Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Symantec Endpoint Detection and Response comparison

IBM and Broadcom are both solutions in the Endpoint Detection and Response (EDR) category. IBM is ranked #17 with an average rating of 7.8, while Broadcom is ranked #30 with an average rating of 7.6. IBM holds a 1.2% mindshare in EDR, compared to Broadcom’s 0.5% mindshare. Additionally, 91% of IBM users are willing to recommend the solution, compared to 86% of Broadcom users who would recommend it.
IBM Security QRadar
Read 208 IBM Security QRadar reviews
  • 2,444 Views
  • 1,660 Comparison Views
91% willing to recommend
Symantec Endpoint Detection...
Read 30 Symantec Endpoint Detection and Response reviews
  • 1,217 Views
  • 707 Comparison Views
86% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 6, 2025

IBM Security QRadar and Symantec Endpoint Detection and Response compete in the security solutions category. Based on feature richness and scalability, IBM Security QRadar appears to have the upper hand with its extensive capabilities.

Features: IBM Security QRadar offers scalability, powerful threat detection, and user behavior analytics which integrate with various platforms. It can be deployed as an all-in-one appliance or as discrete components. Symantec EDR provides robust endpoint protection, superior threat intelligence, and allows extensive scans on endpoints without impacting network performance, fitting seamlessly with existing Symantec solutions.

Room for Improvement: IBM Security QRadar could improve visualization capabilities, enhance its vulnerability scanner, and expand integration options. Symantec EDR could focus on bettering its reporting engine, offering improved customer support, and achieving more predictable pricing.

Ease of Deployment and Customer Service: IBM Security QRadar supports on-premises, hybrid, and cloud-based deployments with generally good technical support. Symantec EDR is regarded as easier to deploy but has received mixed reviews on customer service, especially after its acquisition by Broadcom.

Pricing and ROI: IBM Security QRadar is known for its high cost, suited for enterprises with larger budgets justified by its robust features and scalability. It involves complex licensing costs based on EPS and FPS. Symantec EDR offers a more flexible pricing structure, possibly lower in cloud deployments, but varies significantly based on requirements.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Security QRadar vs. Symantec Endpoint Detection and Response Report (Updated: April 2025).
Buyer's Guide
IBM Security QRadar vs. Symantec Endpoint Detection and Response
April 2025
Download the complete report
Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
17th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
208
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
Symantec Endpoint Detection...
Ranking in Endpoint Detection and Response (EDR)
30th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
30
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of May 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of IBM Security QRadar is 1.2%, down from 1.2% compared to the previous year. The mindshare of Symantec Endpoint Detection and Response is 0.5%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
Read full review
YusufAhmed - PeerSpot reviewer
Easy to use and competitively priced
Honestly, the product needs to continue the way it is, and I feel that everything will be fine. I haven't had any reasons to complain about the product. The product doesn’t offer MDM functionality under its current licensing model. In the future, I want the product to offer MDM. It can allow me to manage my mobile device more efficiently and effectively. Currently, there is a need for a separate license to be added to Symantec Endpoint Detection and Response to be able to use the MDM part. If both are bundled up under the same license, the administration part can be made easier.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The product can scale."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"Stability-wise, I rate the solution a ten out of ten."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"We have the abilities to monitor each instance which originates on the process along with the performance of each department."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
More IBM Security QRadar pros
"I have had absolutely no problem with using this solution, it really works well."
"I've mainly found the antivirus and antispyware features valuable. The documentation is okay as well."
"It is mostly used for malware detection and antivirus purposes."
"The solution does its job with no issues."
"The pricing is good."
"The most valuable features of this product include network isolation for machines and the ability to work with a consistent and defined set of virtual machines."
"The most valuable features of the solution are that it is easy to use and has good support."
"There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good."
More Symantec Endpoint Detection and Response pros
 

Cons

"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"The interface is very old. IBM should remake it into a more modern interface."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"Technical support could be improved by a bit."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement."
"The solution does not support the integration of flat file databases."
More IBM Security QRadar cons
"I think we have experienced some technical issues because the company focuses mainly on bigger clients. Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions."
"I would like to see better scanning capabilities."
"The network forensics feature could be improved."
"They need to improve their cloud presence."
"In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial."
"That's why I wouldn't recommend it for other systems. It works only with SAP clients. That's why I'm giving it a six. It would get higher if it worked on all networks without the help of SAP."
"Reporting is a major issue, as it is not user friendly."
"One potential area for improvement in Symantec EDR is the reporting engine."
More Symantec Endpoint Detection and Response cons
 

Pricing and Cost Advice

"Our licensing costs for this solution is on a yearly basis."
"I think my company pays for the license yearly."
"The price of this solution is reasonable."
"The pricing is always fine."
"The pricing is higher but cheaper than others and there are no additional costs."
"They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis."
"The tool's price is high."
"The pricing is good."
More IBM Security QRadar pricing and cost advice
"Of late, because of the Broadcom purchase, its price has been increasing."
"The price is reasonable."
"We have a yearly subscription, and the pricing is fair."
"It is an expensive solution."
"The more devices we have the more expensive it becomes, which is where the challenge is."
"We pay around $100,000 for 5000 licenses every year."
"The product is cheap."
"Symantec Endpoint Detection and Response is expensive."
More Symantec Endpoint Detection and Response pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
See recommendations
850,028 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is your experience regarding pricing and costs for IBM Security QRadar?
The costing part, or commercials, was a concern.
See all answers
What do you like most about Symantec Endpoint Detection and Response?
The security is good.
See all answers
What is your experience regarding pricing and costs for Symantec Endpoint Detection and Response?
I am not aware of the pricing details, as that falls under the management's responsibility.
See all answers
What needs improvement with Symantec Endpoint Detection and Response?
There are several areas where Symantec Endpoint Detection and Response can improve, including shell features, web control, asset management, and device control. Specifically, the application contro...
See all answers
 

Comparisons

Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 14% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 10% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 7% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 6% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
Kaspersky Endpoint Detection and Response Expert vs Symantec Endpoint Detection and Response Logo
Kaspersky Endpoint Detection and Response Expert vs Symantec Endpoint Detection and Response
Compared 21% of the time
Cisco Secure Endpoint vs Symantec Endpoint Detection and Response Logo
Cisco Secure Endpoint vs Symantec Endpoint Detection and Response
Compared 14% of the time
Kaspersky Endpoint Security Cloud vs Symantec Endpoint Detection and Response Logo
Kaspersky Endpoint Security Cloud vs Symantec Endpoint Detection and Response
Compared 12% of the time
Trend Vision One vs Symantec Endpoint Detection and Response Logo
Trend Vision One vs Symantec Endpoint Detection and Response
Compared 10% of the time
Trellix Endpoint Security (ENS) vs Symantec Endpoint Detection and Response Logo
Trellix Endpoint Security (ENS) vs Symantec Endpoint Detection and Response
Compared 8% of the time
More Symantec Endpoint Detection and Response Competitors
 

Product Reports

Buyer's Guide
IBM Security QRadar
April 2025
IBM Security QRadar reportDownload IBM Security QRadar product report
Buyer's Guide
Symantec Endpoint Detection and Response
April 2025
Symantec Endpoint Detection and Response reportDownload Symantec Endpoint Detection and Response product report
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
No data available
 

Overview

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

IBM

Symantec Endpoint Detection and Response (EDR) is a powerful security solution designed to help organizations proactively detect, investigate, and mitigate advanced threats across their endpoint environments. As part of Broadcom's cybersecurity portfolio, Symantec EDR provides comprehensive visibility into endpoint activities, enabling security teams to quickly identify and respond to threats that evade traditional defenses.

Symantec EDR leverages machine learning, behavioral analysis, and global threat intelligence from Symantec's vast network to detect sophisticated threats, including zero-day attacks, ransomware, and advanced persistent threats (APTs). This allows organizations to identify malicious activities early and respond swiftly to mitigate potential damage. The solution offers automated response options that enable security teams to contain and remediate threats quickly.

Symantec EDR provides detailed forensic capabilities, allowing security analysts to dive deep into endpoint data, investigate incidents thoroughly, and understand the scope and impact of attacks. Features such as timeline analysis, incident graphing, and the ability to isolate endpoints enhance investigative efforts and support effective remediation strategies.

With its centralized management console, Symantec EDR offers visibility across the entire endpoint environment, regardless of the operating systems or whether endpoints are on-premise or remote. Symantec EDR seamlessly integrates with other Symantec security solutions, enhancing its detection capabilities and enabling a unified approach to threat management. Its scalable architecture ensures that businesses of all sizes can benefit from its advanced security features without compromising performance.

Quickly discover and resolve threats with deep endpoint visibility and superior detection analytics, reducing mean time to remediation. Overcome cyber security skills shortages and streamline SOC operations with extensive automation and built-in integrations for sandboxing, SIEM, and orchestration.

Fortify security teams with the unmatched expertise and global scale of Symantec Managed Endpoint Detection and Response services.
Roll out Endpoint Detection and Response (EDR) across Windows, macOS, and Linux devices using Symantec Endpoint Protection (SEP)-integrated EDR or a dissolvable agent.

Broadcom
 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Buyer's Guide
IBM Security QRadar vs. Symantec Endpoint Detection and Response
April 2025
Free Report: IBM Security QRadar vs. Symantec Endpoint Detection and Response
Find out what your peers are saying about IBM Security QRadar vs. Symantec Endpoint Detection and Response and other solutions. Updated: April 2025.
DOWNLOAD NOW
850,028 professionals have used our research since 2012.
See our IBM Security QRadar vs. Symantec Endpoint Detection and Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.