We performed a comparison between IBM Security QRadar and IBM X-Force Exchange based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The initial setup is very simple and straightforward."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"We run 65 servers globally with just two people: an engineering person and me."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"It is really helpful to us from the compliance point of view."
"It's user-friendly when compared to other products."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"The pre-canned rules and reports in this product are a huge plus."
"The interface is good."
"It is a very optimized engine."
"It's quite integratable so you can actually integrate and get IP malware and URL information. It also gives you some form of intelligence into what you're trying to investigate or what you're trying to understand."
"This product has helped to increase staff productivity."
"The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The AI capabilities must be improved."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The initial setup was complex, and it took six months."
"The solution lacks some maturity."
"The interface is very old. IBM should remake it into a more modern interface."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"It's resource-intensive."
"We would like to see better instrumentation for debugging changes in the log flow."
"We would like to have more AI capabilities to detect threats and improve its productivity from a cybersecurity standpoint."
"You have to look for the new information from X-Force. X-Force will provide it but you have to look for it. We need clearer visibility."
"I would like to see better integration with other systems, solutions, and vendors."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while IBM X-Force Exchange is ranked 7th in Threat Intelligence Platforms with 3 reviews. IBM Security QRadar is rated 8.0, while IBM X-Force Exchange is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of IBM X-Force Exchange writes "Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas IBM X-Force Exchange is most compared with VirusTotal, ThreatConnect Threat Intelligence Platform (TIP), Recorded Future, Anomali ThreatStream and Mandiant Advantage.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.