We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The summarization of emails is a valuable feature."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"The stability of the solution is good."
"We've found the initial setup to be quite straightforward."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It's a state-of-the-art product for security information and event management (SIEM)."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"There are a lot of great out-of-the-box features included."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"Search capabilities are sufficient for most tasks."
"I have found IBM QRadar to be scalable."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The web filtering solution needs to be improved because currently, it is very simple."
"The price should be adjustable by region."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Just like in any solution, the price can always be cheaper."
"Their visuals and graphs need to be better."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"It could use maybe a little more on the Linux side."
"Better integration with third-party APMs would be really good."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"I would like to see the update process simplified."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"I would like to see some artificial intelligence and alternative solutions."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"I would like to see more integration in place after the security lock."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Sentinel. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.