We performed a comparison between IBM Security QRadar and Cynet based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Cynet offers strong ransomware protection and an intuitive interface. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Cynet needs to expand device support and add customization options. Users suggest improving network monitoring and strengthening integration with other tools.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Cynet's customer service is consistently lauded for its excellence. They have a dedicated support team that is available round the clock, and they also have a contingency plan for urgent incidents.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Cynet’s setup is highly efficient, with the ability to configure thousands of devices quickly.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Customers generally think Cynet is affordable and a good value for its features.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Cynet yields an excellent ROI by preventing cyberattacks and safeguarding sensitive data.
Comparison Results: Our users prefer IBM Security QRadar over Cynet. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The threat intelligence is excellent."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The visibility it gives is excellent."
"This solution requires less management and is very easy to use."
"A reliable security system that automatically quarantines anything suspicious."
"I like the Cynet Correlator™ feature."
"Cynet is unique in that it has almost everything included and it was built up from the ground, instead of a bundle of purchased and composed modules. It gives you easier very good visibility than Sentinel One as well as a lower maintenance burden."
"It is a very stable solution...It is a very scalable solution...The initial setup of Cynet was easy."
"The level of automation is very good because the majority of the time, it blocks the attacks without requiring anything from our side. The technicians don't have to do anything. They are just alerted about what happened. So, the user intelligence works quite well."
"I like that you can implement it in the managed service portfolio."
"The rule engine is very easy to use — very flexible."
"The visibility it gives you into your infrastructure has been great."
"It is very stable. We have not faced interruptions in the past four and a half years."
"The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log."
"Senses, tracks, and links significant incidents and threats."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"It helps us discover any threats with their alerts and tracking."
"The support team is not competent or responsive."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"I'd like to see more data loss prevention within the product."
"They have automated response capability, and they're moving more and more into SOAR capability. They have built-in deception technology with host-file users, phantoms, etc. We used to call them honeypots. So, they're on target. They're doing a really good job, and they should continue to improve with SOAR."
"I cannot provide more details about Cynet's automation features. While Cynet claims to be automated, the specifics of this automation are unclear. They claim to have a high capability to detect and block attacks, but I am cautious about companies that claim to solve every problem without limitations. It does help in identifying malware on the network but doesn't specifically identify vulnerabilities."
"Compliance reports need to improve."
"Its dashboard is not so good. On the dashboard, they don't show the count for client endpoints, which is a failure of this product. This count should be shown on the dashboard. I have 1,000 clients, but I can't see it anywhere on the dashboard."
"Sometimes, it is necessary for me to make important changes to a hard drive of a computer, and because Cynet does not allow me to do that, I have to go to the console and remove the computer from the security group just for Cynet. After that, I have to wait for 10 or 15 minutes for that to take effect. I would like to be able to disable Cynet locally. I shouldn’t have to go to the console to find the PC and then take it out of the group and then add it again to the group. I should locally be able to disable Cynet on a computer with a password or something like that, but it is currently not possible."
"The inability to add contact information inside the Cynet is also an issue because it makes things more complicated. I would like to have a simple feature to enter a contact name and number for the person taking care of that unit or that server."
"There are some shortcomings in Cynet's integration capabilities that need improvement."
"This solution is on-premise and many customers are moving to the cloud base solution."
"The solution lacks vendor support."
"The dashboards are all legacy and old."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"I have noticed the interface has room for improvement."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
Cynet is ranked 4th in User Entity Behavior Analytics (UEBA) with 35 reviews while IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews. Cynet is rated 8.8, while IBM Security QRadar is rated 8.0. The top reviewer of Cynet writes "Provides memory protection, device control, and vulnerability management". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Cynet is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, ESET Endpoint Protection Platform, Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our Cynet vs. IBM Security QRadar report.
See our list of best User Entity Behavior Analytics (UEBA) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.