We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The initial setup is not complex or difficult."
"The most valuable aspect of the solution is the integration capabilities on offer."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"Overall a great solution."
"Most of the features are good. It is an excellent solution."
"The scalability is good."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"The tool is simple to use."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature of Sentinel is the dashboard."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The troubleshooting has room for improvement."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"One key area that can be improved is by building a strong integration with our XDR platform."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"IBM needs to invest more into the collaboration with other vendors."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"I would like to see a better reporting work structure on the dashboard."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"The dashboard and customer view should be improved"
"The solution does not allow outsourced authorizations."
"Log source integration with Sentinel needs to be improved."
"There is no integration in the web-side of the tool."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger, whereas Sentinel is most compared with Splunk Enterprise Security, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.