We performed a comparison between IBM Security QRadar and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The machine learning and artificial intelligence on offer are great."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"The product has plenty of features and capabilities."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"It's built around Red Hat Linux, which is highly robust."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"The solution is quite flexible."
"The timeline and machine learning features are great."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"It helps a lot because we can troubleshoot issues pretty easily."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The solution is quite stable."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The AI capabilities must be improved."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"The solution can be improved by lowering the cost and bettering their technical support."
"Pricing model could be more cost-effective."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"The implementation and configuration are not easy."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"The integration with multiple sources could be better."
"Sumo Logic needs to make sure integrating solutions are seamless."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"The initial setup is the most stressful, like learning how to use it."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while Sumo Logic Security is ranked 20th in Log Management with 18 reviews. IBM Security QRadar is rated 8.0, while Sumo Logic Security is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Grafana Loki. See our IBM Security QRadar vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.