Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Kaspersky Endpoint Detection and Response Expert comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
17th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
207
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (12th)
Kaspersky Endpoint Detectio...
Ranking in Endpoint Detection and Response (EDR)
19th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
46
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of March 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of IBM Security QRadar is 1.2%, up from 1.1% compared to the previous year. The mindshare of Kaspersky Endpoint Detection and Response Expert is 1.3%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
Rodrigo Censi - PeerSpot reviewer
Patch management and integration capabilities drive effective endpoint response management
We work with Kaspersky and two modalities: the Censi final and Censi license. Most of our clients work in financial areas and industry. Our regular enterprise business relies on these solutions Kaspersky is viable with ADR; the Endpoint Detection response feature and the BitLocker management…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We've found the solution to be scalable."
"One of the most valuable features of this solution is it has very good data correlation."
"Customer service is very good and very helpful."
"We run 65 servers globally with just two people: an engineering person and me."
"The product can scale."
"The solution can scale."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"There are other third-party plugins that we can use."
"We can scale the solution."
"I like the tool’s response to malware and trojans."
"Provides web and DNS protection over https."
"The performance for Kaspersky is good, and it's not impacted our client performance."
"The most valuable feature of Kaspersky EDR is its simplicity. The console is easy to use and not very complex."
"We have a central console and from there you can monitor all workstations via an agent."
"We've found the solution to be stable."
"It is a scalable solution...It is a stable solution."
 

Cons

"It is not app based."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"There could be better integration with the solution."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The solution is expensive compared to other products."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"Installing Kaspersky is complex. It requires more work from system admins and takes almost one week to deploy, including integration and mapping with other solutions. You also have to configure Kaspersky EDR sandboxing then set up permissions for various teams and customers."
"The solution does not offer much support to its users in Spanish, so I would like to see them offer more support in Spanish."
"There are some issues with EDR's web policy blocking sites that are marked as exceptions."
"I would like better integration with other products."
"The product should release more frequent updates. The tool needs to improve its scalability as well."
"Kaspersky Endpoint Detection and Response should continue to improve its protection while adapting to the changing threat ecosystems. Having more advanced features would be a benefit."
"There is a problem with the solution, it came from Russia and we are looking for a replacement."
"Device control is lacking in EDR."
 

Pricing and Cost Advice

"Pricing (based on EPS) will be more accurate."
"It is costlier as compared to the other alternatives available in the market."
"A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing."
"Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
"It is a perpetual license that we have for the event collector. The licensing is done based on the number of events and flows that you receive on this particular device. These are perpetual licenses, which means once you purchase them, they don't expire, which means that the support to IBM is definitely renewed after every one year. We have an enterprise agreement with IBM, which puts the cost in a totally different category as compared to someone who is not an IBM partner and is approaching IBM for this solution. We were able to get massive discounts. To give you an idea, we recently purchased 30,000 event licenses, and it costs around $480,000. It is definitely not a cheap product. We have licenses for about 270,000 events per second and 3 million flows per second. All the appliances and their events and flows are basically clubbed together and charged or rather calculated through a single source. The console receives all the details from all the event processes that we have globally. So, the license that we have is a single license for 270,000 events per second and 3 million flows per second, but that can be managed centrally. I was only part of the secondary purchase, which was 30,000 events per second for about $480,000. You can calculate how much we paid for 270,000 events. Reducing its price would be a compromise. We have already used a lower-priced product in the form of NNT, but we had to get rid of it because it was not doing the job that we actually wanted to do. You get what you pay for."
"Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
"We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
"It would be great if this product were cheaper."
"EDR is priced on the cheaper side. Licensing for EDR is available on a yearly basis for around 80 SAR a year."
"The price of the solution could be reduced."
"The price of Kaspersky Endpoint Detection and Response is in the middle range compared to competitors. The pricing model is based on the users using the solutions. The cost for us is approximately 2200 Algerian dinars. The price of the solution could be reduced."
"The product has a valuable pricing model. We need to purchase its monthly subscription."
"The license for EDR costs about 1,000 pesos per user. I would rate the pricing as four out of five."
"There is an annual license to use Kaspersky Endpoint Detection and Response. The price overall is a bit expensive when compared to other solutions. There are not any additional fees other than the license."
"Kaspersky's pricing is very competitive when it comes to comparison with the other solutions."
"Kaspersky is licensed on a yearly basis."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Computer Software Company
16%
Financial Services Firm
9%
Educational Organization
8%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
What do you like most about Kaspersky Endpoint Detection and Response Expert?
The integration with our hypervisor is quite smooth, especially within the Kaspersky Enterprise environment. We have many virtual machines, and the integration is helpful.
What is your experience regarding pricing and costs for Kaspersky Endpoint Detection and Response Expert?
If one is cheap, ten is expensive, I rate the product’s price as a seven out of ten, especially if I compare it with CrowdStrike.
What needs improvement with Kaspersky Endpoint Detection and Response Expert?
The Kaspersky console could be easier to navigate and generate reports from. We've got Stripe in the method of deployment, which makes it easier and requires lower integration from my team. Deploym...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
Kaspersky EDR
 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Ferrari, Insolar, Tael, Republic of Serbia
Find out what your peers are saying about IBM Security QRadar vs. Kaspersky Endpoint Detection and Response Expert and other solutions. Updated: March 2025.
842,651 professionals have used our research since 2012.