IBM Security QRadar and Microsoft Defender XDR are complementary cybersecurity solutions that tackle security from different angles. QRadar is a Security Information and Event Management (SIEM) system that collects and analyzes diverse logs from various security tools and network devices. It is praised for its advanced threat detection capabilities, customizable dashboards, and seamless integration with other security tools. On the other hand, Defender XDR is an Extended Detection and Response (XDR) solution, praised for its robust security measures, incident response, and seamless integration with Microsoft products.
The summary above is based on 187 interviews we conducted recently with IBM Security QRadar and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"The price is low and quite competitive with others."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The product's initial setup phase is very easy."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Ability to get forensics details and also memory exfiltration."
"The most valuable feature is the analysis, because of the beta structure."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"Customer service is very good and very helpful."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"Its most significant advantage lies in its affordability."
"The summarization of emails is a valuable feature."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"The integration between all the Defender products is the most valuable feature."
"Microsoft 365 Defender is a stable solution."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Making the portal mobile friendly would be helpful when I am out of office."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"ZTNA can improve latency."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The user interface is a bit clunky, a bit hard to find what you need."
"IBM is going through some problems with its resources currently making its support response time slow."
"The threat detection needs improvement, they have many false positives."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"From a functionality point of view there are issues sometimes."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
"The advanced planning management (APM) features should be included."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"The licensing is a nightmare and has room for improvement."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 79 reviews. IBM Security QRadar is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our IBM Security QRadar vs. Microsoft Defender XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.