We performed a comparison between IBM Security QRadar and Siemplify based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The UI-based analytics are excellent."
"The machine learning and artificial intelligence on offer are great."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It's built around Red Hat Linux, which is highly robust."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"It is a very good SIEM."
"The most valuable aspect of the solution is the integration capabilities on offer."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The most valuable feature of Siemplify is the playbooks that can be created."
"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."
"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"One key area that can be improved is by building a strong integration with our XDR platform."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The solution should include remote action capabilities."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"The reporting system could use some upgrading."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."
"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."
"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Siemplify is ranked 16th in Security Orchestration Automation and Response (SOAR) with 3 reviews. IBM Security QRadar is rated 8.0, while Siemplify is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Siemplify writes "Great for reporting and ticketing for SOC MxDR client environments and has a great, supportive community". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Siemplify is most compared with Splunk SOAR, Palo Alto Networks Cortex XSOAR, ServiceNow Security Operations, Fortinet FortiSOAR and IBM Resilient. See our IBM Security QRadar vs. Siemplify report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.