No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Security QRadar vs Trellix Endpoint Detection and Response (EDR) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.8
Cortex XDR reduces costs, minimizes incidents, improves ROI, and enhances efficiency with automation and seamless system integration.
Sentiment score
6.4
IBM Security QRadar offers efficient data management, cost savings, competitive pricing, and long-term protection akin to security insurance.
Sentiment score
6.2
Trellix EDR enhances detection, efficiency, and trust, supporting business goals with cost-effectiveness and improved security despite integration needs.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cyber Security Manager at Welab bank
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
Detection and Response Consultant at Inovasys
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
Network Security Engineer at Cyberwell Solution
With SOAR, the workflow takes one minute or less to complete the analysis.
Cyber Security Architects at VaporVM
AWS gives the chance to implement a solution out of the box with use cases that are already in IBM Security QRadar.
Strategic Account Executive at a computer software company with 51-200 employees
Investing this amount was very much worth it for my organization.
Information Security Analyst at Banglalink
The advanced detection and mitigation capabilities ensure the highest level of protection and proper detection for command and control and bot attacks.
Business Development Manager at a retailer with 10,001+ employees
I have seen a return on investment with Trellix Endpoint Detection and Response (EDR); a lot of time is saved as it minimizes the efforts of manual work.
Security Engineer at LTI Mindtree
 

Customer Service

Sentiment score
7.0
Cortex XDR's adaptable customer service excels in problem-solving, fast response, and professionalism, despite varying quality and log analysis suggestions.
Sentiment score
6.0
IBM Security QRadar support is mixed, with varying response times and expertise, but users find online resources helpful.
Sentiment score
6.6
Trellix EDR support receives mixed reviews, with praise for effectiveness and criticism for response times and support quality.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
Head of data centers at a non-profit with 10,001+ employees
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
Senior Process Expert at A.P. Moller - Maersk
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
Chief of IT Architecture at a financial services firm with 10,001+ employees
They assist with advanced issues, such as hardware or other problems, that are not part of standard operations.
Network and Security Architect at Deutsche Telekom
Support needs to understand the issue first, then escalate it to the engineering team.
Cyber Security Architects at VaporVM
The support is really good; for instance, if a critical ticket is submitted, you will get paged right away as it gets logged, and their analyst will look into it, letting you know as soon as possible so you can work on it.
Cyber Security Intern at a retailer with 1,001-5,000 employees
I have contracted support and also have an operating control so I can get various types of support.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
On our servers, we do not want it to touch our resources, so we deployed Sophos XDR on the server.
Security Administrator at a insurance company with 1,001-5,000 employees
Customer support is a critical component of any enterprise EDR deployment.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable management and deployment capabilities for organizations, though affordability for smaller enterprises may be challenging.
Sentiment score
7.2
IBM Security QRadar is praised for scalability, though challenges in larger setups and specific hardware requirements are noted.
Sentiment score
7.1
Trellix EDR is scalable and favored for flexibility in endpoint management across diverse industries despite speed and support issues.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Assistant Security Architect at Cloudnomics
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Junior Security Analyst at ITSEC Asia
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Head of data centers at a non-profit with 10,001+ employees
For EPS license, if you increase or exceed the EPS license, you cannot receive events.
Cyber Security Architects at VaporVM
Trellix Endpoint Detection and Response (EDR) is built on top of the ePO (ePolicy Orchestrator) management architecture, which is globally recognized as the most scalable endpoint management platform in cybersecurity history.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
Trellix Endpoint Detection and Response (EDR) is really scalable, allowing easy deployment with its agent across all devices and servers within the organization.
Security Engineer at LTI Mindtree
 

Stability Issues

Sentiment score
8.0
Cortex XDR is reliable and stable, with minor issues outweighed by consistent performance and highly rated dependability.
Sentiment score
7.5
IBM Security QRadar offers robust stability and reliability, though some users report issues with patches and high-demand scenarios.
Sentiment score
7.9
Trellix EDR is generally stable but can be resource-intensive, with improvements noted in newer versions and experienced user advantages.
Cortex remains fast and responsive, even with increasing data and alerts.
Final Year Student at Gitam University
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Senior Process Expert at A.P. Moller - Maersk
Cortex XDR by Palo Alto Networks can be trusted completely.
Soc Analyst at Softcell Technologies Limited
On cloud, you don't see any disconnections or instability.
SOC Engineer at a outsourcing company with 10,001+ employees
I think QRadar is stable and currently satisfies my needs.
Architect of Cybersecurity at ASSIST - Software Services
The product has been stable so far.
Information Security Analyst at Banglalink
So I have to use Sophos XDR on servers because Sophos XDR does not consume resources.
Security Administrator at a insurance company with 1,001-5,000 employees
 

Room For Improvement

Cortex XDR needs improved UI, integration, affordability, monitoring, false positive handling, Mac OS support, and better AI features.
IBM Security QRadar users seek improved upgrades, integrations, user interface, cost efficiency, AI features, and better threat detection.
Trellix EDR needs AI upgrades, resource optimization, interface improvements, better integration, and refined alerts for enhanced performance.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
Final Year Student at Gitam University
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Pre Sales Architect at network techlab
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cyber Security Information Security Specialist at MHM Holding GmbH
We receive logs from different types of devices and need a way to correlate them effectively.
Network and Security Architect at Deutsche Telekom
If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules.
Information Security Analyst at Banglalink
IBM Security QRadar does not support Canvas, so we had to create custom scripts and workarounds to pull logs from Canvas.
Cyber Security Architects at VaporVM
I am seeing, for workflows, some sort of ethical hacking to test our environment.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
Trellix Endpoint Detection and Response (EDR) scores highly because of its sheer depth of endpoint visibility, the precision of its behavior-based detection, and the massive time savings we get from its AI-guided investigations.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
Trellix Endpoint Detection and Response (EDR) is interesting and is a very good entry point that has been evolving through the last years.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
 

Setup Cost

Cortex XDR is pricier than some rivals but offers flexible pricing and robust features, costing $55-$90 per endpoint monthly.
IBM Security QRadar is costly but valuable, priced per EPS/FPS, and cheaper than Splunk yet pricier than other SIEMs.
Trellix EDR offers competitive pricing with volume discounts, but requires a three-year contract and advanced features can be costly.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
Consultant at a tech services company with 1,001-5,000 employees
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Senior Process Expert at A.P. Moller - Maersk
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
Soc Analyst at Softcell Technologies Limited
Splunk is more expensive than IBM Security QRadar.
Cyber Security Architects at VaporVM
It was costly mainly because of the value you can get right now compared to other solutions.
CTO at Sabyk
It depends on how much you want to spend.
Strategic Account Executive at a computer software company with 51-200 employees
For the license requirement, we worked with the vendor to secure the minimum price for Trellix endpoint solutions, with no additional costs charged by the vendor.
Security Engineer at LTI Mindtree
Trellix is highly competitive in the enterprise market because they offer aggressive volume-tiered discounting levels, such as levels A through D.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
My experience with pricing, setup cost, and licensing is very cost-effective.
Business Development Manager at a retailer with 10,001+ employees
 

Valuable Features

Cortex XDR by Palo Alto Networks provides AI-driven threat detection, automation, and seamless integration, simplifying security for analysts.
IBM Security QRadar is valued for real-time alerts, scalability, integration, AI features, user-friendly interface, and threat detection.
<p>Trellix EDR enhances threat detection with AI-driven analytics, behavior monitoring, centralized management, and seamless MITRE ATT&amp;CK integration.</p>
It incorporates AI for normal behavior detection, distinguishing unusual operations.
Cyber Security Manager at Welab bank
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
Pre Sales Architect at network techlab
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Final Year Student at Gitam University
Recently, I faced an incident, a cyber incident, and it was detected in real time.
Information Security Analyst at Banglalink
IBM Security QRadar gives the opportunity to improve the time to market of the releases with a great evaluation of cybersecurity breaches.
Strategic Account Executive at a computer software company with 51-200 employees
Compared to ArcSight, Splunk, or any other SIEM tools where you need their processing language such as structured query language, SPL, and in Sentinel there is KQL query languages, IBM Security QRadar doesn't require reliance on query languages.
SOC Engineer at a outsourcing company with 10,001+ employees
Trellix Endpoint Detection and Response (EDR) has very good threat hunting capability.
Security Administrator at a insurance company with 1,001-5,000 employees
Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network.
Business Development Manager at a retailer with 10,001+ employees
Trellix Endpoint Detection and Response (EDR) has positively impacted my organization by allowing us to protect our servers from malware and attacks, ensuring we can safeguard our clients.
Senior Information Security Specialist at a consultancy with 51-200 employees
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
11th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
14th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
29
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of IBM Security QRadar is 2.1%, up from 1.0% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
IBM Security QRadar2.1%
Trellix Endpoint Detection and Response (EDR)1.0%
Other93.3%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
Duncan  Kims - PeerSpot reviewer
Business Development Manager at a retailer with 10,001+ employees
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network. SOAR integration has assisted our security team and management in trusting the product.
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
9%
Manufacturing Company
8%
Financial Services Firm
15%
Construction Company
7%
Manufacturing Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise3
Large Enterprise14
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure abou...
What needs improvement with McAfee MVISION Endpoint Detection and Response?
Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trell...
What is your primary use case for McAfee MVISION Endpoint Detection and Response?
My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behav...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Sutherland Global Services
Find out what your peers are saying about IBM Security QRadar vs. Trellix Endpoint Detection and Response (EDR) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.