Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs McAfee ePolicy Orchestrator comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Security QRadar
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
208
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (17th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
McAfee ePolicy Orchestrator
Ranking in Security Orchestration Automation and Response (SOAR)
12th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
40
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of IBM Security QRadar is 8.1%, down from 9.5% compared to the previous year. The mindshare of McAfee ePolicy Orchestrator is 0.5%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
DavidJones7 - PeerSpot reviewer
Offers automation alert features with easy integrations and impressive scalability
I would rate the initial setup an eight out of ten. There are a few technical challenges with the deployment, but it can easily solved by an experienced professional but not by a beginner user of the tool. The complete implementation and migration to McAfee ePolicy Orchestrator will take around three months. If someone is using a software platform already with implemented use cases in their environment, it might be difficult to implement the same use cases when the customer is migrating to McAfee ePolicy Orchestrator. The conditions and prior alert settings needs to be accurate when migrating to McAfee ePolicy Orchestrator, otherwise false positive alerts might get generated.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product can scale."
"It has a logical, user-friendly GUI."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"The rule engine is very easy to use — very flexible."
"It can analyze event logs, event security, and give a good consult."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"There are a lot of great out-of-the-box features included."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"The most valuable features of this solution are the antivirus and the DLP."
"You have to have some experience, however, it's pretty simple to understand."
"If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good."
"Technical support is very helpful."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"The best part is management in McAfee ePolicy Orchestrator."
"The initial setup is very easy."
 

Cons

"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"The dashboards are all legacy and old."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"The quoting and the dashboard session could be improved. It should be more user-friendly."
"The interface is very old. IBM should remake it into a more modern interface."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"The installation process is quite difficult and requires technical support."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"We would like to see more integration with different platforms and extend this to other platforms. We are migrating to the cloud and want to extend it from our on-premises setup to the cloud."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"Sometimes agents hang. We have to reinstall the agents."
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
 

Pricing and Cost Advice

"When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products."
"Pricing and licensing are competitive. Their new licensing options allow logs to bypass the correlation engine for a flat rate, which is also appealing for log data that is compliance-driven for a small amount of money."
"IBM QRadar is a little bit expensive compared to other products."
"We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
"It could be cheaper, but the value itself is far more important for us than the price. Typically, our clients have yearly subscriptions."
"It is cheaper than ArcSight."
"It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises."
"Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
"$The price of McAfee ePolicy Orchestrator is expensive, it is approximately $6,000 to $9,000 per license annually."
"It's an expensive solution"
"It is attractively priced. It is a fraction of what we're going to pay for CrowdStrike or SentinelOne, but it only has a fraction of the capabilities as well."
"McAfee ePolicy Orchestrator is a cheaply priced product, meaning it is not expensive since McAfee provides a free version of ePO, which includes phone support as well."
"There is a license required to use this solution. If we use the additional components, such as DLP encryption, there is an additional cost. However, it is similar to a separate product altogether. If you want to use that or not, it is optional, but when you use it, it will cost you additional pricing."
"Compared to other Antivirus products, the cost of this solution is a bit high."
"For large enterprise companies, the price should be alright, but for small businesses, the uptake might be slow because, for these clients, the price doesn't look very attractive."
"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a three out of ten."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
849,600 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Computer Software Company
12%
Financial Services Firm
11%
Government
11%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
Which is better - Mcafee's MVision ePO or ePolicy Orchestrator?
Our organization ran comparison tests to determine whether Mcafee's MVision ePO or ePolicy Orchestrator network security software was the better fit for us. We decided to go with Mcafee's ePolicy O...
What do you like most about McAfee MVISION ePO?
McAfee ePolicy Orchestrator's performance is good.
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
McAfee ePO, ePolicy Orchestrator, Intel Security ePolicy Orchestrator, McAfee MVISION ePO
 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Brelje & Race, Cognizant, Sutherland Global Services, Eagle Rock Energy, Arab National Bank, Bank Central Asia, Kleberg Bank, Leading Mexican Bank, SF Police Credit Union, Macquarie Telecom, Seagate Technology, Blackburn & Darwen Council, California Department of Corrections & Rehabilitation, IRCEP, Major U.S. State Government, State of Alaska, State of Colorado, Cemex, Deutsche Edelstahlwerke
Find out what your peers are saying about IBM Security QRadar vs. McAfee ePolicy Orchestrator and other solutions. Updated: April 2025.
849,600 professionals have used our research since 2012.