We performed a comparison between IBM Security QRadar and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The product is very easy to use."
"The most valuable feature is the network security."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"I have found its network traffic log, network bit log, and QBI most valuable."
"We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
"There are other third-party plugins that we can use."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"The solution's most valuable features are the graphical user interface and the reporting."
"The most valuable features are file activity monitoring and registry activity monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The tool's most valuable feature is server threat hunting."
"Good capability pinpointing specific cyber incidents."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"We should be able to use the product on devices like Apple, Linux, etc."
"Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"The user interface is a bit difficult to get used to."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"I would like to see a better GUI."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"IBM Security QRadar’s GUI could be improved."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The UI could be improved a little bit."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The cloud version is lacking and not up to par."
"The search feature needs to be improved."
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while LogRhythm UEBA is ranked 12th in User Entity Behavior Analytics (UEBA) with 10 reviews. IBM Security QRadar is rated 8.0, while LogRhythm UEBA is rated 7.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Microsoft Purview Insider Risk Management and Splunk User Behavior Analytics. See our IBM Security QRadar vs. LogRhythm UEBA report.
See our list of best User Entity Behavior Analytics (UEBA) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
