Elastic Security vs IBM Security QRadar comparison

Cancel
You must select at least 2 products to compare!
Fortinet Logo
9,613 views|7,353 comparisons
Elastic Logo
20,965 views|17,413 comparisons
IBM Logo
18,570 views|11,117 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Sep 1, 2022

We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Elastic Security users tell us deployment is simple and straightforward. IBM QRadar users advise that a solid understanding of the IBM system is needed to deploy successfully.
  • Features: Elastic Security users appreciate that it is very comprehensive, allows for many tasks to be performed simultaneously, and is very quick to respond. Many users feel the solution could be more user friendly and should offer better integrations with other products.

    IBM QRadar users like that it gives them a single window view into the organization's network, SIEM, network flows, and risk management of assets. The solution offers some very intuitive AI features which make staying on the offense easy. Many users feel the solution is a bit clunky and is very taxing on system resources.
  • Pricing: Elastic Security is an open-source solution. They do have many different licensing options, which can get expensive. IBM QRadar users tell us the solution is very expensive.
  • Service and Support: Many Elastic Security users feel service and support have room for improvement. Most IBM QRadar users feel the service and support are unsatisfactory.

Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.

To learn more, read our detailed Elastic Security vs. IBM Security QRadar Report (Updated: September 2023).
734,963 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Fortinet is very user-friendly for customers.""The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers.""This is stable and scalable.""Forensics is a valuable feature of Fortinet FortiEDR.""The stability is very good.""Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture.""The price is low and quite competitive with others.""The solution was relatively easy to deploy."

More Fortinet FortiEDR Pros →

"It's very stable and reliable.""I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.""The product has huge integration varieties available.""Elastic Security is very easy to adapt.""What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.""The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology.""I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.""It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."

More Elastic Security Pros →

"The most valuable features are the AI assistant, which is good at detecting known types of behavior.""It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform.""QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.""IBM QRadar Advisor with Watson is a stable solution.""The most valuable feature currently is security behaviors and the pdf files.""I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.""IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration.""The timeline and machine learning features are great."

More IBM Security QRadar Pros →

Cons
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation.""We'd like to see more one-to-one product presentations for the distribution channels.""Once, we had an event that was locked and blocked, but information about it came to us two or three days later.""The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location.""The dashboard isn't easy to access and manage.""We find the solution to be a bit expensive.""I haven't seen the use of AI in the solution.""FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."

More Fortinet FortiEDR Cons →

"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics.""The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated.""There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits.""There isn't really a very good user experience. You need a lot of training.""Elastic Security could improve the documentation. It would help if they were more simple and clean.""Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.""In terms of improvement, there could be more automation in responding to and evaluating detections.""Their visuals and graphs need to be better."

More Elastic Security Cons →

"The AI engine could be smarter.""The solution is expensive compared to other products.""I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less.""The product can be a bit complex.""If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.""IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.""I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft.""I would like to see more integration in place after the security lock."

More IBM Security QRadar Cons →

Pricing and Cost Advice
  • "The price is comprable to other endpoint security solutions."
  • "The pricing is typical for enterprises and fairly priced."
  • "I'm not familiar with pricing, but it looks a bit costly compared to other vendors I think."
  • "The pricing is good."
  • "I would rate the solution's pricing an eight out of ten."
  • "The hardware costs about €100,000 and about €20,000 annually for access."
  • "Fortinet FortiEDR has a yearly subscription."
  • "It's not cheap, but it's not expensive either."
  • More Fortinet FortiEDR Pricing and Cost Advice →

  • "Affordable but with additional costs"
  • "When compared to other products, the price is average or on the low side."
  • "The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
  • "The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
  • "The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
  • "The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
  • "The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
  • More Elastic Security Pricing and Cost Advice →

  • "There is a license to use this solution, which is paid annually. However, there are subscription options available."
  • "There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
  • "Pricing is good."
  • "You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar. If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or 10 years, Azure Sentinel can be more expensive than QRadar."
  • "Licensing can be costly depending on your architecture."
  • "There is an annual license required for this solution."
  • "QRadar's price is reasonable compared to LogRhythm."
  • "We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
  • More IBM Security QRadar Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    734,963 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I suggest Fortinet’s FortiEDR over FortiClient for several reasons. For starters, FortiEDR guarantees solid protection… more »
    Top Answer:Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close… more »
    Top Answer:The price is on the higher side. It's in the upper quadrant. The hardware costs about €100,000 and about €20,000… more »
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times… more »
    Top Answer:Elastic Security is very easy to adapt.
    Top Answer:The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example… more »
    Top Answer:It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:The event collector, flow collector, PCAP and SOAR are valuable.
    Comparisons
    Also Known As
    enSilo, FortiEDR
    Elastic SIEM, ELK Logstash
    IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
    Learn More
    Overview

    Fortinet FortiEDR is a real-time endpoint protection, detection, and automated response solution. Its primary purpose is to detect advanced threats to stop breaches and ransomware damage. It is designed to do so in real time, even on an already compromised device, allowing you to respond and remediate incidents automatically so your data can remain protected.

    Fortinet FortiEDR Features

    Fortinet FortiEDR has many valuable key features, including:

    • Easily customizable
    • Real-time proactive risk mitigation & IoT security
    • Pre-infection protection
    • Post-infection protection
    • Track applications and ratings
    • Reduce the attack surface with risk-based proactive policies
    • Achieve analysis of entire log history
    • Optional managed detection and response (MDR) service

    Fortinet FortiEDR Benefits

    Some of the key benefits of using Fortinet FortiEDR include:

    • Protection: Fortinet FortiEDR provides proactive, real-time, automated endpoint protection with the orchestrated incident response across platforms. It stops the breach with real-time postinfection blocking to protect data from exfiltration and ransomware encryption.

    • Single unified console: Fortinet FortiEDR has a single unified console with an intuitive interface, which makes management easier. The solution automates mundane endpoint security tasks so your employees don’t need to do it.

    • Cost savings: With Fortinet FortiEDR you can eliminate post-breach operational expenses and breach damage costs.

    • Flexibility: Fortinet FortiEDR can be deployed on premises or on a secure cloud instance. With Fortinet FortiEDR, endpoints are protected both on- and off-line.

    • Scalability: Because Fortinet can be deployed quickly and has a small footprint, it is easy to scale up to protect hundreds of thousand endpoints.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Fortinet FortiEDR users.

    An Owner at a security firm says, "The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.”

    Chandan M., Chief Technical Officer at Provision Technologies LLP, mentions, “The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration.” He also adds, “The security is also very good and the firewall response is good.”

    Harpreet S., Information Technology Support Specialist at Chemtrade Logistics, explains, "It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."

    DeAndre V., Senior Network Administrator at a financial services firm, states, “The dashboard is easy to follow and use. The deployment and uninstalling were easy. I like the detailed information about the path of a file that might be suspicious. Being able to check that out was easy to follow. Exceptions are easy to create and the interface is easy to follow with a nice appearance.

    Unify SIEM, endpoint security, and cloud security
    Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
    Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

    IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

    IBM QRadar Log Manager

    To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

    Some of QRadar Log Manager’s key features include:

    • Data processing and capture on any security event
    • Disaster recovery options and high availability 
    • Scalability for large enterprises
    • SoftLayer cloud installation capability
    • Advanced threat protection

    Reviews from Real Users

    IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

    Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

    A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

    Offer
    Learn more about Fortinet FortiEDR
    Learn more about Elastic Security
    Want to Hear More?

    IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.

    Sample Customers
    Financial, Healthcare, Legal, Technology, Enterprise, Manufacturing ... 
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider12%
    Retailer6%
    Educational Organization6%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government8%
    Manufacturing Company7%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm37%
    Computer Software Company26%
    Comms Service Provider11%
    Healthcare Company11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Government9%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company13%
    Comms Service Provider11%
    Security Firm6%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company15%
    Financial Services Firm9%
    Government7%
    Company Size
    REVIEWERS
    Small Business37%
    Midsize Enterprise22%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise19%
    Large Enterprise50%
    REVIEWERS
    Small Business59%
    Midsize Enterprise16%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise17%
    Large Enterprise59%
    REVIEWERS
    Small Business39%
    Midsize Enterprise16%
    Large Enterprise46%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise28%
    Large Enterprise52%
    Buyer's Guide
    Elastic Security vs. IBM Security QRadar
    September 2023
    Find out what your peers are saying about Elastic Security vs. IBM Security QRadar and other solutions. Updated: September 2023.
    734,963 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Log Management with 24 reviews while IBM Security QRadar is ranked 6th in Log Management with 47 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 7.8. The top reviewer of Elastic Security writes "A highly flexible and customizable tool that needs to improve automation and integration". On the other hand, the top reviewer of IBM Security QRadar writes "Good dashboard and helpful third-party plugins but technical support could be better". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and Graylog, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ArcSight Logger. See our Elastic Security vs. IBM Security QRadar report.

    See our list of best Log Management vendors, best EDR (Endpoint Detection and Response) vendors, and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.