Try our new research platform with insights from 80,000+ expert users

Cybereason Endpoint Detection & Response vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cybereason Endpoint Detecti...
Ranking in Endpoint Detection and Response (EDR)
25th
Average Rating
8.0
Reviews Sentiment
7.9
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (35th)
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
17th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
208
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
 

Mindshare comparison

As of April 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Cybereason Endpoint Detection & Response is 1.0%, down from 1.3% compared to the previous year. The mindshare of IBM Security QRadar is 1.2%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Chad Kliewer - PeerSpot reviewer
We can make more informed decisions on whether an action is malicious
The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it. While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together. It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made. It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold."
"What I find most valuable is the clarity of the platform."
"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."
"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."
"For me, the technical support is good."
"It gives all the information in a clear response."
"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"It has improved my efficiency."
 

Cons

"There can be problems with the EDI."
"The network coverage becomes an issue most of the time."
"Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business."
"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."
"I would like to see improvements on the operational side, specifically in grouping."
"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."
"There is room for improvement in the product features related to device control, particularly USB management."
"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."
"The solution is clunky."
"The product can be a bit complex."
"Some of the cloud apps need improvement."
"They should introduce some automation into the product."
"IBM is going through some problems with its resources currently making its support response time slow."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"It would be good if the program allowed certain profiles to only see certain customer information."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
 

Pricing and Cost Advice

"I had to go through a third-party to purchase it, which I wasn't really pleased about."
"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."
"In terms of pricing, it's a good solution."
"The pricing is manageable."
"This product is somewhat expensive and should be cheaper."
"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."
"In terms of cost, this is a good choice for our needs."
"We use QRadar as a managed service and we pay licensing fees to the partner."
"In terms of additional costs, it depends on the subscription that you choose. There are plenty of options to choose from."
"The solution's pricing is based on the EPS model."
"IBM QRadar is a little bit expensive compared to other products."
"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
"The pricing is higher but cheaper than others and there are no additional costs."
"IBM has subscriptions plans that run for one year."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
11%
Manufacturing Company
8%
Government
6%
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?
Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...
What is your primary use case for Cybereason Endpoint Detection & Response?
We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automa...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
 

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about Cybereason Endpoint Detection & Response vs. IBM Security QRadar and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.