Try our new research platform with insights from 80,000+ expert users

IBM Security QRadar vs Trellix Endpoint Detection and Response (EDR) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024
 

Categories and Ranking

IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
18th
Average Rating
8.0
Number of Reviews
204
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (10th), Extended Detection and Response (XDR) (14th)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
23rd
Average Rating
7.4
Number of Reviews
22
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Endpoint Detection and Response (EDR) category, the mindshare of IBM Security QRadar is 1.5%, up from 1.1% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 0.9%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Muzzamil Hussain - PeerSpot reviewer
Aug 1, 2024
Is easy to integrate and doesn't require maintenance
One major drawback we are facing is in the area of IBM Security QRadar integration with flat file databases. IBM Security QRadar does not support flat file database integration. We are currently facing an issue with respect to the database, which you normally call a NoSQL database. There is no direct integration mechanism available with IBM Security QRadar. We have to approach IBM and generate a ticket so that they can develop a custom method for the integration. In database integration, we are facing issues with IBM Security QRadar. The solution does not support the integration of flat file databases. Certain organizations have flat file databases. IBM does not support direct integration with some databases. We had to create a plug, and we requested IBM to develop a parser, but it is taking IBM a couple of months to develop it. I think a flat-file database should be supported directly instead of developing a parser plugin. There should be a more refined threat intelligence platform, and cross-integration should be possible with locally available threat intelligence platforms.
Moizuddin Sayed - PeerSpot reviewer
Jul 3, 2022
A multiple feature solution that is stable, scalable and straightforward to implement
It has been helpful in terms of identifying unknown threats. The file is available on the endpoint, and the information is retrieved to identify any unknown or malicious file and then converted to a known file The endpoints and utilization are too high, which impacts the production activity.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"The solution is relatively easy to use."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"Vulnerability data, network data and the like, are part of correlation and detection."
"It is really helpful to us from the compliance point of view."
"The investigation and rule detection feature of the solution has proven most useful for our company"
"The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus."
"The product provides a one-click recovery of encrypted files."
"The most valuable feature of the solution is its area for threat detection."
"When Trellix detects some threats, the device is isolated in a quarantine zone for examination."
"If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."
"The product's initial setup phase was very straightforward since you just need to install it, and it works."
"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."
 

Cons

"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"The solution lacks some maturity."
"The initial setup was complex, and it took six months."
"The product does not have a team for investigating malware."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"The CPU utilization of the product is quite high compared to its competitors."
"The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules."
"The dashboard and reporting features are not so user-friendly or intuitive, so they need some work."
"The searching capabilities for the IOCs can be further improved"
"I'd like the tool to become more like an XDR, with one management system and endpoint activation."
"Trellix does not support Linux and Mac."
"The graphical view for nodes must be increased."
"Trellix needs to focus on gaining traction with partners and building trust among users."
 

Pricing and Cost Advice

"The tool's on-premise version is expensive. However, it is cheaper than Splunk. The hybrid model offers shared instances for customers, which is not expensive. Customers with a limited budget can opt for it. You can get premium support with licenses. However, if you need customized integration, you need to buy it."
"There is a license to use this solution, which is paid annually. However, there are subscription options available."
"The price of this product is high."
"The solution's pricing is based on the EPS model."
"It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows."
"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"It's too expensive."
"I think my company pays for the license yearly."
"The pricing is always high."
"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."
"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."
"The cost is okay, compared to other products."
"The price is reasonable."
"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."
"The product’s pricing is reasonable."
"McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
Computer Software Company
16%
Manufacturing Company
12%
Financial Services Firm
11%
Government
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about IBM QRadar?
The event collector, flow collector, PCAP and SOAR are valuable.
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand.
What needs improvement with McAfee MVISION Endpoint Detection and Response?
When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required. The tool's support needs to improve in the areas of ...
 

Also Known As

IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar, IBM QRadar User Behavior Analytics, IBM QRadar Advisor with Watson
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
 

Learn More

 

Overview

 

Sample Customers

Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Sutherland Global Services
Find out what your peers are saying about IBM Security QRadar vs. Trellix Endpoint Detection and Response (EDR) and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.