We performed a comparison between IBM Security QRadar and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Small or medium-sized companies generally find LogRhythm SIEM's setup to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Our users prefer LogRhythm SIEM over IBM QRadar. Users value LogRhythm SIEM for its seamless integration, effective log correlation, and efficient event filtering. LogRhythm SIEM yields a solid return on investment and offers stellar customer service. Customers find LogRhythm SIEM's pricing and licensing competitive, making it a more affordable option for those with budget constraints.
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The features that stand out are the detection engine and its integration with multiple data sources."
"We have no complaints about the features or functionality."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The Log analytics are useful."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"We've found the technical support to be very good."
"Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score."
"It is very stable. We have not faced interruptions in the past four and a half years."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"It seems like it will scale easily with the way our environment is set up."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"Their customer support is friendly and willing to help."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"It allows us to automate a lot of things with a smaller team."
"Provides visibility into the network."
"I think the number one area of improvement for Sentinel would be the cost."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"There is room for improvement in entity behavior and the integration site."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"One key area that can be improved is by building a strong integration with our XDR platform."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"IBM is going through some problems with its resources currently making its support response time slow."
"There are reports that I would like to generate that are either not included, or I cannot find."
"The product needs to improve its GUI."
"IBM QRadar could improve the plugins and threat detection."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"I would like to see some artificial intelligence and alternative solutions."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
"I would like to suggest that they should improve their usage of third party tools for making dashboards and reports. If they would create their own tools for dashboard and report, it would be much better in terms of security purposes."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"We've had issues with scaling and local support."
"The responses provided by the cloud team are inefficient."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. IBM Security QRadar is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, Fortinet FortiSIEM and Sentinel, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM, LogRhythm Axon and Elastic Security. See our IBM Security QRadar vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.