We performed a comparison between IBM Security QRadar and Sophos MDR based on real PeerSpot user reviews.
Find out in this report how the two Managed Detection and Response (MDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to."
"The most valuable feature is reviewing tickets and the notes added by technicians."
"Binary Defense has a human service department that provides live monitoring for our systems."
"Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done."
"Among the valuable features are the agent, continuous reporting, and dashboard. It has all the features we need and we haven't had to customize it, other than turning on certain features that we wanted."
"The most valuable features are the SIEM and the ticketing function; the latter is very smooth and easy to read and understand. We don't have any issues looking at the ticketing information when we're trying to identify what's going on."
"The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"One of the main benefits of Binary Defense MDR is the ability to easily meet with their support team to discuss any issues we encounter."
"The initial setup is not complex or difficult."
"The flexibility is good in terms of pulling log files."
"The UBA feature is the most valuable because you can see everything about users' activities."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"Vulnerability data, network data and the like, are part of correlation and detection."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"There are other third-party plugins that we can use."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"The most valuable feature of the Sophos Managed Threat Response is the central management capabilities and monitoring."
"The product gives us good visibility into what is happening inside the company."
"The product's most valuable feature is its ability to view environmental activities."
"The product’s most valuable features are integration and endpoint protection."
"The most valuable feature is the ability to integrate multiple functions into a single dashboard regardless of the vendors being integrated."
"The user doesn't need a technician; it offers 24/7 support to identify and manage your infrastructure and take complete care of any technological incidents."
"The authentication it offers minimizes the risk of access."
"The product’s most valuable feature is rapid response."
"The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English."
"I would like to see more frequent check-ins with our security status."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR."
"We found a couple of bugs in the user interface."
"If I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today."
"The current reporting system could benefit from improvement."
"Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine."
"I would like to see more integration in place after the security lock."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"The initial setup was complex, and it took six months."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"I need a solution which will send alerts in the event of any behavior."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"Threat intelligence is an area for improvement for MDR."
"Sophos MDR’s pricing is the biggest factor that needs improvement per customers and technical professionals."
"Sophos MDR lacks integration with MDM solutions."
"The product's pricing could be less expensive."
"Once in a great while, an update fails."
"They should improve XDR and threat protection capabilities for zero-day attacks."
"Its technical support could be better."
"It could be more secure."
IBM Security QRadar is ranked 10th in Managed Detection and Response (MDR) with 198 reviews while Sophos MDR is ranked 5th in Managed Detection and Response (MDR) with 22 reviews. IBM Security QRadar is rated 8.0, while Sophos MDR is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sophos MDR writes "Proactive protection, scalability, and cloud-based efficiency". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas Sophos MDR is most compared with CrowdStrike Falcon Complete, SentinelOne Vigilance, Arctic Wolf Managed Detection and Response, Trend Micro Managed XDR and Bitdefender MDR. See our IBM Security QRadar vs. Sophos MDR report.
See our list of best Managed Detection and Response (MDR) vendors.
We monitor all Managed Detection and Response (MDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.