IBM Security QRadar and Microsoft Defender XDR are complementary cybersecurity solutions that tackle security from different angles. QRadar is a Security Information and Event Management (SIEM) system that collects and analyzes diverse logs from various security tools and network devices. It is praised for its advanced threat detection capabilities, customizable dashboards, and seamless integration with other security tools. On the other hand, Defender XDR is an Extended Detection and Response (XDR) solution, praised for its robust security measures, incident response, and seamless integration with Microsoft products.
The summary above is based on 187 interviews we conducted recently with IBM Security QRadar and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"The setup is pretty simple."
"Ability to get forensics details and also memory exfiltration."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The solution was relatively easy to deploy."
"It is stable and scalable."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The product's initial setup phase is very easy."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The solution is relatively easy to use."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"It has very rich functionality."
"I have found IBM QRadar to be scalable."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"I have found visibility very helpful for analytics."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"Microsoft 365 Defender is a stable solution."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The integration, visibility, vulnerability management, and device identification are valuable."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"FortiEDR can be improved by providing more detailed reporting."
"I haven't seen the use of AI in the solution."
"The dashboard isn't easy to access and manage."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"ZTNA can improve latency."
"Detections could be improved."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"IBM technical support is always terrible."
"While the interface is easy to use, it could be a little more responsive."
"In a future release, the solution could provide malware analysis."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The support team is not competent or responsive."
"Advanced attacks could use an improvement."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The tool gives inconsistent answers and crashes a lot."
"The data recovery and backup could be improved."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
IBM Security QRadar is ranked 11th in Extended Detection and Response (XDR) with 198 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. IBM Security QRadar is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our IBM Security QRadar vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.