IBM Security QRadar SIEM vs. Microsoft Defender for Endpoint

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
IBM Security QRadar SIEM
Score 8.8 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.N/A
Microsoft Defender for Endpoint
Score 8.8 out of 10
N/A
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
Pricing
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Editions & Modules
No answers on this topic
Academic
$2.50
per user/per month
Standalone
$5.20
per user/per month
Offerings
Pricing Offerings
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Free Trial
YesYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Considered Both Products
IBM Security QRadar SIEM
Chose IBM Security QRadar SIEM
Due to its performance, it is a more practical way to analyze and respond to an incident. It is a graphic with good interaction and multiple integrated platforms.
Chose IBM Security QRadar SIEM
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I …
Chose IBM Security QRadar SIEM
We chose IBM Security QRadar SIEM not only because it was a leader but because it convinced us it was a solid product suitable for multiple scenarios but most importantly we needed a really secure and powerful software for our infrastructure.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM has been quite a revolutionary siem solution compared to its counterparts. Be it the use case building to maintaining log source integrations, Qradar has proved to be one of the most efficient and easy to use solution. Having IBM SOAR along with the …
Chose IBM Security QRadar SIEM
Because is easy to use and if you don't have analysts with database language skills IBM Security QRadar SIEM is easy to use in comparison to Splunk.
Chose IBM Security QRadar SIEM
Because they are the best and most used tools in the Cyber ​​Security market for event correlation.
Chose IBM Security QRadar SIEM
It provides practicality by containing several domains in a single tenant and being able to subdivide them in a single place, in addition to the fact that the price is very competitive in the market.
Chose IBM Security QRadar SIEM
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can …
Chose IBM Security QRadar SIEM
We select a IBM Security QRadar SIEM because is better to integrate a our SIEM QRADAR.
Chose IBM Security QRadar SIEM
I still don't have experience with other SIEM solutions.
Chose IBM Security QRadar SIEM
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar …
Chose IBM Security QRadar SIEM
Qradar is on my top choice because I have hands-on experience on it. on qradar it is much easier to investigate in case of any incident happend.
Chose IBM Security QRadar SIEM
IBM Security QRadar SIEM offers a wide range of features and capabilities, such as behavioral analysis, event correlation and incident management, making it a robust and effective choice.
Chose IBM Security QRadar SIEM
Rapid7 InsightIDR and Paladion
Chose IBM Security QRadar SIEM
QRadar's open architecture is easy to integrate with a wide range of security tools and third-party applications, which are available at the IBM X-force library to enhance overall flexibility. Its powerful analytics and correlation capabilities provide advanced threat detection …
Chose IBM Security QRadar SIEM
I would take below parameters to say IBM Security QRadar SIEM is better than other SIEM tools such as netwitness SIEM"

1) Easy to Use
Chose IBM Security QRadar SIEM
I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better …
Chose IBM Security QRadar SIEM
User friendly and use case management portal which helps to get brief idea about security posture based on mitre mapping is best thing i have experienced in qradar.
Chose IBM Security QRadar SIEM
price, to be honest IBM Security QRadar SIEM package is very good for most customers than Splunk and Sentinel
Chose IBM Security QRadar SIEM
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its …
Chose IBM Security QRadar SIEM
It's in the middle of this chart, Splunk from my point of view it's still the best SIEM actually and Sentinel it's very easy to use.
Chose IBM Security QRadar SIEM
IBM Qradar is cheaper and also easy to use.
For splunk you need dedicated team of experts.
Chose IBM Security QRadar SIEM
As a part of core security service provider, we could not stand with the tools that are used as a generic data processor. The compliance, log reading and events are well managed in QRadar compared to other tools
Microsoft Defender for Endpoint
Chose Microsoft Defender for Endpoint
I've used Sophos, Bitdefender, SentinelOne, and, of course, Microsoft Defender for Endpoint. We chose this at the time because we were such a Microsoft shop that it just seemed to integrate well with all the other things that we had set up with Microsoft.
Chose Microsoft Defender for Endpoint
Previously, we've used Sophos. We've used, way back when, McAfee, Norton, Symantec, all those. And we finally settled on Microsoft Defender for Endpoint. We're a Microsoft technology stack shop. So obviously it was natural. It's built into Windows, so we're not adding …
Chose Microsoft Defender for Endpoint
When building up policies, being independent is much easier compared to CrowdStrike, I would say.
Chose Microsoft Defender for Endpoint
Say licensing and cost primarily. And from our evaluation and our use cases, Microsoft Defender for Endpoint did relatively the same thing.
Chose Microsoft Defender for Endpoint
Unless you have a dedicated Security Operations Center working twenty four hours a day seven days a week that is able to constantly monitor Cylance and make the necessary changes for your users, it is not worth the trouble. Microsoft Defender for Endpoint does what it needs to …
Chose Microsoft Defender for Endpoint
Microsoft Defender for Endpoint consistently showed better user experiences during scans due to the reduced amount of resources used on each system compared to our previous endpoint protection solutions. However, the main reason we chose Microsoft Defender for Endpoint is …
Chose Microsoft Defender for Endpoint
Microsoft Defender for Endpoint offers strong integration with Microsoft 365 and Azure services, which provide a unified security experience. While McAfee Trellix is known for solid antivirus, Microsoft Defender excels in integration in the ecosystem.
Chose Microsoft Defender for Endpoint
Defender is far easier to deploy and manage than Sophos and tends to work without as many issues. The threat assessment portal provides an in-depth view of the organization's security posture, whereas Sophos only shows the patching status of the PCs. We did need Intune to get …
Chose Microsoft Defender for Endpoint
As Microsoft Defender for Endpoint easily integrated with our Office 365 setup, it was more beneficial as compared to other products
Chose Microsoft Defender for Endpoint
Cylance's policy is to block everything and requires an active person to monitor and unblock legitimate processes. As updates and software continue to evolve, it is a full-time job to be a Cylance administrator. Microsoft Defender for Endpoint is a set-and-forget solution that …
Chose Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is the most cost effective solution considering our Microsoft 365 licensing status. While many 3rd party solutions are great and have been used over the years, in the non-profit world, cost is a huge driving factor of items. Coupled with …
Chose Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is on par or exceeds the competitor products and provides an enterprise grade EDR solution. Based on the savings by bundling Microsoft products under the E5 license and the benefits it provides; it is an excellent choice for customers looking for …
Chose Microsoft Defender for Endpoint
MDE integrates much more into our M365 ecosystem than any other MDR possibly could. Bitdefender may have provided a similar level of endpoint protection but the reporting, vulnerability reporting and other incident tracking and correlation are critical in today's business …
Chose Microsoft Defender for Endpoint
Crowdstrike is the more feature complete product but licensing model and cost does not work well with the small business model. ESET Protect is considerably more complicated from a licensing perspective but once operational is a fine product.
Chose Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is far more robust and easy to use than NinjaOne's RMM tools. Microsoft Defender for Endpoint allows us to easily manage our endpoints, from an almost single pane of glass, whereas Ninja has multiple settings, policies, etc. that are harder to …
Chose Microsoft Defender for Endpoint
We use Microsoft Defender for Endpoint along with Crowdstrike on some of our critical systems as it enhances the protection we have for our environment.
Chose Microsoft Defender for Endpoint
It's very convenient and very well integrated with our environment.
Chose Microsoft Defender for Endpoint
Majorly because our suite is Microsoft, so make totally sense to have this in the company and the price. It is Microsoft is better than CrowdStrike.
Chose Microsoft Defender for Endpoint
Sophos. Because of the integration with Microsoft ecosystem, we selected Defender.
Chose Microsoft Defender for Endpoint
We have not used anything else other than Microsoft Defender for Endpoint. Maybe we've used other antivirus software like Sophos and things like that. They're just not all encompassing and that's why we moved to use this product.
Chose Microsoft Defender for Endpoint
I have been working with customers that they are transitioning from Sentinel One, CrowdStrike to Defender for Endpoint, right? So I think it's because they see the value in the product and also they see how much they can save in terms of the cost for companies because they …
Chose Microsoft Defender for Endpoint
We previously used CrowdStrike on our servers. However, the seamless integration of Microsoft Defender (MD) with XDR and the entire Microsoft ecosystem led us to choose Microsoft Defender for Endpoint (MDE).
Chose Microsoft Defender for Endpoint
What we love more about this product is the way this pro gets integrated into the other family of solutions, especially Defender for Identity or the XDR solutions. We think that the market, the customers are full of unattended consults coming out from different vendors and that …
Chose Microsoft Defender for Endpoint
The technical features, usability and the support was nice as compared to the other products.
Features
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
IBM Security QRadar SIEM
8.5
Ratings
8% above category average
Microsoft Defender for Endpoint
-
Ratings
Centralized event and log data collection9.90 Ratings00 Ratings
Correlation8.60 Ratings00 Ratings
Event and log normalization/management9.50 Ratings00 Ratings
Deployment flexibility7.80 Ratings00 Ratings
Integration with Identity and Access Management Tools8.90 Ratings00 Ratings
Custom dashboards and workspaces7.50 Ratings00 Ratings
Host and network-based intrusion detection9.70 Ratings00 Ratings
Data integration/API management9.00 Ratings00 Ratings
Behavioral analytics and baselining7.60 Ratings00 Ratings
Rules-based and algorithmic detection thresholds8.00 Ratings00 Ratings
Response orchestration and automation7.70 Ratings00 Ratings
Reporting and compliance management7.90 Ratings00 Ratings
Incident indexing/searching8.90 Ratings00 Ratings
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
IBM Security QRadar SIEM
-
Ratings
Microsoft Defender for Endpoint
8.7
Ratings
2% above category average
Anti-Exploit Technology00 Ratings9.00 Ratings
Endpoint Detection and Response (EDR)00 Ratings9.10 Ratings
Centralized Management00 Ratings8.60 Ratings
Hybrid Deployment Support00 Ratings7.20 Ratings
Infection Remediation00 Ratings9.10 Ratings
Vulnerability Management00 Ratings8.60 Ratings
Malware Detection00 Ratings9.20 Ratings
Best Alternatives
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 8.0 out of 10
ThreatLocker
ThreatLocker
Score 9.2 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
BlackBerry Protect (CylancePROTECT)
BlackBerry Protect (CylancePROTECT)
Score 9.1 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
BeyondTrust Endpoint Privilege Management
BeyondTrust Endpoint Privilege Management
Score 10.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Likelihood to Recommend
8.5
(0 ratings)
8.9
(0 ratings)
Likelihood to Renew
8.7
(0 ratings)
8.4
(0 ratings)
Usability
8.0
(0 ratings)
8.5
(0 ratings)
Availability
9.0
(0 ratings)
9.1
(0 ratings)
Performance
9.0
(0 ratings)
9.1
(0 ratings)
Support Rating
8.1
(0 ratings)
9.0
(0 ratings)
In-Person Training
9.0
(0 ratings)
-
(0 ratings)
Online Training
9.0
(0 ratings)
-
(0 ratings)
Implementation Rating
8.0
(0 ratings)
7.3
(0 ratings)
Configurability
8.0
(0 ratings)
8.2
(0 ratings)
Ease of integration
8.1
(0 ratings)
-
(0 ratings)
Product Scalability
8.0
(0 ratings)
9.1
(0 ratings)
Vendor post-sale
9.0
(0 ratings)
-
(0 ratings)
Vendor pre-sale
9.0
(0 ratings)
-
(0 ratings)
User Testimonials
IBM Security QRadar SIEMMicrosoft Defender for Endpoint
Likelihood to Recommend
QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Read full review
I can definitely tell you where it’s more suited, because we haven’t come across any less appropriate scenarios. But definitely in regard to how we centrally manage our user space and our endpoints, it’s been beneficial from an API perspective and is really transferable, with strong collaboration with our Azure stack. It works very well.
Read full review
Pros
  • Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
  • Facilitates security incident investigation and forensic analysis.
  • Provides a real-time view of security events, enabling immediate incident response.
  • Can integrate with external threat intelligence sources to enrich data and improve threat detection.
  • Enables the generation of detailed and customized reports.
Read full review
  • It really protects our endpoints. We've used other antivirus programs in the past, and they haven't had that full confidence in those products compared to what Microsoft Defender for Endpoint does for us.
  • Another pro is that it's easy to manage the management console through Intune to see Microsoft Defender for Endpoint up in the cloud and see the state of our devices.
  • Another pro is we haven't had an incident since we installed it.
Read full review
Cons
  • Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
  • While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
  • IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
Read full review
  • It would be good to continue to minimize the amount of resources needed during a scan
  • Provide more integration with Outlook to scan attachments with a notification that everything is good
  • Provide a Click to Fix option when listing issues or high-risk problems on systems
Read full review
Likelihood to Renew
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review
Microsoft Defender is closely catching -up in market with existing competitors they have added DLP endpoint & DLP Network and Cloud DLP solution last year with OCR capabilities. I would say Microsoft Defender is not legacy Vendor in end point security, the need to learn from other vendors in market and focus on new XDR technologies, which is going to be new battle for all vendors
Read full review
Usability
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
Read full review
Microsoft Defender for Endpoint is a great EDR to have that works quickly and silently in the background and it integrates well with other Microsoft services. As an IT manager, I can appreciate that I do not get bombarded by alerts for every small detail. On the flipside, the management site can use some work in being more clear and should be more streamlined so I'm not clicking through multiple pages to figure out what happened
Read full review
Reliability and Availability
No answers on this topic
Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.
Read full review
Performance
No answers on this topic
Microsoft Defender for Endpoint is easy on memory and resources on clients.
Read full review
Support Rating
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review
Overall support is really good for this product. Since it's a Microsoft product, you will get good support from a number of different resources, including knowledgebase articles on the web, support from Microsoft technicians, and documentation (which tends to very thorough). Also, there is a vast user support community for this product, so user support forums would also be another valuable channel to get help if needed. I don't envision too many people will have issues/problems with the product, as it tends to run good overall.
Read full review
In-Person Training
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
No answers on this topic
Online Training
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Read full review
No answers on this topic
Implementation Rating
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
Read full review
Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.
Read full review
Alternatives Considered
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.
Read full review
I've used Sophos, Bitdefender, SentinelOne, and, of course, Microsoft Defender for Endpoint. We chose this at the time because we were such a Microsoft shop that it just seemed to integrate well with all the other things that we had set up with Microsoft.
Read full review
Scalability
No answers on this topic
Microsoft Defender for Endpoint is easily scaled from small orgs to giant enterprises.
Read full review
Return on Investment
  • Like any cybersecurity product, any money you don't lose on a prevented attack is money that you saved
  • Most of the apps are free and provides great enrichment like User Behaviour Analytics
  • Top quality alerts gives enormous value to the "passive" data that flows into the infrastructure
Read full review
  • Another positive impact is that Microsoft Defender for Endpoint is built into the Windows OS. So naturally, it is much easier to load it out and manage it, rather than acquiring it through party ER, deploying it, and managing it separately. So that's definitely on the positive side that we observe there's a byproduct of changing Microsoft Defender for Endpoint.
Read full review
ScreenShots

IBM Security QRadar SIEM Screenshots

Screenshot of QRadar SIEM Cloud native- Threat intelligence preview

Microsoft Defender for Endpoint Screenshots

Screenshot of blocked activitiesScreenshot of Detects & respondsScreenshot of discovers vulnerabilityScreenshot of Eliminates blind spotsScreenshot of Risk management