TrustRadius: an HG Insights company

IBM Security QRadar EDR

Score7.5 out of 10

44 Reviews and Ratings

Contact

What is IBM Security QRadar EDR?

IBM Security QRadar EDR (formerly ReaQta) combines automation and dashboards to minimize analyst workloads, detect anomalous endpoint behavior and remediate threats in near real time.

With visibility across endpoints, it combines expected features, like MITRE ATT&CK mapping and attack visualizations, with dual-engine AI and automation.

For teams that need extended support, managed detection and response (MDR) services offers 24/7 monitoring and response to help keep users protected. QRadar EDR can be deployed as SaaS, on-premises and in air-gapped environments.


https://ibm.biz/QRadar_EDR_product_page


Categories & Use Cases

Media

Screenshot of Behavioral tree: A behavioral tree provides full alert and attack visibility.
Screenshot of Behavioral tree storyline: A visual storyline is automatically created as an attack unfolds, including mapping to MITRE ATT&CK, for full visibility.
Screenshot of Cyber Assistant alerts: The Cyber Assistant, an AI-powered alert management system, can autonomously handle alerts, reducing analysts’ workloads.
Screenshot of Cyber Assistant recommends: The Cyber Assistant learns from analyst decisions, then retains the intellectual capital and learned behaviors to make recommendations and help reduce false positives.
Screenshot of Custom detection strategies: Detection Strategy (DeStra) scripting allows users to build custom detection strategies — beyond preconfigured models — to address compliance or company-specific requirements without the need to reboot the endpoint.

1 / 5

Screenshot of Behavioral tree: A behavioral tree provides full alert and attack visibility.

Key Features

Learn about the best (and worst!) features IBM Security QRadar EDR has to offer, as determined by TrustRadius' reviewers.
Based on 44 ratings of IBM Security QRadar EDR's features
View all features

Top Performing Features

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Anti-Exploit Technology

    In-memory and application layer attack blocking (e.g. ransomeware)

    Category average: 8.6

  • Centralized Management

    Centralized management supporting multi-factor authentication, customized views, and role-based access control.

    Category average: 8.5

Areas for Improvement

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.8

  • Malware Detection

    Detection and blocking of zero-day file and fileless malware.

    Category average: 9

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.3

Reviews

What users are saying about IBM Security QRadar EDR.
View all reviews

IBM Security QRadar EDR review

Incentivized
Verified User
Administrator in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

IBM Security QRadar EDR is used by Endpoint Team. It is flexible in deployment. It is available as both SaaS and on-premises solutions in my organization. It is integrated with IBM Managed Security Services for 24x7 monitoring and response. It protects combination of endpoints, including desktops, laptops, servers and VDI

Pros

  • Endpoint Coverage
  • Flexible in deployment
  • advanced threat protection

Cons

  • license is costly
  • tac support availability
  • scripting should be more easy

Return on Investment

  • Improved security posture
  • easy to administer
  • reducing response time and analyst work hours

Alternatives Considered

Microsoft Sentinel

IBM Security QRadar EDR Review

Verified User
Team Lead in Finance and Accounting (10,001+ employees employees)

Use Cases and Deployment Scope

Yes we at organisation uses QRadar for robust endpoint detection/ response with AI-driven threat hunting, same has been integrated with SIEM. This also protects UPI/digital wallet via real-time transaction behaviour analysis.

Pros

  • Auto contains threats (ransomware/zero-days) in seconds
  • XDR readiness (integrate Azure/AWS etc)
  • Stops supply chain attacks

Cons

  • Dashboard looks very clutter compared to compitition like crowdstrike, splunk
  • Steep learning curve
  • Costly licensing

Return on Investment

  • Stop supply chain attacks (malicious nom packages targeting mobile app)
  • Cuts breach cost by 40% via rapid containment

Alternatives Considered

Splunk Enterprise Security, CrowdStrike Next-Gen SIEM and Microsoft Sentinel

Other Software Used

IBM Security QRadar SIEM, IBM Security QRadar SOAR, Red Hat OpenShift

Great security solution with advanced analytics and intuitive interface

Incentivized
Laury Mante
Senior Software Quality Assurance Analyst in Information Technology at Computools (501-1000 employees employees)

Use Cases and Deployment Scope

IBM Security QRadar EDR is a reliable endpoint security solution that uses advanced analytics to detect threats and malwares and vulnerabilities and it is only possible because of predefined rules and policies that come with it by default. Also its intuitive interface simplifies security operations for everyone and makes it very easy to operate. And it meets all the security needs a business may ever need and hence it is the best security solution.

Pros

  • Uses advanced analytics to detect threats and malwares and vulnerabilities in real time.
  • Intuitive interface so everyone can use it.
  • Easy to implement and set it up.

Cons

  • For large organizations, the pricing may be ok. But for smaller organization the price is quite high.
  • Sometimes consume too much resources though it doesn't last long and returns to normal usage after sometime.

Return on Investment

  • Uses predefined rules and policies to detect threats and malwares.
  • Have reasonable pricing though for smaller organization it might be quite high.
  • Intuitive interface makes it easy to operate.

Other Software Used

Rubrik

My Experience for IBM Security QRadar.

Incentivized
sandeep kambojView profile
Software Engineer in Engineering at Tech Casa LLP (11-50 employees employees)

Use Cases and Deployment Scope

IBM Security RRader EDR has a straightforward and user-friendly interface. IBM Security QReata is easy to use for users and helps security analysis navigate the system more effectively. Real-time monitoring of network traffic and endpoint activities also helps admins reduce risk and respond to security incidents in a timely manner. I think not every security vendor provides continuous updates as fast as IBM. IBM is easy to implement.

Pros

  • Automatic alert management.
  • Analysis
  • UI/ UX

Cons

  • System Performance.
  • Little Bit Expensive.

Return on Investment

  • Positive impact is customizable detection strategy.
  • Other positive impact is pin processes in the tree investigation.
  • Negative impact is little bit expense.

Alternatives Considered

Microsoft Defender for Endpoint

Other Software Used

Oracle Java Card

IBM Security QRadar EDR endpoint security

Incentivized
Dr. Paul NemirovskyView profile
Cybersecurity Advisor in Information Technology at Northrop Grumman, CenturyLink, Lumen, Advisory (1001-5000 employees employees)

Use Cases and Deployment Scope

We leverage IBM Security QRadar EDR capability to protect endpoints from cyberattacks, detect anomalous behavior and remediate security issues. The business problems we address with this service are the endpoint security of the enterprise IT systems, including network and IT infrastructure systems, automatic threat remediation, informed cybersecurity decision-making with attack visualization storyboards

Pros

  • Detect known and unknown endpoint security threats
  • Remediate these threats near real time
  • Automation in threat detection
  • Threat attack attack visualization storyboards
  • Alert management authomation

Cons

  • IBM Security QRadar EDR is expensive to use
  • Requires a complex and confusing training
  • Labor intensive to support
  • Complex to integrate with SOC/NOC (security operations center/network operations center) services

Return on Investment

  • NOCs and SOCs heavily use IBM Security QRadar EDR and IBM Security QRadar EDR reduced labor costs to identify endpoint security threats and the treat remediation
  • IBM Security QRadar EDR offers a consistent approach to endpoint threat identification and resolution, reduces enterprise security operations support costs
  • In general, IBM Security QRadar EDR enhances enterprise security posture

Other Software Used

Microsoft Defender for Endpoint, VMware Carbon Black EDR

Related Products

Products similar to IBM Security QRadar EDR that may also meet your needs.
All comparisons
SentinelOne Singularity
CompareLearn more
CrowdStrike Falcon
CompareLearn more
Carbon Black Endpoint
CompareLearn more
Microsoft Defender for Endpoint
CompareLearn more