Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Symantec Endpoint Detection and Response comparison

IBM and Broadcom are both solutions in the Endpoint Detection and Response (EDR) category. IBM is ranked #18 with an average rating of 7.9, while Broadcom is ranked #29 with an average rating of 7.4. IBM holds a 1.1% mindshare in EDR, compared to Broadcom’s 0.5% mindshare. Additionally, 91% of IBM users are willing to recommend the solution, compared to 86% of Broadcom users who would recommend it.
IBM Security QRadar
Read 209 IBM Security QRadar reviews
  • 2,414 Views
  • 288 Comparison Views
91% willing to recommend
Symantec Endpoint Detection...
Read 30 Symantec Endpoint Detection and Response reviews
  • 1,120 Views
  • 326 Comparison Views
86% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 6, 2025

IBM Security QRadar and Symantec Endpoint Detection and Response compete in the security solutions category. Based on feature richness and scalability, IBM Security QRadar appears to have the upper hand with its extensive capabilities.

Features: IBM Security QRadar offers scalability, powerful threat detection, and user behavior analytics which integrate with various platforms. It can be deployed as an all-in-one appliance or as discrete components. Symantec EDR provides robust endpoint protection, superior threat intelligence, and allows extensive scans on endpoints without impacting network performance, fitting seamlessly with existing Symantec solutions.

Room for Improvement: IBM Security QRadar could improve visualization capabilities, enhance its vulnerability scanner, and expand integration options. Symantec EDR could focus on bettering its reporting engine, offering improved customer support, and achieving more predictable pricing.

Ease of Deployment and Customer Service: IBM Security QRadar supports on-premises, hybrid, and cloud-based deployments with generally good technical support. Symantec EDR is regarded as easier to deploy but has received mixed reviews on customer service, especially after its acquisition by Broadcom.

Pricing and ROI: IBM Security QRadar is known for its high cost, suited for enterprises with larger budgets justified by its robust features and scalability. It involves complex licensing costs based on EPS and FPS. Symantec EDR offers a more flexible pricing structure, possibly lower in cloud deployments, but varies significantly based on requirements.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Security QRadar vs. Symantec Endpoint Detection and Response Report (Updated: June 2025).
Buyer's Guide
IBM Security QRadar vs. Symantec Endpoint Detection and Response
June 2025
Download the complete report
Helped 857,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
18th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
209
Ranking in other categories
Log Management (5th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (13th)
Symantec Endpoint Detection...
Ranking in Endpoint Detection and Response (EDR)
29th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
30
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of IBM Security QRadar is 1.1%, down from 1.2% compared to the previous year. The mindshare of Symantec Endpoint Detection and Response is 0.5%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
Read full review
YusufAhmed - PeerSpot reviewer
Easy to use and competitively priced
Honestly, the product needs to continue the way it is, and I feel that everything will be fine. I haven't had any reasons to complain about the product. The product doesn’t offer MDM functionality under its current licensing model. In the future, I want the product to offer MDM. It can allow me to manage my mobile device more efficiently and effectively. Currently, there is a need for a separate license to be added to Symantec Endpoint Detection and Response to be able to use the MDM part. If both are bundled up under the same license, the administration part can be made easier.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"Overall a great solution."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"The most valuable aspect of the solution is the integration capabilities on offer."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
More IBM Security QRadar pros
"The most valuable feature is that the same agent can act as the endpoint detection and response agent."
"The security is good."
"A great feature of this solution is that it is very well-integrated with antivirus software. Other ADR solutions are implemented as single technologies and are not integrated with the provider, but Symantec offers AV plus ADR."
"The solution does all that we expect it to do."
"The solution has great blocking features."
"There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good."
"The solution can scale well."
"I like Symantec EDR's device control and USB security features."
More Symantec Endpoint Detection and Response pros
 

Cons

"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The initial setup was complex, and it took six months."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"IBM technical support is always terrible."
"The user interface is a bit difficult to get used to."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"The costing part could be improved."
More IBM Security QRadar cons
"The solution can always be more stable and more secure."
"The product doesn’t offer MDM functionality under its current licensing model."
"The interface has many issues."
"The interface is very complicated."
"In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial."
"Technical support is not as good as we expect, and resolving problems should be more timely."
"The solution needs to provide better integration."
"It would be beneficial to have more integration and compatibility with other platforms."
More Symantec Endpoint Detection and Response cons
 

Pricing and Cost Advice

"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
"It could be cheaper, but the value itself is far more important for us than the price. Typically, our clients have yearly subscriptions."
"It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
"The pricing is higher but cheaper than others and there are no additional costs."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate IBM Security QRadar's pricing a five out of ten."
"think the pricing is quite flexible."
More IBM Security QRadar pricing and cost advice
"The price is okay, but it really depends on the customer's requirements."
"Symantec Endpoint Detection and Response is expensive."
"We have a yearly subscription, and the pricing is fair."
"The more devices we have the more expensive it becomes, which is where the challenge is."
"It's a yearly subscription."
"Of late, because of the Broadcom purchase, its price has been increasing."
"It is an expensive solution."
"The price is really high and it should be lower."
More Symantec Endpoint Detection and Response pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
See recommendations
857,028 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
11%
Educational Organization
7%
Government
7%
Computer Software Company
14%
Financial Services Firm
13%
University
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is your experience regarding pricing and costs for IBM Security QRadar?
When comparing with Splunk, IBM Security QRadar's cost is reasonable. Splunk is more expensive than IBM Security QRadar.
See all answers
What do you like most about Symantec Endpoint Detection and Response?
The security is good.
See all answers
What is your experience regarding pricing and costs for Symantec Endpoint Detection and Response?
I am not aware of the pricing details, as that falls under the management's responsibility.
See all answers
What needs improvement with Symantec Endpoint Detection and Response?
There are several areas where Symantec Endpoint Detection and Response can improve, including shell features, web control, asset management, and device control. Specifically, the application contro...
See all answers
 

Comparisons

Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 9% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 7% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
Kaspersky Endpoint Detection and Response Expert vs Symantec Endpoint Detection and Response Logo
Kaspersky Endpoint Detection and Response Expert vs Symantec Endpoint Detection and Response
Compared 19% of the time
Cisco Secure Endpoint vs Symantec Endpoint Detection and Response Logo
Cisco Secure Endpoint vs Symantec Endpoint Detection and Response
Compared 12% of the time
Kaspersky Endpoint Security Cloud vs Symantec Endpoint Detection and Response Logo
Kaspersky Endpoint Security Cloud vs Symantec Endpoint Detection and Response
Compared 12% of the time
Trellix Endpoint Security Platform vs Symantec Endpoint Detection and Response Logo
Trellix Endpoint Security Platform vs Symantec Endpoint Detection and Response
Compared 9% of the time
Trend Vision One vs Symantec Endpoint Detection and Response Logo
Trend Vision One vs Symantec Endpoint Detection and Response
Compared 9% of the time
More Symantec Endpoint Detection and Response Competitors
 

Product Reports

Buyer's Guide
IBM Security QRadar
June 2025
IBM Security QRadar reportDownload IBM Security QRadar product report
Buyer's Guide
Symantec Endpoint Detection and Response
May 2025
Symantec Endpoint Detection and Response reportDownload Symantec Endpoint Detection and Response product report
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
No data available
 

Overview

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

IBM

Symantec Endpoint Detection and Response (EDR) is a powerful security solution designed to help organizations proactively detect, investigate, and mitigate advanced threats across their endpoint environments. As part of Broadcom's cybersecurity portfolio, Symantec EDR provides comprehensive visibility into endpoint activities, enabling security teams to quickly identify and respond to threats that evade traditional defenses.

Symantec EDR leverages machine learning, behavioral analysis, and global threat intelligence from Symantec's vast network to detect sophisticated threats, including zero-day attacks, ransomware, and advanced persistent threats (APTs). This allows organizations to identify malicious activities early and respond swiftly to mitigate potential damage. The solution offers automated response options that enable security teams to contain and remediate threats quickly.

Symantec EDR provides detailed forensic capabilities, allowing security analysts to dive deep into endpoint data, investigate incidents thoroughly, and understand the scope and impact of attacks. Features such as timeline analysis, incident graphing, and the ability to isolate endpoints enhance investigative efforts and support effective remediation strategies.

With its centralized management console, Symantec EDR offers visibility across the entire endpoint environment, regardless of the operating systems or whether endpoints are on-premise or remote. Symantec EDR seamlessly integrates with other Symantec security solutions, enhancing its detection capabilities and enabling a unified approach to threat management. Its scalable architecture ensures that businesses of all sizes can benefit from its advanced security features without compromising performance.

Quickly discover and resolve threats with deep endpoint visibility and superior detection analytics, reducing mean time to remediation. Overcome cyber security skills shortages and streamline SOC operations with extensive automation and built-in integrations for sandboxing, SIEM, and orchestration.

Fortify security teams with the unmatched expertise and global scale of Symantec Managed Endpoint Detection and Response services.
Roll out Endpoint Detection and Response (EDR) across Windows, macOS, and Linux devices using Symantec Endpoint Protection (SEP)-integrated EDR or a dissolvable agent.

Broadcom
 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Buyer's Guide
IBM Security QRadar vs. Symantec Endpoint Detection and Response
June 2025
Free Report: IBM Security QRadar vs. Symantec Endpoint Detection and Response
Find out what your peers are saying about IBM Security QRadar vs. Symantec Endpoint Detection and Response and other solutions. Updated: June 2025.
DOWNLOAD NOW
857,028 professionals have used our research since 2012.
See our IBM Security QRadar vs. Symantec Endpoint Detection and Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.