We performed a comparison between IBM Security QRadar and Sophos MDR based on real PeerSpot user reviews.
Find out in this report how the two Managed Detection and Response (MDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"The most valuable feature is reviewing tickets and the notes added by technicians."
"The speed at which their services are reactive is valuable. Nowadays, when a threat hits an endpoint, you've got minutes, not hours or days. Their average response time is about four minutes on an alert. For anything that needs to be sent to us, it's about fourteen minutes, which is pretty good. They're the third SOC that I've used in fifteen years. By far, they are the quickest ones to act. When you're looking at prevention, that's a key factor."
"Among the valuable features are the agent, continuous reporting, and dashboard. It has all the features we need and we haven't had to customize it, other than turning on certain features that we wanted."
"The case interface is Binary Defense MDR's most valuable feature."
"With Binary Defense, we don't just get an alert, but also a detailed rundown of why they're alerting us on it. They tell us what was executed, or the username, script, or IP. That way, we're not wasting time investigating."
"The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed."
"The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"Technical support is good overall."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"We are using the platform version, which I like."
"I have found IBM QRadar to be stable."
"Sophos MTR will stop the threat as it is happening. Intercept X, which is a part of it, has the ability to roll back, so the attack is undone. And then the advanced edition of MTR lets me handle the threat by talking on the phone. I don't have to deal with it. I don't have to just go through emails back and forth. We don't have to pay extra for Rapid Response services. If something is happening, they're right on top of it."
"The authentication it offers minimizes the risk of access."
"The most valuable feature is the ability to integrate multiple functions into a single dashboard regardless of the vendors being integrated."
"It is stable and scalable. It has good technical support."
"The most valuable feature is threat hunting."
"The product's most valuable feature is its ability to view environmental activities."
"The product as a whole is truly outstanding and it excels in detecting and responding to various types of cyberattacks."
"The tool's ability to work with security threats is competitive. The best part is monitoring and the way we receive automated emails and updates. When an issue arises, a ticket automatically gets raised, clearly outlining the necessary actions to be taken from our end."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine."
"I would like to get more reports from Binary Defense about what they're blocking."
"If I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today."
"The current reporting system could benefit from improvement."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine."
"It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The AQL queries could be better."
"The solution lacks some maturity."
"It would be good if the program allowed certain profiles to only see certain customer information."
"Integration could be better. They should make it easy to integrate with other solutions."
"There could be better integration with the solution."
"It is not app based."
"IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that."
"Multitenancy features of Sophos Managed Threat Response should be improved. You cannot use the solution for multiple clients."
"The solution is expensive for customers."
"The technical team for Sophos MDR is not so good since they take a long time, like a week, to provide a solution to a simple case or problem we face in our company."
"There is room for improvement in performance and upgrades."
"Threat intelligence is an area for improvement for MDR."
"Its technical support could be better."
"The only challenge we face with the tool is the pricing. Clients often compare it with other products in the market and try to negotiate prices. This concern has caused some challenges in closing deals. Otherwise, as a product, we have no worries."
"Sophos MDR’s pricing is the biggest factor that needs improvement per customers and technical professionals."
IBM Security QRadar is ranked 10th in Managed Detection and Response (MDR) with 198 reviews while Sophos MDR is ranked 5th in Managed Detection and Response (MDR) with 22 reviews. IBM Security QRadar is rated 8.0, while Sophos MDR is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sophos MDR writes "Proactive protection, scalability, and cloud-based efficiency". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas Sophos MDR is most compared with CrowdStrike Falcon Complete, SentinelOne Vigilance, Arctic Wolf Managed Detection and Response, Trend Micro Managed XDR and Bitdefender MDR. See our IBM Security QRadar vs. Sophos MDR report.
See our list of best Managed Detection and Response (MDR) vendors.
We monitor all Managed Detection and Response (MDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.