We performed a comparison between IBM Security QRadar and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Small or medium-sized companies generally find LogRhythm SIEM's setup to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Our users prefer LogRhythm SIEM over IBM QRadar. Users value LogRhythm SIEM for its seamless integration, effective log correlation, and efficient event filtering. LogRhythm SIEM yields a solid return on investment and offers stellar customer service. Customers find LogRhythm SIEM's pricing and licensing competitive, making it a more affordable option for those with budget constraints.
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It's pretty powerful and its performance is pretty good."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"It is a very good SIEM."
"I have found IBM QRadar to be stable."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"This solution has excellent security analytics."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"I think the QDI is very good."
"It is a scalable solution."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"I like LogRhythm's ease of use. The solution has improved compared to previous versions. It had many issues before, like integration, the console, creating reports, false positives, etc. The AI engine has made it stronger in the latest version."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"The most valuable feature is that we can alternate incident automations."
"NextGen SIEM's best feature is how it presents logs."
"It's positively affected our overall rate of efficiency."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"This solution is on-premise and many customers are moving to the cloud base solution."
"The user interface is a bit difficult to get used to."
"There could be better integration with the solution."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"While the interface is easy to use, it could be a little more responsive."
"The implementation and configuration are not easy."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"Integration could be better. They should make it easy to integrate with other solutions."
"Move it to Linux. I would like to see it get off the SQL Server."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. IBM Security QRadar is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, Fortinet FortiSIEM and Sentinel, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM, LogRhythm Axon and Elastic Security. See our IBM Security QRadar vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.