We performed a comparison between IBM Resilient and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The product can integrate with any device."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The solution is simple to use and to integrate with IBM QRadar."
"The most valuable thing about it is how easy it is to navigate the user interface."
"The solution is reliable in our usage."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The solution is easy to use."
"The product is very good at incident response."
"It is a stable solution...It is a scalable solution."
"This is a good solution that we recommend for customers."
"The most valuable feature is the integration with the GRD, for banking."
"It is the core of our entire SOX."
"I have found its network traffic log, network bit log, and QBI most valuable."
"Overall a great solution."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It can analyze event logs, event security, and give a good consult."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"There is room for improvement in entity behavior and the integration site."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"One key area that can be improved is by building a strong integration with our XDR platform."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"The product needs a bit more development."
"The implementation could be a bit simpler."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"IBM Resilient is quite complex, including its configuration."
"Its price needs improvement."
"The ability to analyze incidents needs to be improved in the solution."
"The tool needs to improve its documentation on license scripts."
"It's resource-intensive."
"For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"The technical support can be improved a little bit, and the price could be cheaper."
"The AQL queries could be better."
"I have noticed the interface has room for improvement."
"The user interface is a bit clunky, a bit hard to find what you need."
"I would like to see the update process simplified."
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews. IBM Resilient is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Cloud Pak for Security, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our IBM Resilient vs. IBM Security QRadar report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.