Likelihood to Recommend QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Read full review I would say, where it's well suited as certainly any device where you know that either you're potentially running a Kickstarter device as your own personal unit, but maybe you want to try to connect it to some resource like, "Hey, you know what? This is a small community device. Maybe I'll try connecting my email on the go." You're protected from that perspective with the vendor, even if it's something that might be a bit suspicious from a hardware perspective. There's also the case where any device that you know are running Defender for endpoint that you're good to go. You don't really have to worry about all the other solutions out there because Defender has recovered.
Read full review Pros Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action. Facilitates security incident investigation and forensic analysis. Provides a real-time view of security events, enabling immediate incident response. Can integrate with external threat intelligence sources to enrich data and improve threat detection. Enables the generation of detailed and customized reports. Read full review It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded. Read full review Cons Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources. While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete. IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting. Read full review While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself. Read full review Likelihood to Renew With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review Usability A very special system to use without problems, the process is very genuine and does not require complicated procedures.
Read full review Support Rating Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
Read full review Alternatives Considered IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.
Read full review Tenable Security Center was a fantastic exposure detection tool but there was always a lag and servers would hang alot when being scanned causing resource traffic. Microsoft Defender for Endpoint on the other hand does not use up most resources soo there is usually noo lag during scanning and it also provide more detailed insights on the network. Also Microsoft Defender for Endpoint integration power has helped us up our security game by delivering a smooth secure network.
Read full review Return on Investment Offense investigation was really helped in tackling the incidents. It was accurate and brief The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database Read full review Positive : Microsoft Defender for Endpoint offers sophisticated threat detection and response capabilities, putting it into use helps increase security. Reduced security incidents, data breaches, and related expenses may arise from this. Positive : A more secure environment means less time and effort spent by IT and security teams on remediation and incident response. False Positives: Like any security solution, false positives can occur, leading to unnecessary investigations and potential disruptions to business operations. This may require additional resources to manage. Read full review ScreenShots IBM Security QRadar SIEM Screenshots Microsoft Defender for Endpoint Screenshots