We performed a comparison between IBM Security QRadar and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The product can integrate with any device."
"Free ingestion for Azure logs (with E5 licence)"
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We've found the solution to be scalable."
"Integration is very easy and the reporting is good."
"The most valuable aspect of the solution is the integration capabilities on offer."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"The scalability is good."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"We are able to diagnose problems before our customers."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"We can integrate threat intelligence solutions into the product."
"It helps a lot because we can troubleshoot issues pretty easily."
"There is room for improvement in entity behavior and the integration site."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We'd like also a better ticketing system, which is older."
"We'd like to see more connectors."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The on-prem log sources still require a lot of development."
"I would like to see the update process simplified."
"From a functionality point of view there are issues sometimes."
"The solution is clunky."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"Pricing model could be more cost-effective."
"Sumo Logic Security is expensive, and its pricing could be improved."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Sumo Logic Security is ranked 11th in Security Orchestration Automation and Response (SOAR) with 18 reviews. IBM Security QRadar is rated 8.0, while Sumo Logic Security is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Grafana Loki. See our IBM Security QRadar vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.