No more typing reviews! Try our Samantha, our new voice AI agent.

Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro vs IBM Security QRadar comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on May 17, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Dell Trusted Device powered...
Ranking in Endpoint Detection and Response (EDR)
32nd
Average Rating
9.6
Reviews Sentiment
6.2
Number of Reviews
4
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
11th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro is 0.4%, up from 0.0% compared to the previous year. The mindshare of IBM Security QRadar is 2.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
IBM Security QRadar2.1%
Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro0.4%
Other93.9%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Tom Cichosz - PeerSpot reviewer
System Engineer at a healthcare company with 501-1,000 employees
Integrated device protection has secured bios-level threats and preserves user performance
The features of Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro that I appreciate most are the real-time analytics in CrowdStrike and the ability to detect anomalies in the computer at the BIOS level, which is excellent to have. You would not normally see that with standard antivirus or regular security software; it would not integrate with the BIOS, but the fact that it does means that you get an enhanced layer of protection with CrowdStrike, more than you would see with another product. My perception of chip-level recovery is that it is a beautiful thing. Normally you are dependent on the OS for recovery actions, but in this case, you do not need that because it happens at the chip level. It happens out of band, before the OS is booted; you can make recovery choices, and that is extremely important. You always need an out of band solution, and on end user devices especially, if that is possible, that changes the whole landscape. Normally out of band is only for server-level devices, but this changes that; this adds an extra layer of protection that you would not normally see. I view the critical feature of Advanced Memory Scanning by CrowdStrike as incredible; the fact that it can actively scan memory without any performance hit on the PC or server devices is remarkable. Previously, in years before 2020, we would see a performance hit from this type of software, but the fact that CrowdStrike integrated with Dell does not cause any performance hit on the end user or the overall performance of the computer is an amazing thing. It is probably the best performing antivirus software I have actually seen.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities."
"Cortex XDR by Palo Alto Networks has changed the way my security team detects, investigates, and responds to threats, as we are able to see the files, unwanted files, unsecured files, and unauthorized files, so we are quarantining them."
"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."
"It is an easy-to-use tool."
"The fact that CrowdStrike and Dell have gotten to a point where it has no user effect, or virtually zero user effect, is absolutely game-changing."
"Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro has helped us immensely."
"The features of Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro that I like the most include its ability to recover quickly."
"If you are considering protecting your Dell endpoints and your Dell infrastructure with CrowdStrike, it is a no-brainer."
"It is very flexible and not at all tough for a startup engineer to click and bring solutions inside."
"The user interface is really great and it simplifies the task of monitoring your environment."
"It can analyze event logs, event security, and give a good consult."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"It gives me insight and visibility, so I can detect a threat coming in and all the offenses are coming in from monitoring one spot."
"The most valuable feature is the ability to get the logs and analyze them, as these logs help us in terms of analyzing and actually using Watson on them, making it a pretty great tool for intelligence and really a great product."
"The vulnerability management aspect is the most valuable feature."
"The solution can scale."
 

Cons

"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible."
"I have run into some detection issues with Cortex XDR. It needs to be better at detection of internal attacks."
"I have faced some issues with Cortex XDR by Palo Alto Networks; there is room for improvement in the sense that certain options prevent us from seeing and segregating data."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"It is a complex solution to implement."
"There are some default policies which sometimes affect our applications and cause them to run around."
"The room for improvement that I would recommend to make it a 10 is that it might be beneficial to scale out to include servers."
"The biggest thing I would do to improve Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro is add that agentic AI to it at the highest level and allow it to start to deploy and do things ourselves."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"Sometimes, we have a problem with support. We are also using QVM (IBM Security QRadar Vulnerability Manager) and I think it is a little bit buggy for now."
"IBM is going through some problems with its resources currently making its support response time slow."
"Technical support is not that strong from IBM. It definitely does not compare to any standard support organization."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"This tool is more suited for the technical industries or it's more specific for technical security."
"I'd like to see improved support from the vendor."
"We sometimes experience downtime, but it depends on the version. There is some variability."
 

Pricing and Cost Advice

"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"I don't recall what the cost was, but it wasn't really that expensive."
"It is "expensive" and flexible."
"It has reasonable pricing for the use cases it provides to the company."
"The price was fine."
"I am using the Community edition."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
Information not available
"There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk."
"The pricing is higher but cheaper than others and there are no additional costs."
"QRadar is quite expensive. It wouldn't be worth it for a small business..."
"It could be cheaper, but the value itself is far more important for us than the price. Typically, our clients have yearly subscriptions."
"It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
"IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much."
"IBM has subscriptions plans that run for one year."
"The tool's price is high."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
15%
Comms Service Provider
11%
Hospitality Company
11%
Recreational Facilities/Services Company
9%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro?
My experience with the pricing, setup cost, and licensing of the platform has been fairly simple. Licensing has been ...
What needs improvement with Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro?
The room for improvement that I would recommend to make it a 10 is that it might be beneficial to scale out to includ...
What is your primary use case for Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro?
Our main use cases for Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro involve having a pretty expan...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Dell Trusted Device powered by CrowdStrike Falcon and Intel vPro vs. IBM Security QRadar and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.