IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Security Information and Event Management (SIEM)
July 2022
Get our free report covering Amazon, Splunk, IBM, and other competitors of Microsoft Sentinel. Updated: July 2022.
621,703 professionals have used our research since 2012.

Read reviews of Microsoft Sentinel alternatives and competitors

Berik Sultanbekov - PeerSpot reviewer
CS engineer at AYACOM
Real User
Top 20
Comes with a lot of predefined connectors and good correlation rules, but needs better reporting and doesn't have a SOAR system by default
Pros and Cons
  • "It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
  • "It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."

What is our primary use case?

We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.

What is most valuable?

QRadar has a lot of connectors out of the box. It has a lot of predefined and pre-deployed connectors that you can use. 

It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want. 

It supports using SQL queries. Sentinel uses KQL, but you need to learn it from scratch.

What needs improvement?

It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar. 

Its reporting can be improved.

For how long have I used the solution?

I have been using this solution for approximately three years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. It works for small, medium, and large enterprises. You can have a huge SOC, and you can implement it in a big company. 

Our company has more than 5,000 assets, and we are covering them all with the QRadar system.

Which solution did I use previously and why did I switch?

We are using Azure Sentinel for our cloud-based solutions. The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.

Azure Sentinel doesn't have many connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM.

If we start to collect all logs from our on-premise SIEM solutions, Azure Sentinel will cost much more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than QRadar.

What's my experience with pricing, setup cost, and licensing?

You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis.

If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar.

What other advice do I have?

I would recommend purchasing a cloud-based license subscription because it doesn't have any limits on the license. You can easily install it in a cloud environment. This cloud pack can be integrated with different types of SIEM solutions. So, you can use one management console to query all of the SIEM systems that you are managing. It is like having one window to manage your SOC. For example, a SOC can operate, manage, or provide services for different types of companies, and all these companies can have different types of SIEM solutions. With the cloud subscription of QRadar, you can cover all companies, which is good in my opinion.

I would recommend both QRadar and Azure Sentinel. It depends on the use case of a customer and the environment that they are using.

I would rate QRadar a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Buyer's Guide
Security Information and Event Management (SIEM)
July 2022
Get our free report covering Amazon, Splunk, IBM, and other competitors of Microsoft Sentinel. Updated: July 2022.
621,703 professionals have used our research since 2012.