We performed a comparison between IBM Security QRadar and IBM Watson for Cyber Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Free ingestion for Azure logs (with E5 licence)"
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The most valuable feature is the searching capability and real-time operational use."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"It has very rich functionality."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"The customer support is very good."
"The most valuable feature of this product is innovation, where the research and upgrading of technology never ends."
"The most valuable features of IBM Watson for Cyber Security are ease of use and out-of-the-box reports and compliance policies. Additionally, if there are aspects that are missing IBM add them in the next release."
"IBM Watson for Cyber Security is very stable."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The on-prem log sources still require a lot of development."
"The reporting could be more structured."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The product does not have a team for investigating malware."
"The price of IBM Security QRadar is an area of concern where improvements are required."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"The usability of interfaces could be improved."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"I have noticed the interface has room for improvement."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The user interface is a bit clunky, a bit hard to find what you need."
"The dashboard could improve in IBM Watson for Cyber Security."
"They need to continue to build the AI capabilities."
"This is an expensive product, so making it more cost-effective would be an improvement."
"In the future, I would like to see threat intelligence included."
More IBM Watson for Cyber Security Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while IBM Watson for Cyber Security is ranked 45th in Security Information and Event Management (SIEM) with 4 reviews. IBM Security QRadar is rated 8.0, while IBM Watson for Cyber Security is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of IBM Watson for Cyber Security writes "An innovative and stable product that is well maintained and always up-to-date". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas IBM Watson for Cyber Security is most compared with Splunk Enterprise Security and i-SIEM. See our IBM Security QRadar vs. IBM Watson for Cyber Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.