We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The product is very easy to use."
"It has great stability."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"It's open-source and free to use."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"Overall a great solution."
"The tool helps with infrastructure, application, and network monitoring."
"The scalability is very good. It's not a problem."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"Most of the features are good. It is an excellent solution."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"The UBA feature is the most valuable because you can see everything about users' activities."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Sometimes, configurations take much longer than expected."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"At times, there may be delays in the execution of certain actions and their effects."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"We'd like better premium support."
"The solution is expensive compared to other products."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"The user interface is a bit clunky, a bit hard to find what you need."
"IBM is going through some problems with its resources currently making its support response time slow."
"Some of the cloud apps need improvement."
"Needs better visualization options beyond the time series charts and a few other options that they have."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
Elastic Security is ranked 5th in Log Management with 58 reviews while IBM Security QRadar is ranked 6th in Log Management with 197 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiSIEM. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Log Management vendors, best EDR (Endpoint Detection and Response) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.