We compared IBM Security QRadar and Microsoft Sentinel based on our users' reviews across several parameters.
IBM Security QRadar is praised for its advanced threat detection, customizable dashboards, and integration capabilities, while users mention concerns about its complex interface and lack of flexibility. Microsoft Sentinel is highlighted for its affordability, intuitive interface, and automation options, with users mentioning the need for improved customization and integration features. Users find value in both products, with IBM Security QRadar focusing on comprehensive features and advanced threat detection, while Microsoft Sentinel offers affordability and streamlined incident response capabilities.
Features: IBM Security QRadar excels in customizable dashboards and seamless integration with security tools, offering real-time threat detection. Microsoft Sentinel stands out for its advanced threat visibility and streamlined incident response with machine learning capabilities.
Pricing and ROI: IBM Security QRadar has a higher setup cost, with some users mentioning the need for experienced personnel. Licensing is seen as complex but offers flexibility. Microsoft Sentinel has affordable, minimal setup costs and flexible, easy-to-understand licensing options. With comprehensive features and an intuitive interface, IBM Security QRadar offers great value in detecting and managing threats. Users highlighted its ability to streamline operations and improve security posture. Microsoft Sentinel users also praised its positive impact on organizations, noting benefits like improved security, reduced incident response time, and enhanced threat visibility. Despite some initial setup complexities, they appreciate its ease of use and integration with other Microsoft products.
Room for Improvement: IBM Security QRadar could improve user interface intuitiveness, performance speed, customization flexibility, and support resources. Microsoft Sentinel users seek better platform usability, customization options, integration with other tools, enhanced reporting, and improved documentation.
Deployment and customer support: Users found IBM Security QRadar quicker to deploy and set up compared to Microsoft Sentinel, which, although quicker to deploy, had a more complex setup process, according to some users. IBM Security QRadar's highly knowledgeable and responsive customer service provides prompt assistance. Microsoft Sentinel's customer service is praised for its effectiveness and quick issue resolution, creating positive user experiences.
The summary above is based on 144 interviews we conducted recently with IBM Security QRadar and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The most valuable feature currently is security behaviors and the pdf files."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"The pre-canned rules and reports in this product are a huge plus."
"The most valuable feature is the searching capability and real-time operational use."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The initial setup is very simple and straightforward."
"It's pretty powerful and its performance is pretty good."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"They should provide more manual examples online so that I can learn it myself."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"I would like the rule creation interface to be much more user-friendly in the next release."
"There needs to be better integration with other applications."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"Dashboards and reports could provide better visualization of SIEM activity."
"Each module requires a separate license and a separate cost."
"For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Sentinel's reporting is complex and can be more user-friendly."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. IBM Security QRadar is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Microsoft Sentinel is most compared with AWS Security Hub, Microsoft Defender for Cloud, Splunk Enterprise Security, Elastic Security and Wazuh. See our IBM Security QRadar vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.