We performed a comparison between IBM Security QRadar and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Free ingestion for Azure logs (with E5 licence)"
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It has basic out-of-the-box integrations with multiple log sources."
"It has a lot of great features."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The initial setup is very simple and straightforward."
"I think it's a very stable product that provides much more visibility than the other product."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"The scalability is very good. It's not a problem."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"It has improved my efficiency."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The most valuable features include predefined use cases and threatening states."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
"It's resource-intensive."
"Dashboards and reports could provide better visualization of SIEM activity."
"The implementation and configuration are not easy."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"While the interface is easy to use, it could be a little more responsive."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"It should have more cloud connectors. It could also be cheaper."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Integrations could be improved, and the dashboard could be a little better."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. IBM Security QRadar is rated 8.0, while Trellix Helix is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, USM Anywhere and Palo Alto Networks Cortex XSOAR. See our IBM Security QRadar vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.