBA Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

    • More Microsoft Defender XDR Pricing and Cost Advice →

  • "found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
  • "Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
  • "Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
  • "It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
  • "The maintenance costs are high."
  • "Pricing (based on EPS) will be more accurate."

    • More IBM Security QRadar Pricing and Cost Advice →

  • "Licensing is on a yearly basis. It's not expensive compared to its competitors."
  • "The pricing is nice when compared to other products in the industry."
  • "As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
  • "It is quite a budget-friendly product."
  • "LogRhythm UEBA's pricing is affordable for small and medium businesses."
  • "I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."

    • More LogRhythm UEBA Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which User Entity Behavior Analytics (UEBA) solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Qradar vs. ArcSight
    Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM players and have made themselves relevant in the SIEM market. We have worked on both the products and feel that this comparison is a good way to start the discussion rolling on features of both the products and how they approach the problem of Security Information & Event Management. Okay, let’s get started!!! ArcSight vs QRadar Subject ArcSight QRadar Product Birth Year 2000, ArcSight SIEM came into the market and incidentally this was the only product they have worked on. In 2011 HP bought them Year 2004-2005, Q1 Labs entered into the SIEM market modifying their NBAD platform (QFLOW) and in 2012, IBM bought them. Logging Format CEF – Common Event Format LEEF – Log Event Extended Format Underlying DB Oracle till 2012, then combination of MySQL, PSQL etc. Proprietary based on Ariel Data store and probably Annotation Query Language (AQL) Vendor Support ArcSight supports more than 400 vendors with their CEF certification program QRadar supports more than 250 vendors with their LEEF certification program Portfolio Log Correlation – HP ArcSight ESM Log Management – HP ArcSight Logger Identity… Read more →
    Questions from the Community
    What do you like most about Microsoft 365 Defender?
    Top Answer:Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and… more »
    Read all 41 answers   →
    What is your experience regarding pricing and costs for Microsoft 365 Def...
    Top Answer:Microsoft Defender XDR is expensive, especially for the full suite functionality. However, when compared to buying… more »
    Read all 31 answers   →
    What needs improvement with Microsoft 365 Defender?
    Top Answer:Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR. Additionally… more »
    Read all 40 answers   →
    What are the biggest differences between Securonix UEBA, Exabeam, and IBM...
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Read all 2 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Read all 12 answers   →
    What do you like most about IBM QRadar?
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Read all 88 answers   →
    What do you like most about LogRhythm UserXDR?
    Top Answer:The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective… more »
    Read all 6 answers   →
    What is your experience regarding pricing and costs for LogRhythm UserXDR?
    Top Answer:I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional… more »
    Read all 5 answers   →
    What needs improvement with LogRhythm UserXDR?
    Top Answer:The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use… more »
    Read all 6 answers   →
    Comparisons
    Also Known As
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    LogRhythm UserXDR, LogRhythm Enterprise UEBA
    Learn More
    Microsoft
    IBM
    LogRhythm
    Overview

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    LogRhythm UEBA enables your security team to quickly and effectively detect, respond to, and neutralize both known and unknown threats. Providing evidence-based starting points for investigation, it employs a combination of scenario analytics techniques (e.g., statistical analysis, rate analysis, trend analysis, advanced correlation), and both supervised and unsupervised machine learning (ML).

    Sample Customers
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company16%
    Manufacturing Company16%
    Financial Services Firm12%
    Government9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Comms Service Provider10%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization19%
    Computer Software Company15%
    Financial Services Firm10%
    Government6%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Manufacturing Company8%
    Government8%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise24%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise56%
    REVIEWERS
    Small Business39%
    Midsize Enterprise15%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise30%
    Large Enterprise49%
    REVIEWERS
    Small Business40%
    Midsize Enterprise30%
    Large Enterprise30%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise14%
    Large Enterprise63%
    Buyer's Guide
    IBM Security QRadar vs. LogRhythm UEBA
    May 2024
    Free Report: IBM Security QRadar vs. LogRhythm UEBA
    Find out what your peers are saying about IBM Security QRadar vs. LogRhythm UEBA and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while LogRhythm UEBA is ranked 12th in User Entity Behavior Analytics (UEBA) with 10 reviews. IBM Security QRadar is rated 8.0, while LogRhythm UEBA is rated 7.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Microsoft Purview Insider Risk Management and Splunk User Behavior Analytics. See our IBM Security QRadar vs. LogRhythm UEBA report.

    See our list of best User Entity Behavior Analytics (UEBA) vendors and best Extended Detection and Response (XDR) vendors.

    We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.