IBM Security® QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks.
N/A
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Pricing
IBM Security QRadar SOAR
Microsoft Sentinel
Editions & Modules
No answers on this topic
Azure Sentinel
$2.46
per GB ingested
100 GB per day
$123.00
per day
200 GB per day
$221.40
per day
300 GB per day
$319.80
per day
400 GB per day
$410.00
per day
500 GB per day
$492.00
per day
More than 500 GB per day
$492.00 + $98.40
per day/plus each additional 100 GB increment
Offerings
Pricing Offerings
IBM Security QRadar SOAR
Microsoft Sentinel
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
Usage-based pricing: This simple, scalable option allows starting small with an initial users and capabilities and scaling up as more users are added, as well as capabilities and data.
Enterprise-wide pricing: This option is based on either the size of the enterprise-wide IT infrastructure or the size and type of data sources being secured.
The elasticity of the IBM Security QRadar SOAR solution is what had driven us. We knew that the solution would require nurturing, training over the personnel but once the initial road blocks were destroyed, we went going faster. The other solutions lacked this elasticity, …
IBM QRadar SOAR integrates seamlessly with IBM’s QRadar SIEM, making it an excellent choice for organizations that already use IBM's security solutions. This tight integration offers an end-to-end experience in threat detection and response.
Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by Splunk SOAR, but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made …
I have been able to use other programs and IBM Security QRadar SOAR is able to show me what I was missing with the other programs. I would like to say it is the best that I have had the pleasure of using.
I have selected this since we are highly dependent on this tool for our applications in healthcare where 1600+ users are working across the world where we need a high level of security and actions to be taken when it is more vulnerable.
Compared to platforms such as Splunk, LogRhythm, and Devo, Microsoft Sentinel’s cloud‑native, consumption‑based pricing model and reduced infrastructure overhead tend to offer better overall cost efficiency. This is especially true for organizations already invested in the …
These are all the Microsoft products. We have used Splunk. And again, I would say Microsoft Sentinel stacks up because it's a native tool that is more like an ecosystem. It's not a standalone tool. It's like if you're in the Microsoft stack, Microsoft Sentinel will stack up …
Microsoft Sentinel gave us the opportunity to move to pay as you go model. This allows us to determine the value of a log source rather than paying a flat rate for data ingested or hosting a server ourself.
Most of our landscape, both on prem and cloude, is based in Microsoft technologies, while the unification of tools implies some risk, decreasing the vendor levels simplify integrations, and by scale, help us to reduce costs too. Yes, the tool itself is a good contender, but the …
They are for different use cases, field effect helps us monitor network traffic and decide what to do with it while Microsoft Defender Threat Intelligence allows more robust monitoring and control over 365 variables such as emails that come in and out and Entra ID information.
Microsoft Sentinel feels on another different level from these solutions , all in the cloud . No need for troubleshooting , deployment or upgrades. Constant updates from the vendor and good support
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and …
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. …
Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem.
Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good …
Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding.
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, …
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have Is …
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
IBM Security QRadar SOAR is particularly useful in guarding againt a phishing event. When a malware downloaded via a phishing email was detected, IBM Security QRadar SOAR was able to automate a response by isolating the infected device, blocking the malicious URL and removing the emails from all the user inbox based on hash signatures identified as attachment.
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
Increasing the severity of incidents when threats or outages happened and informing the IT team/management to take action. Our application is a .net one which is a legacy with SQL server. The number of times it is more vulnerable to threats and the action to be taken was identified using this tool.
Prior to using this tool, we were informed of threats by IBM customer support and we took action in around 2 to 3 hours to prevent using NOC team support. However, after we deployed this tool we were able to respond quickly based on the action plan provided along with threat level and severities.
Prior to deploying this tool, our incidents were provided by IBM customer support with no necessary information on the same. After this tool was installed in our organization, we were able to get the security alerts instantly and take action with the severity level for threats/attacks.
It's mainly the data correlation. For example, in the Microsoft ecosystem, Microsoft Entra ID is a primary component of the authentication and authorization mechanism. So whenever you're using tools like Microsoft Intune, Defender for Endpoint, Entra ID is the key signal, right? So Microsoft Sentinel correlates the logs from all these devices and services very well, so I can see a very detailed attack shape to figure out what's going on.
I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
It should improve ML and AI capabilities.
I find its documentation a little bit difficult to understand at the start. So the words should be simple.
I'd rate my likelihood of renewing the use of IBM Security QRadar SOAR as an 8 out of 10. Its strong automation, customization, and integration capabilities make it highly valuable for incident response and cybersecurity research. However, occasional complexity and the need for more streamlined usability prevent it from being a perfect score.
I would rate IBM Security QRadar SOAR's overall usability a 7 out of 10. The interface is quite functional and offers a wide range of features, but it can be somewhat complex and intimidating for beginners. Additionally, the configuration and customization can require a significant learning curve, especially for those without prior experience with security orchestration and automation platforms.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
I would rate IBM Security QRadar SOAR's availability as 9 out of 10. The platform is highly reliable, with minimal unplanned outages or application errors, ensuring it’s available when needed. However, occasional minor maintenance periods or rare connectivity issues prevent it from achieving a perfect score in terms of availability.
I would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.
I would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.
I would rate my satisfaction with the implementation of IBM Security QRadar SOAR as 7 out of 10. The process was generally straightforward, supported by helpful documentation and responsive support. However, certain advanced configurations proved more challenging and required more technical effort than anticipated, making the overall experience less seamless.
The elasticity of the IBM Security QRadar SOAR solution is what had driven us. We knew that the solution would require nurturing, training over the personnel but once the initial road blocks were destroyed, we went going faster. The other solutions lacked this elasticity, meaning we did not want to work with the things that were given to us but we wanted to make our own playground. We found IBM solution is the only one to provide this answer seamlessly. Also ease-of-integration and native integration with IBM SIEM is another factor of choose on our part.
Compared to platforms such as Splunk, LogRhythm, and Devo, Microsoft Sentinel’s cloud‑native, consumption‑based pricing model and reduced infrastructure overhead tend to offer better overall cost efficiency. This is especially true for organizations already invested in the Microsoft ecosystem, where Sentinel can deliver strong capabilities with a lower total cost of ownership.
I would rate IBM Security QRadar SOAR's overall scalability as 9 out of 10. It effectively scales to handle large volumes of incidents and can be deployed across multiple departments or sites. Its architecture supports growing data and integration needs, but advanced configuration for larger deployments may require more effort, preventing a perfect score.
QRadar has significantly enhanced our security posture by enabling us to detect, respond to, and mitigate security threats more effectively.
As we expand construction projects, QRadar SOAR has seamlessly scaled with our growing security needs. We haven't needed to invest in additional security personnel at the same rate as our project expansion, resulting in cost savings and efficient resource allocation.
It's probably neutral. We see value, but it's, again, tick that kind of expense stuff. We're getting more insight and value into what is going on in that cloud workspace, but just noting the cost. So it's probably neutral. I'm not directly responsible, so the full kind of return on investment kind of cycle, that's someone else's problem. I'm like the end user. It's my team that will look at the data and look at the output of Microsoft Sentinel. So the ROI, someone else can worry about that.