IBM Security QRadar and Microsoft Defender XDR are complementary cybersecurity solutions that tackle security from different angles. QRadar is a Security Information and Event Management (SIEM) system that collects and analyzes diverse logs from various security tools and network devices. It is praised for its advanced threat detection capabilities, customizable dashboards, and seamless integration with other security tools. On the other hand, Defender XDR is an Extended Detection and Response (XDR) solution, praised for its robust security measures, incident response, and seamless integration with Microsoft products.
The summary above is based on 187 interviews we conducted recently with IBM Security QRadar and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"This is stable and scalable."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Ability to get forensics details and also memory exfiltration."
"The product's initial setup phase is very easy."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"The setup is pretty simple."
"I have found its network traffic log, network bit log, and QBI most valuable."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"The most valuable feature is the machine learning module."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"It has a good integration with the artificial intelligence engine of Watson."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"I like the graphical interface. It's so good and easy."
"IBM QRadar Advisor with Watson is a stable solution."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The summarization of emails is a valuable feature."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The support needs improvement."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The SIEM could be improved."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"ZTNA can improve latency."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"The product can be a bit complex."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"I would like to see the update process simplified."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The support team is not competent or responsive."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
IBM Security QRadar is ranked 11th in Extended Detection and Response (XDR) with 198 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. IBM Security QRadar is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our IBM Security QRadar vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.