We performed a comparison between IBM Security QRadar and Sophos MDR based on real PeerSpot user reviews.
Find out in this report how the two Managed Detection and Response (MDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."With Binary Defense, we don't just get an alert, but also a detailed rundown of why they're alerting us on it. They tell us what was executed, or the username, script, or IP. That way, we're not wasting time investigating."
"The most valuable features are the SIEM and the ticketing function; the latter is very smooth and easy to read and understand. We don't have any issues looking at the ticketing information when we're trying to identify what's going on."
"The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to."
"The most valuable feature is reviewing tickets and the notes added by technicians."
"The most valuable part of Binary Defense is its team of cybersecurity analysts. Their analysts filter out the noise and only forward the critical threats that require a response instead of false positives."
"The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"The speed at which their services are reactive is valuable. Nowadays, when a threat hits an endpoint, you've got minutes, not hours or days. Their average response time is about four minutes on an alert. For anything that needs to be sent to us, it's about fourteen minutes, which is pretty good. They're the third SOC that I've used in fifteen years. By far, they are the quickest ones to act. When you're looking at prevention, that's a key factor."
"One of the main benefits of Binary Defense MDR is the ability to easily meet with their support team to discuss any issues we encounter."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"It's user-friendly when compared to other products."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It'll get you from point A to B."
"We are using the platform version, which I like."
"We've found the technical support to be very good."
"The tool's ability to work with security threats is competitive. The best part is monitoring and the way we receive automated emails and updates. When an issue arises, a ticket automatically gets raised, clearly outlining the necessary actions to be taken from our end."
"The most valuable feature is threat hunting."
"I like Sophos MDR's inbuilt feature for DLP (Data Loss Prevention)."
"It is a stable solution...It is a scalable solution."
"The authentication it offers minimizes the risk of access."
"The product’s most valuable feature is ease of use."
"The most valuable feature is the ability to integrate multiple functions into a single dashboard regardless of the vendors being integrated."
"The product gives us good visibility into what is happening inside the company."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"If I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today."
"We found a couple of bugs in the user interface."
"I would like to get more reports from Binary Defense about what they're blocking."
"The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English."
"We found that an earlier version of the agent had high memory usage and that was a bit concerning, but we raised the concern with their support team and they immediately replied that they had noticed the same thing and had a candidate fix already available... it totally fixed the issue."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"We would like to see better instrumentation for debugging changes in the log flow."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"The solution is expensive compared to other products."
"The reports should be more comprehensive and easier to organize."
"The product's pricing could be less expensive."
"The only challenge we face with the tool is the pricing. Clients often compare it with other products in the market and try to negotiate prices. This concern has caused some challenges in closing deals. Otherwise, as a product, we have no worries."
"There is room for improvement in performance and upgrades."
"Once in a great while, an update fails."
"Multitenancy features of Sophos Managed Threat Response should be improved. You cannot use the solution for multiple clients."
"Sophos MDR lacks integration with MDM solutions."
"They should improve XDR and threat protection capabilities for zero-day attacks."
IBM Security QRadar is ranked 10th in Managed Detection and Response (MDR) with 198 reviews while Sophos MDR is ranked 5th in Managed Detection and Response (MDR) with 22 reviews. IBM Security QRadar is rated 8.0, while Sophos MDR is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sophos MDR writes "Proactive protection, scalability, and cloud-based efficiency". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas Sophos MDR is most compared with CrowdStrike Falcon Complete, SentinelOne Vigilance, Arctic Wolf Managed Detection and Response, Trend Micro Managed XDR and Bitdefender MDR. See our IBM Security QRadar vs. Sophos MDR report.
See our list of best Managed Detection and Response (MDR) vendors.
We monitor all Managed Detection and Response (MDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.