We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The UI-based analytics are excellent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The stability is good."
"There are a lot of great out-of-the-box features included."
"It is a scalable solution."
"The scalability is good."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"I think the QDI is very good."
"The detection rate is good and the false positive rate is low."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"It makes everything easier by automating some tasks and growing with our needs."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The tool is simple to use."
"The most valuable feature of Sentinel is the dashboard."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The playbook is a bit difficult and could be improved."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The reporting could be more structured."
"We'd like to see more connectors."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The advanced planning management (APM) features should be included."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
"The interface is very old. IBM should remake it into a more modern interface."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"I would like to see the update process simplified."
"The dashboard and customer view should be improved"
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"I rate Sentinel a six out of ten for scalability."
"I would like to see a better reporting work structure on the dashboard."
"The solution does not allow outsourced authorizations."
"There is no integration in the web-side of the tool."
"Log source integration with Sentinel needs to be improved."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger, whereas Sentinel is most compared with Splunk Enterprise Security, Wazuh, Google Chronicle Suite, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.