We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"I have found the ability to delete unwanted threats beneficial."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"I like the indexing of the logs."
"It's simple and easy to use."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"It's open-source and free to use."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"It is a scalable solution."
"When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"It is the core of our entire SOX."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"I think it's a very stable product that provides much more visibility than the other product."
"The support could be more knowledgable to improve their offering."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The data recovery and backup could be improved."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"The solution's query building is not that intuitive compared to other solutions."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"GUI needs to be improved."
"Its architecture is very complicated."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"Some of the cloud apps need improvement."
"I would like to see some artificial intelligence and alternative solutions."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"The Indian tech support is not helpful."
Elastic Security is ranked 5th in Log Management with 58 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiSIEM. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
