We performed a comparison between IBM Security QRadar and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel pricing is good"
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It's pretty powerful and its performance is pretty good."
"The connectivity and analytics are great."
"The pricing of the product is excellent."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"IBM QRadar Advisor with Watson is a stable solution."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"It's built around Red Hat Linux, which is highly robust."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"The flexibility is good in terms of pulling log files."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We can integrate threat intelligence solutions into the product."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Technical support could be improved by a bit."
"QRadar needs a lot of fine tuning"
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"The user interface is a bit clunky, a bit hard to find what you need."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"I would like to see the update process simplified."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"Sumo Logic Security is expensive, and its pricing could be improved."
"Sumo Logic needs to make sure integrating solutions are seamless."
"We would like the ability to drill down into a dashboard and get into deeper levels."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while Sumo Logic Security is ranked 22nd in Log Management with 18 reviews. IBM Security QRadar is rated 8.0, while Sumo Logic Security is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Grafana Loki. See our IBM Security QRadar vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.