We performed a comparison between Forescout Platform and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The integration, visibility, vulnerability management, and device identification are valuable."
"Forescout Platform's most valuable features are that it is very granular. We are able to cull out a lot of information about our particular device or endpoint. The configuration and the visibility are very seamless. Overall the solution is very easy to handle and it's very comprehensive."
"The plugins are very robust -- the ability scanner, patch management system, and SQL integrator."
"The most valuable feature is the ease of deployment, which does not require the use of an agent."
"The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost."
"Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it."
"It allows for good detection of all the vendor products we have on-site."
"Forescout Platform's best feature is plug-in integration."
"We think it's simple. We think it's very useful and we really like reports and everything."
"The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA)."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"One of the most valuable features of this solution is it has very good data correlation."
"We run 65 servers globally with just two people: an engineering person and me."
"The interface is good."
"The solution is easy to use, manage, and review all incidents."
"The scalability is good."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The tool gives inconsistent answers and crashes a lot."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The reporting feature needs improvement."
"When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."
"It does not support the TACACS+ protocol."
"This solution is not that easy to scale but this depends on a company's needs."
"The solution needs more definitive pricing. The costs are hard to nail down."
"The initial setup is a bit complex."
"If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on."
"The ability to block external devices in Mac is lacking and needs to be added."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"The solution lacks vendor support."
"The AQL queries could be better."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"I would like to see a better GUI."
"I would like to see more integration in place after the security lock."
"The whole process for support is something that needs to be improved."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
Forescout Platform is ranked 14th in Extended Detection and Response (XDR) with 69 reviews while IBM Security QRadar is ranked 11th in Extended Detection and Response (XDR) with 198 reviews. Forescout Platform is rated 8.4, while IBM Security QRadar is rated 8.0. The top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our Forescout Platform vs. IBM Security QRadar report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.