IBM Security QRadar SIEM vs. Microsoft Defender for Endpoint

QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.

Incentivized

Usually we had lots two platforms tasked with scanning exposures, anti-malware and provision for information and threat management. But with Microsoft Defender for Endpoint we have an all inclusive platform that even integrate with other Microsoft security apps such as Microsoft Defender for Cloud for enhanced threat insights and visibility.

Incentivized

• Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
• Facilitates security incident investigation and forensic analysis.
• Provides a real-time view of security events, enabling immediate incident response.
• Can integrate with external threat intelligence sources to enrich data and improve threat detection.
• Enables the generation of detailed and customized reports.

Incentivized

• It provides a unified security experience when combined with other Microsoft products such as Microsoft Defender for 365 and Azure Defender.
• It has an excellent dashboard and centralized view that make it easy to see and control everything from one location.
• It's an EDR tool designed to help you understand incidents and alerts better.
• Real-time detection of attacks and prompt endpoint device responses. It effortlessly interacts with additional Microsoft security products.

Incentivized

• Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
• While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
• IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.

Incentivized

• Does not allow for remediation from the management console.
• The ticket system doesn't alert the person assigned to the ticket.
• You have to submit requests for whitelisting applications.
• Scanning exclusions are tricky to find.
• Adding devices, especially Apple devices, is very cumbersome.

Incentivized

With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.

Incentivized

A very special system to use without problems, the process is very genuine and does not require complicated procedures.

Incentivized

Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm

Incentivized

The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session

Incentivized

IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.

Incentivized

in an overall protection sentinelone is providing better protection for us, but as it comes with subscription's limitation, we have to be really careful in managing the licenses, the MS Defender for endpoint is providing us a decent protection which we are not complaining about, why we chose them ? as mentioned, this is coming with our subscription

Incentivized

• Offense investigation was really helped in tackling the incidents. It was accurate and brief
• The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes
• The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database

Incentivized

• By providing robust threat protection, Defender for Endpoint can prevent downtime caused by security issues. Employees can work without interruptions, leading to increased productivity.
• By significantly decreasing the frequency of security incidents like malware infections and data breaches, Microsoft Defender for Endpoint can protect your network. The cost of incident response, cleanup, and potential regulatory fines are reduced as a result of the decrease in events.
• The implementation and configuration of Microsoft Defender for Endpoint may require an initial investment in licensing, training, and deployment, which can temporarily affect ROI.
• The cost of licensing can be substantial, especially for larger organizations. This cost needs to be factored into the ROI calculation.

Incentivized