We performed a comparison between IBM Resilient and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Log aggregation and data connectors are the most valuable features."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"IBM Resilient is scalable."
"As a whole, the product is stable...Technical support is very good."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The solution is reliable in our usage."
"Its flexibility is the most valuable."
"The solution is simple to use and to integrate with IBM QRadar."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The solution is flexible and easy to use."
"The solution is relatively easy to use."
"The event collector, flow collector, PCAP and SOAR are valuable."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"I have found IBM QRadar to be stable."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We'd like also a better ticketing system, which is older."
"I would like to see more AI used in processes."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The product must provide more integration with other tools."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"Its price needs improvement."
"IBM Resilient could integrate better with my tools."
"The response time of the support is an area of concern where improvements are required."
"The implementation could be a bit simpler."
"The integration could be improved so that it is easy to integrate with other solutions."
"The tool needs to improve its documentation on license scripts."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"GUI needs to be improved."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"The solution is clunky."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews. IBM Resilient is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and ThreatConnect Threat Intelligence Platform (TIP), whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM. See our IBM Resilient vs. IBM Security QRadar report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.