We compared IBM Security QRadar and Microsoft Sentinel based on our users' reviews across several parameters.
IBM Security QRadar is praised for its advanced threat detection, customizable dashboards, and integration capabilities, while users mention concerns about its complex interface and lack of flexibility. Microsoft Sentinel is highlighted for its affordability, intuitive interface, and automation options, with users mentioning the need for improved customization and integration features. Users find value in both products, with IBM Security QRadar focusing on comprehensive features and advanced threat detection, while Microsoft Sentinel offers affordability and streamlined incident response capabilities.
Features: IBM Security QRadar excels in customizable dashboards and seamless integration with security tools, offering real-time threat detection. Microsoft Sentinel stands out for its advanced threat visibility and streamlined incident response with machine learning capabilities.
Pricing and ROI: IBM Security QRadar has a higher setup cost, with some users mentioning the need for experienced personnel. Licensing is seen as complex but offers flexibility. Microsoft Sentinel has affordable, minimal setup costs and flexible, easy-to-understand licensing options. With comprehensive features and an intuitive interface, IBM Security QRadar offers great value in detecting and managing threats. Users highlighted its ability to streamline operations and improve security posture. Microsoft Sentinel users also praised its positive impact on organizations, noting benefits like improved security, reduced incident response time, and enhanced threat visibility. Despite some initial setup complexities, they appreciate its ease of use and integration with other Microsoft products.
Room for Improvement: IBM Security QRadar could improve user interface intuitiveness, performance speed, customization flexibility, and support resources. Microsoft Sentinel users seek better platform usability, customization options, integration with other tools, enhanced reporting, and improved documentation.
Deployment and customer support: Users found IBM Security QRadar quicker to deploy and set up compared to Microsoft Sentinel, which, although quicker to deploy, had a more complex setup process, according to some users. IBM Security QRadar's highly knowledgeable and responsive customer service provides prompt assistance. Microsoft Sentinel's customer service is praised for its effectiveness and quick issue resolution, creating positive user experiences.
The summary above is based on 144 interviews we conducted recently with IBM Security QRadar and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The scalability is good."
"The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"The stability is good."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"The most valuable feature is user behavior analytics (UBA)."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"One of the most valuable features of this solution is it has very good data correlation."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The automation feature is valuable."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The initial setup is very simple and straightforward."
"Free ingestion for Azure logs (with E5 licence)"
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"The initial setup was complex, and it took six months."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"The implementation and configuration are not easy."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The solution should allow for a streamlined CI/CD procedure."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. IBM Security QRadar is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Microsoft Sentinel is most compared with AWS Security Hub, Microsoft Defender for Cloud, Splunk Enterprise Security, Elastic Security and Wazuh. See our IBM Security QRadar vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.