No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Security QRadar vs Sangfor Endpoint Secure comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
112
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
10th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
Sangfor Endpoint Secure
Ranking in Endpoint Detection and Response (EDR)
35th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.5%, down from 4.0% compared to the previous year. The mindshare of IBM Security QRadar is 2.1%, up from 1.0% compared to the previous year. The mindshare of Sangfor Endpoint Secure is 0.8%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.5%
IBM Security QRadar2.1%
Sangfor Endpoint Secure0.8%
Other93.6%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
OA
Coordinator Associate at National Institute of Cardiovascular Diseases
Quick threat response and behavior analysis while enhancing network security
The main use case is usually related to security. It deals with attacks that come day-to-day such as zero-day attacks and APT attacks. Our main task is to secure the network infrastructure in the hospital where I work It facilitates the departments of IT and other departments to procure and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR by Palo Alto Networks should be a stable solution."
"This software helps us understand any issues that may arise when someone is not at work."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"It blocks malicious files, prevents attacks, and doesn't require many updates because it is a very light application."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud, it makes it better to use for everybody, it allows for quick learning and updates and can, therefore, offer zero-day malware security, and this sharing of metadata helps make the solution very safe."
"Palo Alto is the core of the security infrastructure in the environment."
"It has very rich functionality."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"The technical support is very good."
"QRadar's stability is great because it is always live and is always catching and monitoring all the information that we need."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"The most important and valuable feature of QRadar is how useful it is for preparing use cases."
"The ability to correlate large amounts of data into rules that provide real-time alerting is the most valuable feature."
"The UBA feature is the most valuable because you can see everything about users' activities."
"The tool's AI feature is helpful in endpoint security."
"The user-friendliness of Sangfor Endpoint Secure is particularly impressive. Even with basic technical knowledge, users can easily navigate the system, make changes, and implement updates."
"What stands out to me is the dual-end user interface they provide."
"I like the tool's honeypot feature. Some features include having a honeypot to detect attacks in a certain area. Additionally, there is RDP protection, which means that when we remote into our server or any endpoint, we must enter a password as a second layer of security. It can also integrate with next-generation firewalls."
"The most valuable feature I have found in the system is its comprehensive end-to-end protection."
"Sangfor Endpoint Secure has some good policy certificates."
"We use the product for network protection from any malicious threat."
"The tool's most valuable features are control access, endpoint security, and load balancing of ISPs."
 

Cons

"The GUI could be improved."
"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"The solution eats memory of the computer, unlike anything I've ever seen."
"The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive."
"There are some limitations on the Traps agents."
"The negative aspect I see is the economic model used by Palo Alto."
"Managing the product should be easier."
"It is not a reporting tool. It is the worst possible tool to ever expect any reporting."
"Graphing on the system is a tad course."
"The initial setup was complex, and it took six months."
"The solution lacks vendor support."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"The dashboards are all legacy and old."
"QRadar's issue is it needs to add behavioral analytics."
"It would be much more convenient if the migration tool could be installed directly on the customer's VMs, enabling a smoother migration process to the new infrastructure, with potential restrictions addressed accordingly."
"I believe Sangfor Endpoint Secure could improve in terms of its user interface and management capabilities."
"Sangfor Endpoint Secure should include healing capabilities."
"Sangfor Endpoint Secure performs poorly."
"When an issue occurs, the response time for first-level support and the time taken for meetings could be improved."
"It is complicated to establish a tunnel due to technical issues in the VPN system."
"Currently, the tool lacks reporting functionalities."
"I face issues while migrating from Kaspersky to Sangfor Endpoint Secure."
 

Pricing and Cost Advice

"The pricing is okay, although direct support can be expensive."
"I feel it is fairly priced."
"Cortex XDR’s pricing is very reasonable."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"Very costly product."
"It is "expensive" and flexible."
"The tool's price is moderate."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The solution has a licensing model that is based on events per second so it scales to need and budget."
"A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing."
"The tool's price is high."
"The pricing is good."
"The solution is priced fairly, there is a license for the solution, and we pay annually."
"The maintenance costs are high."
"We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
"Go through a vulnerability assessment review for price breaks. A virtualized solution will also cut down on cost."
"Price-wise, Sangfor Endpoint Secure can be considered a competitively priced product in the market as it offers quite low prices compared to other solutions."
"Its "pay as you grow" model offers cost-effectiveness compared to major cloud providers."
"The solution is cheap. It is cheaper than other products by 15-20 percent."
"Sangfor Endpoint Secure is not a cheap solution."
"Sangfor Endpoint Secure's pricing is cheap. I rate it seven out of ten."
"The product is expensive compared to other vendors."
"We were using Hyper-V. So, we switched to Sangfor because of the pricing."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
9%
Manufacturing Company
8%
Financial Services Firm
17%
Comms Service Provider
11%
University
7%
Media Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise52
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
What needs improvement with Sangfor Endpoint Secure?
The interface has too many buttons, making it cluttered. It would be better if it were a simplified version with fewe...
What is your primary use case for Sangfor Endpoint Secure?
Sangfor Endpoint Secure is easy to handle with its user-friendly interface. The four engines it utilizes for endpoint...
What advice do you have for others considering Sangfor Endpoint Secure?
At first, people might not understand the interface, which is why it should be simplified. However, once they underst...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Find out what your peers are saying about IBM Security QRadar vs. Sangfor Endpoint Secure and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.