We performed a comparison between Elastic Security and IBM QRadar based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: PeerSpot users feel IBM QRadar makes SIEM easy. It can pan through tremendous amounts of data quickly and the dashboards and monitoring are amazing, making it a user favorite.
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Microsoft 365 Defender is simple to upgrade."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"The solution is well integrated with applications. It is easy to maintain and administer."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"Enables monitoring of application performance and the ability to predict behaviors."
"We've found the initial setup to be quite straightforward."
"The feature that we have found the most valuable is scalability."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The stability of the solution is good."
"The detection rate is good and the false positive rate is low."
"I think the QDI is very good."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"The most valuable feature is the searching capability and real-time operational use."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"The solution is flexible and easy to use."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The solution's query building is not that intuitive compared to other solutions."
"This solution is very hard to implement."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"It could use maybe a little more on the Linux side."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"I would like more ways to manage permissions and restrict access to certain users."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"The dashboards are all legacy and old."
"The advanced planning management (APM) features should be included."
"The solution lacks vendor support."
"It needs more resilience and functionality."
"IBM needs to invest more into the collaboration with other vendors."
"There could be better integration with the solution."
Elastic Security is ranked 5th in Log Management with 58 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Elastic Security is rated 7.6, while IBM Security QRadar is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Sentinel. See our Elastic Security vs. IBM Security QRadar report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.