We performed a comparison between IBM Security QRadar and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. CrowdStrike Falcon is praised for its machine-learning capabilities, optimal resource utilization, and precise threat detection. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Our users prefer IBM Security QRadar over CrowdStrike Falcon. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The comprehensiveness of Microsoft's threat detection is good."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The EDR and XDR features have been most valuable."
"The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"It helps us discover any threats with their alerts and tracking."
"It allows us to search data both on-premises and on the cloud."
"The product can scale."
"I think the QDI is very good."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"The tool helps with infrastructure, application, and network monitoring."
"We can easily monitor many things using this tool."
"The threat hunting capabilities in general are great."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The web filtering solution needs to be improved because currently, it is very simple."
"The tool gives inconsistent answers and crashes a lot."
"They don't really have anything when it comes to scanning attachments."
"They respond quickly on the weekdays, but the weekend response times are slower."
"This solution could be improved with greater scope for admins to make changes to the solution."
"CrowdStrike should add support for ransomware protection."
"The support for different OS versions needs improvement because sometimes due to business conditions, updating our OS is impossible."
"As the company has grown, the technical support has felt less personal."
"Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool."
"The solution lacks vendor support."
"The interface is very old. IBM should remake it into a more modern interface."
"There are reports that I would like to generate that are either not included, or I cannot find."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
"I need a solution which will send alerts in the event of any behavior."
"The solution should include remote action capabilities."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews. CrowdStrike Falcon is rated 8.8, while IBM Security QRadar is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our CrowdStrike Falcon vs. IBM Security QRadar report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.