We performed a comparison between IBM Security QRadar and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"Microsoft Defender is stable."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"It has very rich functionality."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"I have found IBM QRadar to be scalable."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"IBM QRadar Advisor with Watson is a stable solution."
"It has a lot of features. It has file integration monitoring."
"The most valuable features are file activity monitoring and registry activity monitoring."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"Good capability pinpointing specific cyber incidents."
"The solution's most valuable features are the graphical user interface and the reporting."
"The tool's most valuable feature is server threat hunting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"The licensing is a nightmare and has room for improvement."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"In a future release, the solution could provide malware analysis."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"They should introduce some automation into the product."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"The Indian tech support is not helpful."
"Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"IBM technical support is always terrible."
"The search feature needs to be improved."
"The UI could be improved a little bit."
"The cloud version is lacking and not up to par."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics (UEBA) with 198 reviews while LogRhythm UEBA is ranked 12th in User Entity Behavior Analytics (UEBA) with 10 reviews. IBM Security QRadar is rated 8.0, while LogRhythm UEBA is rated 7.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Microsoft Purview Insider Risk Management and Splunk User Behavior Analytics. See our IBM Security QRadar vs. LogRhythm UEBA report.
See our list of best User Entity Behavior Analytics (UEBA) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.