No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Security QRadar vs ReliaQuest GreyMatter comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 25, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
110
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
IBM Security QRadar
Ranking in Extended Detection and Response (XDR)
10th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
217
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (2nd), Endpoint Detection and Response (EDR) (12th), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th)
ReliaQuest GreyMatter
Ranking in Extended Detection and Response (XDR)
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Digital Risk Protection (10th), Managed Detection and Response (MDR) (18th)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
MK
Senior Security Analyst at Tata Consultancy
Unified security monitoring has reduced alert fatigue and improves proactive threat hunting
I use real-time monitoring in ReliaQuest GreyMatter, which significantly improves my security posture. The unified interface helps reduce alert fatigue. I would estimate it saves around 20% in alert fatigue reduction. The automated threat hunting capabilities in ReliaQuest GreyMatter help me stay ahead of threats. The machine learning algorithm benefits my threat intelligence by providing deeper insights and predictions. I use various metrics to rate the success of the predictive threat intelligence in ReliaQuest GreyMatter.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like that the product has behavior-based detection which offers many benefits over signature-based detection."
"We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool."
"It's a nice product that's stable and scalable."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"Technical support is the best in class, in my opinion, because they have invested heavily in research and development."
"There are other third-party plugins that we can use."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"The solution is easy to use, manage, and review all incidents."
"The UBA feature is the most valuable because you can see everything about users' activities."
"I would recommend the solution to others."
"Overall, IBM QRadar is very good but no product is perfect."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"ReliaQuest GreyMatter has helped us to reduce security incidents by 89%, which is a significant amount of incidents we have seen."
"ReliaQuest GreyMatter saves around 60% of time or resources."
 

Cons

"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"It is a complex solution to implement."
"The solution could improve by providing better integration with their own products and others."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"The QRadar implementation guide, especially in cluster environment, is complicated to deploy in an enterprise level."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"The modularity could be improved."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"However, when it comes to IBM, they consider each module as a separate license with a separate cost."
"I think the solution lacks some maturity."
"Their technical support is also good. During weekends they are only looking at the priority issues. That is difficult, because sometimes the critical log sources stop sending events to QRadar and in those cases we need support on an urgent basis, but they're not going to support it during weekend."
"Areas that have room for improvement include user interface and integration."
 

Pricing and Cost Advice

"It has reasonable pricing for the use cases it provides to the company."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"Cortex XDR’s pricing is very reasonable."
"The cost depends on your chosen license type, like Pro or other licenses."
"I don't like that they have different types of licenses."
"It has a yearly renewal."
"It would be great if this product were cheaper."
"It is very expensive."
"Pricing (based on EPS) will be more accurate."
"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar."
"They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis."
"It's too expensive."
"Pricing is good."
Information not available
report
Use our free recommendation engine to learn which Managed Detection and Response (MDR) solutions are best for your needs.
893,244 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
12%
Comms Service Provider
9%
Manufacturing Company
8%
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
7%
Construction Company
7%
Financial Services Firm
11%
Manufacturing Company
8%
Construction Company
7%
Retailer
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business45
Midsize Enterprise21
Large Enterprise48
By reviewers
Company SizeCount
Small Business91
Midsize Enterprise39
Large Enterprise105
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
What needs improvement with ReliaQuest GreyMatter?
Areas that have room for improvement include user interface and integration.
What is your primary use case for ReliaQuest GreyMatter?
I use ReliaQuest GreyMatter for detection and response, XDR, and SIEM. The best features I like about GreyMatter the ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Find out what your peers are saying about IBM Security QRadar vs. ReliaQuest GreyMatter and other solutions. Updated: April 2026.
893,244 professionals have used our research since 2012.