We performed a comparison between IBM Security QRadar and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. CrowdStrike Falcon is praised for its machine-learning capabilities, optimal resource utilization, and precise threat detection. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Our users prefer IBM Security QRadar over CrowdStrike Falcon. The advanced security features and overall strength of QRadar make it the favored option. Users like QRadar's extensive and actionable insights, user-friendly interface, and adaptability. QRadar offers a comprehensive overview of network activity and risk management.
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The integration with other Microsoft solutions is the most valuable feature."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Microsoft 365 Defender is a good solution and easy to use."
"CrowdStrike Falcon's scalability is good. We have thousands of students using this solution."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"The anomaly detection is the most valuable feature."
"Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading."
"The feature I like the most is the solution's detection."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The EDR and XDR features have been most valuable."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"It helps us discover any threats with their alerts and tracking."
"We run 65 servers globally with just two people: an engineering person and me."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"The flexibility is good in terms of pulling log files."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The price should be adjustable by region."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The mobile app support for Android and iOS is difficult and needs improvement."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"Sometimes CrowdStrike changes the GUI, and they need to be better at informing us and providing guidance concerning that."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"The implementation and configuration are not easy."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"I would like to see a better GUI."
"Do your research before implementing it, because it is tough to implement."
"The user interface needs improvement."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"The solution is expensive compared to other products."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews. CrowdStrike Falcon is rated 8.8, while IBM Security QRadar is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our CrowdStrike Falcon vs. IBM Security QRadar report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.