We performed a comparison between IBM Security QRadar and SentinelOne Singularity Complete based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. SentinelOne Singularity Complete is praised for its dependable threat prevention and ability to reverse ransomware file encryption. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. SentinelOne could improve its automation, machine learning, and AI capabilities while improving reporting and integration.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. Customers have been pleased with SentinelOne’s customer service. Reviews highlighted the support team’s responsiveness and efficiency.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Users find the initial setup for SentinelOne Singularity Complete to be quick and painless, with helpful support from the vendor team.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Some reviewers thought SentinelOne Singularity Complete is reasonably priced and competitive, while others say it’s costlier than many alternatives.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. SentinelOne Singularity Complete yields an ROI by saving money and protecting against ransomware attacks. Other users noted its valuable dashboard data and low CapEx requirements.
Comparison Results: Our users prefer IBM Security QRadar over SentinelOne Singularity Complete. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management. SentinelOne Singularity Complete users say it lacks some of QRadar's more advanced features and requires enhancements in automation, reporting functionality, user-friendliness, and stability.
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"Overall a great solution."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"It is a very good SIEM."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"It has improved my efficiency."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score."
"When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help."
"The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs."
"I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition."
"In the past, we were not able to identify a few viruses, but now we are able to identify them because of the machine learning feature."
"I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation."
"Singularity's rollback feature is one of the primary reasons we bought the product. If there's an attack on the machine, the system can automatically roll back the data and the hard drive of the machine that was attacked."
"The portal is the most valuable feature because it provides us with a single pane of glass view and is highly intuitive."
"The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The solution does not offer a unified response and standard data."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"The mobile app support for Android and iOS is difficult and needs improvement."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"Technical support is good, but not great."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"I would like to see more integration in place after the security lock."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"Do your research before implementing it, because it is tough to implement."
"We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it."
"One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."
"An area for improvement in SentinelOne is the search feature. You can't go beyond twenty thousand events, which ruins the task because it isn't enough when you're doing your investigation."
"SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan."
"Deployment strategy for large organizations that do not use active directory (AD)."
"I am not a fan of the UI and feel it has room for improvement."
"The most difficult part of using Singularity Complete is logging in, as they often update the management console."
"Security could always be better."
More SentinelOne Singularity Complete Pricing and Cost Advice →
IBM Security QRadar is ranked 11th in Extended Detection and Response (XDR) with 198 reviews while SentinelOne Singularity Complete is ranked 1st in Extended Detection and Response (XDR) with 176 reviews. IBM Security QRadar is rated 8.0, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Datto Endpoint Detection and Response (EDR). See our IBM Security QRadar vs. SentinelOne Singularity Complete report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
