We performed a comparison between IBM Security QRadar and Trellix Active Response based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The solution was relatively easy to deploy."
"The product's initial setup phase is very easy."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The price is low and quite competitive with others."
"NGAV and EDR features are outstanding."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"There are other third-party plugins that we can use."
"It is a very optimized engine."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"Search capabilities are sufficient for most tasks."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"The solution is scalable."
"ZTNA can improve latency."
"Detections could be improved."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The solution is not stable."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We find the solution to be a bit expensive."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"QRadar needs a lot of fine tuning"
"I need a solution which will send alerts in the event of any behavior."
"I would like the rule creation interface to be much more user-friendly in the next release."
"The implementation and configuration are not easy."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue."
"I would like to see more integration in place after the security lock."
"While the product is good, we are currently facing support issues."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"I also expected Active Response 's user interface to be much more analytical."
Earn 20 points
IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews while Trellix Active Response is ranked 57th in Endpoint Detection and Response (EDR). IBM Security QRadar is rated 8.0, while Trellix Active Response is rated 6.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas Trellix Active Response is most compared with Trellix Endpoint Detection and Response (EDR) and Trellix Endpoint Security (ENS).
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.