We performed a comparison between IBM Security QRadar and Datadog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Datadog users like its customizable displays, error tracking, and advanced AI/ML capabilities. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. Datadog could enhance its usability and reduce its learning curve. Users said integration was another pain point.
Service and Support: Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses. While many users spoke highly of Datadog’s support team, others reported slow support, especially in the Asia-Pacific region.
Ease of Deployment: QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Datadog’s setup is considered straightforward, and users often receive help from a partner or vendor.
Pricing: QRadar can be costly because users need to buy new hardware to upgrade. Opinions about Datadog's price are divided. Some users found it costly, but others thought it was acceptable. Some said the pricing model could be clearer and better explained.
ROI: QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. Users said Datadog saved them time and improved visibility into security blind spots.
"It provides more cloud data. They tend to just get the way a service would be designed on the cloud."
"Sometimes it's more user friendly for development teams. There are some parts of Datadog that are more understandable for development teams. For example, the APM in Datadog works more manually and works like the tools in New Relic or Grafana, or Elastic. It is easier to understand for software development teams."
"We like the distributed tracing and flame graphs for debugging. This has been invaluable for us during periods of high traffic or red alert conditions."
"Even if we don't end up using Datadog, it revealed problems and optimizations to us that weren't obvious before."
"The integration into AWS is key as well as our software is currently bound to AWS."
"It has turned into an operational dashboard. If you felt something is going wrong, you can immediately open up Datadog. It has been our go to application because we know the answer will be there."
"The feature I have found most valuable is when I can reuse existing monitors and alerts for new dashboards."
"The most useful feature is the APM."
"Search capabilities are sufficient for most tasks."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The interface is good."
"It'll get you from point A to B."
"The most valuable feature is user behavior analytics (UBA)."
"The event collector, flow collector, PCAP and SOAR are valuable."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"Datadog is expensive."
"It would also be nice if we had more insight into our own usage of Datadog (agents and custom metrics). They provide a usage page which does help, but it is not in real-time."
"Auto instrumentation on tracing has not been very easy to find in the documentation."
"The incident management beta looks promising, but it is still missing the ability to automatically create incidents based on certain alerts."
"It can have a more modernized pricing mechanism. We're actually working with them to figure out how to become more modular and have a better and more modernized pricing mechanism. The issue with Datadog is that you have to buy the whole suite of different products, and you kind of get stuck in the old utilization of 40% of their suite. Most organizations today break down between application development, networking, and security. Therefore, there should be a way to break down different modules into just app dev, infosec, networking, etc. Customers have various needs across their business lines, and sometimes, they're just not willing to have tools that they're not using 100%. AppDynamics is probably a little bit better in terms of being modular."
"When I started using it years ago, it had stability problems. I remember, specifically, we ran everything in Docker containers. There were some problems getting it into a Docker container with very specific memory limits."
"Their security features could be improved. We looked at their Security Monitoring feature but it was early in its development. Datadog are just getting into the security space so I'm sure this will improve in the future."
"The documentation leaves a lot to be desired for new users."
"The advanced planning management (APM) features should be included."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"The whole process for support is something that needs to be improved."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
Datadog is ranked 3rd in Log Management with 137 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Datadog is rated 8.6, while IBM Security QRadar is rated 8.0. The top reviewer of Datadog writes "Very good RUM, synthetics, and infrastructure host maps". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Datadog is most compared with Dynatrace, Azure Monitor, New Relic, AWS X-Ray and Elastic Observability, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Google Chronicle Suite. See our Datadog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.