IBM Security QRadar and Palo Alto Networks Cortex XSOAR are prominent in the security solutions market, with QRadar excelling in data integration and scalability, while Cortex XSOAR shines in automation and orchestration. QRadar seems to have an edge in complex environments due to its scalability and comprehensive compliance reporting, whereas Cortex XSOAR is superior in automation capabilities.
Features: IBM Security QRadar is known for its data integration, scalability, and ability to extract rich insights from raw logs, enhancing threat detection and response. Its comprehensive compliance reporting and user-friendly configuration for complex deployments are notable. Palo Alto Networks Cortex XSOAR focuses on automation with its extensive playbooks, integration flexibility, and robust incident management, enabling users to create customized workflows efficiently.
Room for Improvement: IBM QRadar needs enhanced API integration, better dashboard visualizations for real-time analysis, and improved technical support. Its search capabilities can also be cumbersome for complex queries. Palo Alto Networks Cortex XSOAR could use expanded integration capabilities, improved system stability during high-alert situations, and a simplified setup process to address pricing concerns.
Ease of Deployment and Customer Service: IBM Security QRadar offers flexible deployment models including on-premises, cloud, and hybrid environments. It is praised for flexibility but faces criticism for a complex setup and mixed reviews in technical support responsiveness. Customer service is usually well-rated, although there can be delays. Cortex XSOAR's deployment is straightforward, especially for cloud environments, but limited to specific environments. Customer service is responsive, though the setup complexity and high licensing cost can present challenges.
Pricing and ROI: IBM QRadar is a high-cost solution suitable for large enterprises due to its comprehensive features and scalability, offering good ROI in operational efficiency and security enhancement. However, licensing complexities and high initial costs may deter buyers. Palo Alto Networks Cortex XSOAR also carries a significant cost with licensing and user charges, providing notable ROI for enterprises with advanced security needs. Both solutions present substantial value, yet the cost might prevent adoption among smaller organizations.
With SOAR, the workflow takes one minute or less to complete the analysis.
Investing this amount was very much worth it for my organization.
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
They assist with advanced issues, such as hardware or other problems, that are not part of standard operations.
Support needs to understand the issue first, then escalate it to the engineering team.
The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it.
Their support has been better than Anomali's and they are more responsive.
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
For EPS license, if you increase or exceed the EPS license, you cannot receive events.
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
I think QRadar is stable and currently satisfies my needs.
The product has been stable so far.
We receive logs from different types of devices and need a way to correlate them effectively.
If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules.
IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.
The deployment requires integration and the development of integration modules.
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
Splunk is more expensive than IBM Security QRadar.
For customers, it is zero versus $20 million, which is why they have to make a decision.
Recently, I faced an incident, a cyber incident, and it was detected in real time.
IBM is seeking information about IBM QRadar because a part of QRadar, especially in the cloud, has been sold to Palo Alto.
We have FortiSOAR and IBM Resilient for IBM Security QRadar orchestration.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
| Product | Market Share (%) |
|---|---|
| Palo Alto Networks Cortex XSOAR | 9.7% |
| IBM Security QRadar | 7.1% |
| Other | 83.2% |
| Company Size | Count |
|---|---|
| Small Business | 88 |
| Midsize Enterprise | 36 |
| Large Enterprise | 102 |
| Company Size | Count |
|---|---|
| Small Business | 19 |
| Midsize Enterprise | 8 |
| Large Enterprise | 24 |
IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.
IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats.
IBM QRadar Log Manager
To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.
Some of QRadar Log Manager’s key features include:
Reviews from Real Users
IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.
Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.
Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.
Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.
The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.
Benefits of Palo Alto Networks Cortex XSOAR
Some of Palo Alto Networks Cortex XSOAR’s benefits include:
Reviews from Real Users
Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.
Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
