IBM Security QRadar and Microsoft Defender XDR are complementary cybersecurity solutions that tackle security from different angles. QRadar is a Security Information and Event Management (SIEM) system that collects and analyzes diverse logs from various security tools and network devices. It is praised for its advanced threat detection capabilities, customizable dashboards, and seamless integration with other security tools. On the other hand, Defender XDR is an Extended Detection and Response (XDR) solution, praised for its robust security measures, incident response, and seamless integration with Microsoft products.
The summary above is based on 187 interviews we conducted recently with IBM Security QRadar and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The solution was relatively easy to deploy."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"It is stable and scalable."
"The stability is very good."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"The solution is quite flexible."
"No doubt about it, the solution is extremely stable."
"It helps us discover any threats with their alerts and tracking."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The summarization of emails is a valuable feature."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"I have found the ability to delete unwanted threats beneficial."
"Microsoft Defender XDR is scalable."
"Microsoft 365 Defender is a good solution and easy to use."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"We find the solution to be a bit expensive."
"Making the portal mobile friendly would be helpful when I am out of office."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"FortiEDR can be improved by providing more detailed reporting."
"Cannot be used on mobile devices with a secure connection."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The solution is not stable."
"We would like to see better instrumentation for debugging changes in the log flow."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"The dashboard is pathetic and it takes a long time to perform a search."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"Sometimes, configurations take much longer than expected."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"Stability could be improved by avoiding frequent changes to the interface."
"The web filtering solution needs to be improved because currently, it is very simple."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews while Microsoft Defender XDR is ranked 8th in Endpoint Detection and Response (EDR) with 76 reviews. IBM Security QRadar is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Secureworks Taegis XDR. See our IBM Security QRadar vs. Microsoft Defender XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.