We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"Microsoft Defender XDR is scalable."
"It has great stability."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"It's very stable and reliable."
"It's simple and easy to use."
"We've found the initial setup to be quite straightforward."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"I like the indexing of the logs."
"This solution provides me with various alarms, and I have found security issues with some of my other products."
"I have found IBM QRadar to be stable."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"Improves visibility and has a great new dashboard."
"The timeline and machine learning features are great."
"The monitoring and dashboards are great."
"The initial setup is not complex or difficult."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"It could use maybe a little more on the Linux side."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Sometimes, the solution isn't the easiest to use."
"Their visuals and graphs need to be better."
"Better integration with third-party APMs would be really good."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"The solution could improve by having more out-of-the-box use cases."
"The AQL queries could be better."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
Elastic Security is ranked 5th in Log Management with 58 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiSIEM. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.