We performed a comparison between IBM Security QRadar and SonicWall Capture Client based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution was relatively easy to deploy."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"Fortinet is very user-friendly for customers."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"I like that it's easy to use and the performance is good."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"The product can scale."
"Technical support is good overall."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"The most valuable features of SonicWall Capture Client are CSC (Capture Security Center), RTDMI (Real-Time Deep Memory Inspection), and the deep memory inspection feature."
"SonicWall Capture Client's scalability is nice."
"The initial setup is straightforward."
"Overall, what I love the most about SonicWall Capture Client is its management console. SonicWall Capture Client also has the intelligence to tell you which computer is online, what OS it uses, etc. I also found the rollback feature and SentinelOne integration valuable in SonicWall Capture Client. Rollback is a powerful feature of the solution because it's similar to locking your endpoint during an attack, so you won't have to pay the hackers, particularly during ransomware attacks. That feature in SonicWall Capture Client allows you to get back your endpoint or make your endpoint right again after an attack. I also like that it isn't complex to remove the engine error from the endpoint because you only have to provide the security key from SonicWall Capture Client, so the process is simple. It's not complex."
"SonicWall Capture Client has a serial number to connect to your firewall."
"The solution serves as a very stable platform."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The only minor concern is occasional interference with desired programs."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The dashboard isn't easy to access and manage."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"They should provide more manual examples online so that I can learn it myself."
"There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"While the interface is easy to use, it could be a little more responsive."
"AI is superb but need improvements."
"It needs more resilience and functionality."
"SonicWall Capture Client could be made a little lighter than it currently is in terms of memory consumption."
"An area for improvement in SonicWall Capture Client is TenantCloud support. Suppose you want to implement SonicWall Capture Client. You'll have to register it on MySonicWall. Then once your SonicWall Capture Client license expires and you don't want to renew it, you can't delete it from your MySonicWall account, so that's an area for improvement."
"It takes technical support too long to resolve an issue."
"The vulnerability reports need to be better. Windows Defender detected some issues that SonicWall Capture Client couldn't."
"They should improve their user interface."
"The biggest issue with SonicWall Capture Client is network latency."
IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews while SonicWall Capture Client is ranked 45th in Endpoint Detection and Response (EDR) with 6 reviews. IBM Security QRadar is rated 8.0, while SonicWall Capture Client is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of SonicWall Capture Client writes "A stable solution that is used for endpoint security and to protect computers from malware". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas SonicWall Capture Client is most compared with SentinelOne Singularity Complete, Microsoft Defender for Endpoint, CrowdStrike Falcon, Bitdefender GravityZone Enterprise Security and Cortex XDR by Palo Alto Networks. See our IBM Security QRadar vs. SonicWall Capture Client report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.