Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Palo Alto Networks Cortex XSOAR comparison

IBM and Palo Alto Networks are both solutions in the Security Orchestration Automation and Response (SOAR) category. IBM is ranked #4 with an average rating of 7.7, while Palo Alto Networks is ranked #2 with an average rating of 8.7. IBM holds a 7.8% mindshare in SOAR, compared to Palo Alto Networks’s 13.1% mindshare. Additionally, 91% of IBM users are willing to recommend the solution, compared to 92% of Palo Alto Networks users who would recommend it.
IBM Security QRadar
Read 204 IBM Security QRadar reviews
  • 5,523 Views
  • 3,613 Comparison Views
91% willing to recommend
Palo Alto Networks Cortex X...
Read 45 Palo Alto Networks Cortex XSOAR reviews
  • 8,331 Views
  • 4,861 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 5, 2024

IBM Security QRadar and Palo Alto Networks Cortex XSOAR compete in the cybersecurity management space. Cortex XSOAR appears to have the upper hand in automation and integration capabilities, while QRadar excels in intelligence and data correlation.

Features: IBM Security QRadar is recognized for its comprehensive feature set, including the ease of extracting information from raw logs, scalability, and automatic log source identification, coupled with rich dashboards for a user-friendly experience. Palo Alto Networks Cortex XSOAR impresses with its powerful automation, wide-ranging integration capabilities, and customizable playbooks that simplify incident response. Its machine-learning features add a layer of sophistication desirable in robust security orchestration tools.

Room for Improvement: IBM Security QRadar users express the need for better incident management, graphing capabilities, and API integrations. Improved third-party solution integration and a more intuitive user interface are suggested enhancements. Similarly, Palo Alto Networks Cortex XSOAR users highlight areas like pricing structure, dashboard performance, and the complexity of its setup process as opportunities for improvement. Support for more integrations is also noted.

Ease of Deployment and Customer Service: IBM Security QRadar is often deployed in on-premises environments, requiring expertise for installation. Customer service feedback is mixed, with some users finding support satisfactory, while others believe it falls short. Cortex XSOAR offers flexible deployment options across public, private, and hybrid clouds. While customer service is generally seen as responsive, the setup process can be complex, particularly in larger implementations.

Pricing and ROI: IBM Security QRadar is perceived as a high-cost option, suitable mainly for larger organizations. Its licensing is based on events per second, which can be complex, but it offers substantial ROI with its reliable security features. Palo Alto Networks Cortex XSOAR is also seen as expensive, with pricing complexities noted post-acquisition by Palo Alto. Despite the cost, its automation and integration features suggest a worthwhile investment, particularly for medium to large enterprises.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR Report (Updated: December 2024).
Buyer's Guide
IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR
December 2024
Download the complete report
Helped 824,053 peers since 2012
 

Categories and Ranking

IBM Security QRadar
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
204
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
SOC as a Service (2nd)
 

Mindshare comparison

As of December 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of IBM Security QRadar is 7.8%, down from 8.8% compared to the previous year. The mindshare of Palo Alto Networks Cortex XSOAR is 13.1%, down from 15.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
Read full review
NikhilSharma2 - PeerSpot reviewer
Ability to multiple playbooks to fetch data from multiple firewalls and utomated several tasks, including vulnerability scans and SOCL (Security Orchestration, Automation
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Most valuable features include the granularity of information."
"The timeline and machine learning features are great."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"Improved our organization's TCO."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"The rule engine is very easy to use — very flexible."
More IBM Security QRadar pros
"Cortex XSOAR's playbook for incident management and automation is highly valuable."
"Many different playbooks are available and can be customized."
"The product’s stability is good."
"It was useful as a ticketing tool."
"The most valuable features are simplicity and ease of integration."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
More Palo Alto Networks Cortex XSOAR pros
 

Cons

"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"The IBM support can be better."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"It is not app based."
"The solution is expensive compared to other products."
"The tech support is not that good."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
More IBM Security QRadar cons
"The user interface (UI) is quite heavy and takes time to load, which is a major drawback."
"Its dashboard features need improvement."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"The solution's correlation rules and playbooks should be improved."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The solution is complicated to learn."
"It is not a very scalable solution."
More Palo Alto Networks Cortex XSOAR cons
 

Pricing and Cost Advice

"IBM has subscriptions plans that run for one year."
"Only enterprise businesses can afford the tool."
"I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive."
"Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years."
"Pricing is good."
"The license is not subscription-based."
"It's very expensive but it fits our budget."
"It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
More IBM Security QRadar pricing and cost advice
"From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
"The solution is a bit on the expensive side."
"There is a yearly license required for this solution and it is expensive."
"The price of Palo Alto Networks Cortex XSOAR could be reduced. We are always looking for a discount. There is an annual license needed to use this solution."
"The solution is based on an annual licensing model that is expensive."
"My company did not make any payments towards the licensing costs attached to the product since we were only using its pilot version."
"The solution's cost is reasonable."
"The solution's cost is high."
More Palo Alto Networks Cortex XSOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
824,053 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Top Industries

By visitors reading reviews
Educational Organization
23%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
6%
Financial Services Firm
14%
Computer Software Company
13%
Government
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
See all answers
What do you like most about Palo Alto Networks Cortex XSOAR?
The product can automate security tasks.
See all answers
What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
The price of the solution is high and not justifiable for small or medium-sized companies without a developed cybersecurity team.
See all answers
What needs improvement with Palo Alto Networks Cortex XSOAR?
The price of the solution could be lower. Companies utilizing this solution should have a well-developed cybersecurity team to maximize its benefits. It is more suited for large organizations rathe...
See all answers
 

Comparisons

Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 12% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 6% of the time
Wazuh vs IBM Security QRadar Logo
Wazuh vs IBM Security QRadar
Compared 6% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
More IBM Security QRadar Competitors
Cortex XSIAM vs Palo Alto Networks Cortex XSOAR Logo
Cortex XSIAM vs Palo Alto Networks Cortex XSOAR
Compared 38% of the time
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR Logo
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR
Compared 9% of the time
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
Compared 8% of the time
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR Logo
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR
Compared 8% of the time
Google Security Operations vs Palo Alto Networks Cortex XSOAR Logo
Google Security Operations vs Palo Alto Networks Cortex XSOAR
Compared 1% of the time
More Palo Alto Networks Cortex XSOAR Competitors
 

Product Reports

Buyer's Guide
IBM Security QRadar
December 2024
IBM Security QRadar reportDownload IBM Security QRadar product report
Buyer's Guide
Palo Alto Networks Cortex XSOAR
December 2024
Palo Alto Networks Cortex XSOAR reportDownload Palo Alto Networks Cortex XSOAR product report
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
Demisto Enterprise, Cortex XSOAR, Demisto
 

Learn More

IBM
Palo Alto Networks
 

Overview

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.

Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.

The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.


Benefits of Palo Alto Networks Cortex XSOAR

Some of Palo Alto Networks Cortex XSOAR’s benefits include:

  • The ability to have all of your data collected in a single location. Valuable time can be saved now that everything that security analysts need to know in order to diagnose and react to threats has been centralized.
  • Security operations center tasks can be automated. This allows you to assign management and analyst staff to the most essential tasks. The effectiveness of your organization will be increased, which will result in a rise in your company’s overall security and productivity.
  • Many kinds of data can be stitched together by this platform. Network, endpoint, cloud, and identity data can be combined to offer a more complete picture of the threats that are discovered.
  • Integrated threat intelligence management can notify you about threats in real time. Now you can diagnose and address issues as they arise. You can also assign values to the threats so that your resources are being used in the most effective manner possible.


Reviews from Real Users

Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.

Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Buyer's Guide
IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR
December 2024
Free Report: IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR
Find out what your peers are saying about IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR and other solutions. Updated: December 2024.
DOWNLOAD NOW
824,053 professionals have used our research since 2012.
See our IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.