We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The comprehensiveness of Microsoft's threat detection is good."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature is the machine learning capability."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"I like the indexing of the logs."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"It is the core of our entire SOX."
"The event collector, flow collector, PCAP and SOAR are valuable."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score."
"Integration is very easy and the reporting is good."
"I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"There could be a way to proactively monitor unusual activity ."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"Advanced attacks could use an improvement."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Sometimes, the solution isn't the easiest to use."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"This solution is very hard to implement."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"I would like to see the update process simplified."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"AI is superb but need improvements."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"The user interface is a bit clunky, a bit hard to find what you need."
"The interface is very old. IBM should remake it into a more modern interface."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
Elastic Security is ranked 5th in Log Management with 58 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiSIEM. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
