No more typing reviews! Try our Samantha, our new voice AI agent.

ExtraHop Reveal(x) 360 vs IBM Security QRadar comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
ExtraHop Reveal(x) 360
Ranking in Extended Detection and Response (XDR)
29th
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
5
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (17th), Container Security (35th), Network Traffic Analysis (NTA) (10th)
IBM Security QRadar
Ranking in Extended Detection and Response (XDR)
10th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Endpoint Detection and Response (EDR) (11th), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of ExtraHop Reveal(x) 360 is 1.0%, up from 0.4% compared to the previous year. The mindshare of IBM Security QRadar is 3.3%, up from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
IBM Security QRadar3.3%
ExtraHop Reveal(x) 3601.0%
Other91.1%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2857197 - PeerSpot reviewer
Lead IT Service Analyst at a manufacturing company with 10,001+ employees
Cloud-native threat detection has improved incident investigations and now reduces breach risk
We have covered most of the features over the past three years and look forward to discovering more as we work closely with the ExtraHop technical team, who are open to sharing what they have developed. Pricing is on the higher side, typically based on load, volume of traffic, and deployment scale. The advanced detection capabilities provide significant value in reducing investigation time, making the licensing and pricing acceptable for larger organizations. ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments. ExtraHop Reveal(x) 360's SaaS environment is well-suited for cloud, on-premises, and hybrid environments, effectively addressing real-life scenarios involving east-west and north-south traffic. The platform is recommended for large organizations in need of comprehensive detection capabilities. I would rate this product overall as an 8 out of 10.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is mostly automated, and we do not have to make decisions, because all the decisions are made by the product itself and we are not required to create any custom policies since the policies that are created are well defined in the product itself."
"The information the dashboard provides is very clear."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"After installing this solution, it identified, blocked, and provided the complete attack chain, which was very helpful."
"We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities."
"Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments."
"Their technical support is more effective and of better quality than other competitors."
"ExtraHop Reveal(x) 360 has positively impacted my organization by helping us detect abnormal activity on our network that we could not detect through our SIEM or XDR platform."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"It is scalable."
"I suggest others to go with IBM Security QRadar because it is an IBM product and many companies and bank environments are using IBM Security QRadar because of its strong visibility and analysis capabilities."
"I have found IBM QRadar to be stable."
"It's very easy and initiative."
"QRadar was the best of the breed for our needs and for a big system like ours, it's less complex than Splunk or Outside."
"We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster."
"It helps us discover any threats with their alerts and tracking."
"Most of our clients have seen a return on investment because compared to other solutions it does not require a busload of people to operate it and it is reasonably priced."
"The solution can scale."
 

Cons

"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"The solution should enhance the ADR and reporting."
"The configuration could be simplified. I would like to see better protection, specifically to protect email applications."
"It automatically detects security issues. It should be able to protect our network devices while operating autonomously."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"To jump from the partner to Palo Alto directly was challenging."
"It takes time to scan the servers and devices."
"There needs to be more support."
"I would like to see ExtraHop Reveal(x) 360 improved by integrating XDR features with NDR."
"Their professional service can be improved."
"One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"While the interface is easy to use, it could be a little more responsive."
"In terms of some of the IBM support we recently have received, we've had some issues. While it should be 24/7 support, sometimes we have to wait an extended period."
"If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"Customer support needs some improvement as there have been a few cases where we were unable to reach them in time."
"Sometimes the system gets hung and then we have to restart everything from scratch."
"In a future release, the solution could provide malware analysis."
 

Pricing and Cost Advice

"Cortex XDR’s pricing is very reasonable."
"The price of the solution is high for the license and in general."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"It has reasonable pricing for the use cases it provides to the company."
"It is "expensive" and flexible."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"The price is on the higher side, but it's okay."
"When compared to other solutions, it aligns with the market average, indicating a competitive pricing level."
"When compared with other SIM solutions, QRadar is considerably less expensive."
"In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
"The pricing is always fine."
"The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately."
"An X-Force feed is free with QRadar."
"It is very expensive."
"It would be great if this product were cheaper."
"I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
13%
Construction Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
No data available
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
ExtraHop Reveal(X) Cloud, Reveal(X) Cloud
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Wizards of the Coast
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about ExtraHop Reveal(x) 360 vs. IBM Security QRadar and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.