We performed a comparison between IBM Security QRadar and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Small or medium-sized companies generally find LogRhythm SIEM's setup to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Our users prefer LogRhythm SIEM over IBM QRadar. Users value LogRhythm SIEM for its seamless integration, effective log correlation, and efficient event filtering. LogRhythm SIEM yields a solid return on investment and offers stellar customer service. Customers find LogRhythm SIEM's pricing and licensing competitive, making it a more affordable option for those with budget constraints.
"We have no complaints about the features or functionality."
"It's pretty powerful and its performance is pretty good."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"The UBA feature is the most valuable because you can see everything about users' activities."
"The pre-canned rules and reports in this product are a huge plus."
"IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot."
"It seems like it will scale easily with the way our environment is set up."
"I find LogRhythm's log management capabilities to be beneficial."
"Technical support has always been helpful."
"AXON has the ability to add and compare use cases."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"It allows us to automate a lot of things with a smaller team."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"I would like to see more AI used in processes."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The solution could be more user-friendly; some query languages are required to operate it."
"We are invoiced according to the amount of data generated within each log."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Dashboards and reports could provide better visualization of SIEM activity."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"Each module requires a separate license and a separate cost."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"The solution lacks some maturity."
"Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that."
"I think that the search speed of this solution could be improved."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. IBM Security QRadar is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, Fortinet FortiSIEM and Sentinel, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM, LogRhythm Axon and Elastic Security. See our IBM Security QRadar vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.