Try our new research platform with insights from 80,000+ expert users

Cybereason Endpoint Detection & Response vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 13, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cybereason Endpoint Detecti...
Ranking in Endpoint Detection and Response (EDR)
24th
Average Rating
8.0
Reviews Sentiment
7.9
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (35th)
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
15th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
209
Ranking in other categories
Log Management (5th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (13th)
 

Mindshare comparison

As of July 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Cybereason Endpoint Detection & Response is 0.9%, down from 1.1% compared to the previous year. The mindshare of IBM Security QRadar is 1.1%, down from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

AtulChaurasia - PeerSpot reviewer
Scalable platform with intuitive features for detecting malicious files
The initial setup process is straightforward. We have to install the agent, create a package, and deploy it on servers. It has a prebuilt console managed by the cloud team of Cybereason. We don't have to worry about the console and concentrate on endpoint implementation. It takes ten days to deploy it on 10,000 devices.
Mahmoud Younes - PeerSpot reviewer
Reliable installation and diverse use cases provide strong value
IBM Security QRadar has some areas for improvement. We have missed some DSM components. We need to customize logs where there is no DSM or connector for certain products. We can integrate but we have missed the DSM, which is the connector to pass logs coming from different applications. For example, with a university customer, we tried onboarding Canvas service. IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"For me, the technical support is good."
"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."
"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
"What I find most valuable is the clarity of the platform."
"The initial setup was easy and straightforward."
"The interface is user-friendly."
"The initial setup was straightforward."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"IBM QRadar Advisor with Watson is a stable solution."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
 

Cons

"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."
"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."
"It should be more stable, and the sensor needs improvement in terms of connectivity."
"They need to improve their technical support services."
"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."
"What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on."
"The product's reporting isn't great."
"The reporting feature needs improvement."
"The implementation and configuration are not easy."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"The solution does not support the integration of flat file databases."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
 

Pricing and Cost Advice

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."
"This product is somewhat expensive and should be cheaper."
"In terms of pricing, it's a good solution."
"I had to go through a third-party to purchase it, which I wasn't really pleased about."
"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."
"The pricing is manageable."
"I do not have experience with the licensing of the product."
"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."
"It's free of charge."
"The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately."
"The solution comes with a high price tag, while some of the competitors provide identical functionality in their offerings at no extra cost."
"Pricing (based on EPS) will be more accurate."
"They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis."
"There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well."
"There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
"The solution is costly and the price differs depending on the vendor you use."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
861,481 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
6%
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?
Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...
What is your primary use case for Cybereason Endpoint Detection & Response?
We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automa...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
When comparing with Splunk, IBM Security QRadar's cost is reasonable. Splunk is more expensive than IBM Security QRadar.
 

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Cybereason Endpoint Detection & Response vs. IBM Security QRadar and other solutions. Updated: June 2025.
861,481 professionals have used our research since 2012.