IBM Security® QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks.
N/A
Palo Alto Networks Cortex XSOAR
Score 7.2 out of 10
N/A
Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are powered by hundreds of integrations and thousands of security actions, striking the right balance between rapid machine execution and nuanced human oversight.
N/A
Pricing
IBM Security QRadar SOAR
Palo Alto Networks Cortex XSOAR
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IBM Security QRadar SOAR
Palo Alto Networks Cortex XSOAR
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
Usage-based pricing: This simple, scalable option allows starting small with an initial users and capabilities and scaling up as more users are added, as well as capabilities and data.
Enterprise-wide pricing: This option is based on either the size of the enterprise-wide IT infrastructure or the size and type of data sources being secured.
—
More Pricing Information
Community Pulse
IBM Security QRadar SOAR
Palo Alto Networks Cortex XSOAR
Considered Both Products
IBM Security QRadar SOAR
Verified User
Analyst
Chose IBM Security QRadar SOAR
IBM QRadar SOAR integrates seamlessly with IBM’s QRadar SIEM, making it an excellent choice for organizations that already use IBM's security solutions. This tight integration offers an end-to-end experience in threat detection and response.
The elasticity of the IBM Security QRadar SOAR solution is what had driven us. We knew that the solution would require nurturing, training over the personnel but once the initial road blocks were destroyed, we went going faster. The other solutions lacked this elasticity, …
IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities. If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.
XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click of a button. ●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real emails, resulting in compromise through human error. ●Security Teams aren’t able to follow set processes while responding to phishing alerts. They must coordinate across email inboxes, threat intel, NGFW, ticketing, and other tools. Each tool has different consoles, data conventions, and contexts, making it difficult for security teams to fill in the gaps while minimizing errors. XSOAR is less suited for analyzing traffic.
QRadar's ability to collect, analyze and normalize vast amount of security data from various sources is remarkable.
QRadar allows us to define and automate incident response playbooks which have been amazing for streamlining the response to security incidents.
It offers and extensive library of pre-built connectors and support for common security standards facilitating seamless integration with a wide range of security tools.
The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario.
The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff.
Also, I would love to have search areas more interactive and easier to navigate.
I'd rate my likelihood of renewing the use of IBM Security QRadar SOAR as an 8 out of 10. Its strong automation, customization, and integration capabilities make it highly valuable for incident response and cybersecurity research. However, occasional complexity and the need for more streamlined usability prevent it from being a perfect score.
It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.
I would rate IBM Security QRadar SOAR's overall usability a 7 out of 10. The interface is quite functional and offers a wide range of features, but it can be somewhat complex and intimidating for beginners. Additionally, the configuration and customization can require a significant learning curve, especially for those without prior experience with security orchestration and automation platforms.
I would rate IBM Security QRadar SOAR's availability as 9 out of 10. The platform is highly reliable, with minimal unplanned outages or application errors, ensuring it’s available when needed. However, occasional minor maintenance periods or rare connectivity issues prevent it from achieving a perfect score in terms of availability.
I would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.
I would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.
I would rate my satisfaction with the implementation of IBM Security QRadar SOAR as 7 out of 10. The process was generally straightforward, supported by helpful documentation and responsive support. However, certain advanced configurations proved more challenging and required more technical effort than anticipated, making the overall experience less seamless.
Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by Splunk SOAR, but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made implementation of a SOAR solution much faster.
The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.
I would rate IBM Security QRadar SOAR's overall scalability as 9 out of 10. It effectively scales to handle large volumes of incidents and can be deployed across multiple departments or sites. Its architecture supports growing data and integration needs, but advanced configuration for larger deployments may require more effort, preventing a perfect score.
