Elastic Security vs. IBM Security QRadar SIEM

Elastic Security

IBM Security QRadar SIEM

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Elastic Security	Score 8.8 out of 10	N/A	Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic Endpoint Security based on the former Endgame security product acquired by Elastic in late 2019) brings signatureless malware prevention to endpoints, as well as security data collection for…	N/A
IBM Security QRadar SIEM	Score 8.7 out of 10	N/A	IBM Security QRadar is security information and event management (SIEM) Software.	N/A

Pricing

Elastic Security

IBM Security QRadar SIEM

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Elastic Security	IBM Security QRadar SIEM
Free Trial
No	Yes
Free/Freemium Version
No	No
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Pricing Info

Community Pulse
	Elastic Security	IBM Security QRadar SIEM
Top Pros	Pro Easy to administer	Pro Easy to use Pro Real time Pro Log sources
Top Cons	Minus Able to edit Minus Automation features	Minus Third party Minus Ease of use Minus Pricing model

Features

Elastic Security

IBM Security QRadar SIEM

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Elastic Security - Ratings	IBM Security QRadar SIEM 8.7 60 Ratings 11% above category average
Centralized event and log data collection	00 Ratings	9.927 Ratings
Correlation	00 Ratings	8.960 Ratings
Event and log normalization/management	00 Ratings	9.527 Ratings
Deployment flexibility	00 Ratings	7.927 Ratings
Integration with Identity and Access Management Tools	00 Ratings	8.456 Ratings
Custom dashboards and workspaces	00 Ratings	7.660 Ratings
Host and network-based intrusion detection	00 Ratings	9.625 Ratings
Data integration/API management	00 Ratings	9.07 Ratings
Behavioral analytics and baselining	00 Ratings	8.339 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	9.240 Ratings
Response orchestration and automation	00 Ratings	7.75 Ratings
Reporting and compliance management	00 Ratings	7.838 Ratings
Incident indexing/searching	00 Ratings	8.97 Ratings

Best Alternatives
	Elastic Security	IBM Security QRadar SIEM
Small Businesses	AlienVault USM Score 8.0 out of 10	AlienVault USM Score 8.0 out of 10
Medium-sized Companies	Splunk Enterprise Score 8.4 out of 10	Splunk Enterprise Score 8.4 out of 10
Enterprises	Microsoft Sentinel Score 8.4 out of 10	Microsoft Sentinel Score 8.4 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Elastic Security	IBM Security QRadar SIEM
Likelihood to Recommend	9.0 (1 ratings)	8.7 (81 ratings)
Likelihood to Renew	- (0 ratings)	9.1 (3 ratings)
Usability	- (0 ratings)	9.1 (1 ratings)
Support Rating	7.0 (1 ratings)	8.6 (55 ratings)
Ease of integration	- (0 ratings)	8.3 (51 ratings)

User Testimonials
	Elastic Security	IBM Security QRadar SIEM
Likelihood to Recommend	Elastic I believe Endgame is well suited to organizations that have their own Cybersecurity department. Its not well suited for organizations that don't have a Cybersecurity department. Incentivized Verified User Anonymous Read full review	IBM QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain. Incentivized Verified User Anonymous Read full review
Pros	Elastic Identify 0-day malware. Provides a few forensic details on endpoints. Very easy to administer. Incentivized Verified User Anonymous Read full review	IBM Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action. Facilitates security incident investigation and forensic analysis. Provides a real-time view of security events, enabling immediate incident response. Can integrate with external threat intelligence sources to enrich data and improve threat detection. Enables the generation of detailed and customized reports. Incentivized Brandon Lowry Cyber Security Specialist Read full review
Cons	Elastic I would love that it provided more memory analysis details. Being able to edit sensor profiles after creating them. I would love it if it provided more automation features. Incentivized Verified User Anonymous Read full review	IBM Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources. While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete. IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting. Incentivized NP Neel Patel Sr Cloud Architect Read full review
Likelihood to Renew	Elastic No answers on this topic	IBM With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software. Incentivized Paige Jenkins Senior Telecommunications Specialist Read full review
Usability	Elastic No answers on this topic	IBM A very special system to use without problems, the process is very genuine and does not require complicated procedures. Incentivized Paige Jenkins Senior Telecommunications Specialist Read full review
Support Rating	Elastic Even though their support is good, I think there are some areas where they need to provide more thorough solutions to issues, some of their solutions are pretty basic and have already been tried. Incentivized Verified User Anonymous Read full review	IBM Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm Incentivized Abhishek Kumar Assistant Manager Read full review
Alternatives Considered	Elastic Endgame is based on the MITRE framework which has proven to be a successful framework to identify various attack patterns that attackers use. Also, compared to the others it's easier to administer and manage. Incentivized Verified User Anonymous Read full review	IBM IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world. Incentivized Verified User Anonymous Read full review
Return on Investment	Elastic Being able to identify threats we couldn't identify before. Easier management of endpoints. Being able to immediately isolate endpoints remotely that have high severity threats. Incentivized Verified User Anonymous Read full review	IBM Offense investigation was really helped in tackling the incidents. It was accurate and brief The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database Incentivized Verified User Anonymous Read full review
ScreenShots