We performed a comparison between Google Chronicle Suite and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The tool's most valuable feature is the search option, allowing easy navigation."
"The support team is responsive."
"Google Chronicle Suite provides useful APIs."
"The log folder is fairly simple."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The detection rate is good and the false positive rate is low."
"Most of the features are good. It is an excellent solution."
"It has improved my efficiency."
"Vulnerability data, network data and the like, are part of correlation and detection."
"Customer service is very good and very helpful."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The reporting could be more structured."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The solution should allow for a streamlined CI/CD procedure."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"In terms of improvement, the UI can be a bit challenging for beginners."
"A few areas are difficult to understand for someone who has less experience using the product."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The configuration is not optimal."
"The solution's graphical user interface (GUI) should be more user-friendly."
"IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others."
"The user interface needs improvement."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"The IBM support can be better."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"It is not app based."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Google Chronicle Suite is rated 7.8, while IBM Security QRadar is rated 8.0. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, Elastic Security and Rapid7 InsightIDR, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Google Chronicle Suite vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
