We performed a comparison between IBM Security QRadar and Microsoft Purview Insider Risk Management based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The initial setup is very simple and straightforward."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"We run 65 servers globally with just two people: an engineering person and me."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"It is a scalable solution."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"Most of the features are good. It is an excellent solution."
"I like the graphical interface. It's so good and easy."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"The best thing about Purview is that it's easy to integrate with our day-to-day environment. We have Active Directory, and Word and Excel. Using a third-party vendor and trying to integrate with our existing environment would be much more challenging."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"We are invoiced according to the amount of data generated within each log."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
"The product does not have a team for investigating malware."
"The usability of interfaces could be improved."
"It would be good if the program allowed certain profiles to only see certain customer information."
"The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users."
"The advanced planning management (APM) features should be included."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Microsoft Purview Insider Risk Management is ranked 3rd in Insider Risk Management with 1 review. IBM Security QRadar is rated 8.0, while Microsoft Purview Insider Risk Management is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Purview Insider Risk Management writes "Eliminates manual work in searching for document leaks and makes it easy to present reports to auditors". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Microsoft Purview Insider Risk Management is most compared with Splunk User Behavior Analytics, Dtex Systems, Microsoft Defender for Identity, LogRhythm UEBA and Netskope Advanced Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.