We performed a comparison between IBM Security QRadar and Sophos MDR based on real PeerSpot user reviews.
Find out in this report how the two Managed Detection and Response (MDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the SIEM and the ticketing function; the latter is very smooth and easy to read and understand. We don't have any issues looking at the ticketing information when we're trying to identify what's going on."
"The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to."
"Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done."
"Binary Defense has a human service department that provides live monitoring for our systems."
"The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"The speed at which their services are reactive is valuable. Nowadays, when a threat hits an endpoint, you've got minutes, not hours or days. Their average response time is about four minutes on an alert. For anything that needs to be sent to us, it's about fourteen minutes, which is pretty good. They're the third SOC that I've used in fifteen years. By far, they are the quickest ones to act. When you're looking at prevention, that's a key factor."
"Among the valuable features are the agent, continuous reporting, and dashboard. It has all the features we need and we haven't had to customize it, other than turning on certain features that we wanted."
"One of the main benefits of Binary Defense MDR is the ability to easily meet with their support team to discuss any issues we encounter."
"The scalability is good."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"I have found visibility very helpful for analytics."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"Stability-wise, I rate the solution a ten out of ten."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"The UBA feature is the most valuable because you can see everything about users' activities."
"The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA)."
"The most valuable feature is the ability to integrate multiple functions into a single dashboard regardless of the vendors being integrated."
"The product’s most valuable feature is ease of use."
"The product as a whole is truly outstanding and it excels in detecting and responding to various types of cyberattacks."
"The product’s most valuable feature is rapid response."
"The product gives us good visibility into what is happening inside the company."
"I like Sophos MDR's inbuilt feature for DLP (Data Loss Prevention)."
"It is a scalable solution."
"The most valuable aspect of this solution is the ability to interact with the firewall and workstations seamlessly to shut down the threats. Additionally, you are able to control the workstations remotely."
"The current reporting system could benefit from improvement."
"I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine."
"It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"We found a couple of bugs in the user interface."
"I would like to see more frequent check-ins with our security status."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine."
"The technical support can be improved a little bit, and the price could be cheaper."
"The usability of interfaces could be improved."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"Its technical support could be better."
"One of the limitations that we have found is with communications and the languages in different countries."
"Threat intelligence is an area for improvement for MDR."
"Endpoint protection is very slow."
"Multitenancy features of Sophos Managed Threat Response should be improved. You cannot use the solution for multiple clients."
"The product's stability needs improvement."
"There is room for improvement in performance and upgrades."
"It is a bit expensive. It could be cheaper. There are many competitive products in the market, like Kaspersky, McAfee Antivirus, and more."
IBM Security QRadar is ranked 10th in Managed Detection and Response (MDR) with 198 reviews while Sophos MDR is ranked 5th in Managed Detection and Response (MDR) with 22 reviews. IBM Security QRadar is rated 8.0, while Sophos MDR is rated 8.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sophos MDR writes "Proactive protection, scalability, and cloud-based efficiency". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas Sophos MDR is most compared with CrowdStrike Falcon Complete, SentinelOne Vigilance, Arctic Wolf Managed Detection and Response, Trend Micro Managed XDR and Bitdefender MDR. See our IBM Security QRadar vs. Sophos MDR report.
See our list of best Managed Detection and Response (MDR) vendors.
We monitor all Managed Detection and Response (MDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.