We performed a comparison between IBM Security QRadar and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. CrowdStrike Falcon is praised for its machine-learning capabilities, optimal resource utilization, and precise threat detection. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Our users prefer IBM Security QRadar over CrowdStrike Falcon. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"I have found the ability to delete unwanted threats beneficial."
"The most valuable aspect is undoubtedly the exploration capability"
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"I like the vulnerability assessment and proactive hunting features of CrowdStrike Falcon."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"The solution is silent and sits on your system as one single agent."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"The features I like the most are the response time and the dashboard are both excellent."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"This solution has made the lives of the IT staff much easier, compared to the previous one."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"I have found IBM QRadar to be stable."
"One of the most valuable features of this solution is it has very good data correlation."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"The initial setup is not complex or difficult."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The management and automation of the cloud apps have room for improvement."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The detection time has room for improvement."
"We sometimes get false positives."
"Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"
"The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders."
"There is room for improvement in managing multiple customer IDs."
"The pricing is a bit too high."
"The current database schema presents challenges and has potential for improvement."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"Some of the cloud apps need improvement."
"I would like the rule creation interface to be much more user-friendly in the next release."
"The user interface is a bit difficult to get used to."
"It would be good if the program allowed certain profiles to only see certain customer information."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"Its architecture is very complicated."
"The quoting and the dashboard session could be improved. It should be more user-friendly."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 106 reviews while IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews. CrowdStrike Falcon is rated 8.8, while IBM Security QRadar is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our CrowdStrike Falcon vs. IBM Security QRadar report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.