No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Security QRadar vs Tanium comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
112
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
IBM Security QRadar
Ranking in Endpoint Detection and Response (EDR)
10th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
Tanium
Ranking in Endpoint Detection and Response (EDR)
22nd
Average Rating
7.8
Reviews Sentiment
6.2
Number of Reviews
22
Ranking in other categories
Server Monitoring (4th), Vulnerability Management (26th), Endpoint Protection Platform (EPP) (17th), Unified Endpoint Management (UEM) (7th)
 

Mindshare comparison

As of June 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.5%, down from 4.0% compared to the previous year. The mindshare of IBM Security QRadar is 2.1%, up from 1.0% compared to the previous year. The mindshare of Tanium is 2.0%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.5%
IBM Security QRadar2.1%
Tanium2.0%
Other92.4%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
MA
Division Manager, Information Technology at a legal firm with 51-200 employees
Centralized policies have improved remote endpoint control and have simplified data visibility
The integration is not simple and easy. It requires experienced users or people who have done the implementation. When certain policies are applied, they do not immediately push the policies. For example, we manage endpoint device USB access. We set a policy to block it, but it does not come into effect immediately. Sometimes it takes three or four days for it to reflect. That is a pain point. I have raised this issue with support as well, but they said that I need to limit the number of devices in the policy. In terms of application deployment, for us, it was seamless.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a nice product that's stable and scalable."
"But overall, when we speak about security and protection, they are one of the top providers."
"From a single pane of glass, you can easily manage all of your endpoints."
"Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most."
"The tool is designed to scale for large enterprises and handle large volumes of data."
"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."
"Palo Alto is the core of the security infrastructure in the environment."
"The initial setup is pretty easy."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"The solution has great support; whenever we had an issue they were able to give us support within 15 minutes."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The product has plenty of features and capabilities."
"Improved our organization's TCO."
"I have found visibility very helpful for analytics."
"Overall, IBM QRadar is very good but no product is perfect."
"There are many things I appreciate about IBM Security QRadar; I haven't used any other SIEM before IBM Security QRadar, so for me, it is perfect."
"The insights we gain from our endpoints and the management capabilities that Tanium provides have been a boon to our operations and security."
"Tanium is highly scalable."
"For inventory purposes, it's from one of the best things on the scene, as you can get live inventory."
"Tanium's most valuable feature is its instant discovery aspect."
"I like the tool's incident response and security patching."
"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."
"It's definitely not complex, it is pretty user-friendly and it's a solid tool enterprise to use."
"Tanium is used for endpoint management, specifically patching and configuration management."
 

Cons

"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"The downside to the solution is that there are a large number of false positives."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"There are some false positives."
"The solution should enhance the ADR and reporting."
"Cortex XDR could be improved with more GUI features."
"There's an overall lack of features."
"The first area for improvement is the cost. It's a little bit too expensive for us."
"The QRadar implementation guide, especially in cluster environment, is complicated to deploy in an enterprise level."
"If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"User/identity modeling needs improvement. Needs better visualization options beyond the time series charts and a few other options that they have."
"I have noticed the interface has room for improvement."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The SQL database on the back end takes some time and it's not so flexible in data storage or data lake creation, so that is the only backfall of QRadar."
"Tanium’s scalability could be improved."
"When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium. I have to search outside to download patches, create bundles, and then perform the task."
"The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model. It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate."
"The performance could improve in future releases. We have had performance issues in specialized web environments, but overall I think the problems are less than 2% of the computer systems being used."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
"The solution can give a lot of false positives."
"Our biggest issue with the solution is its lack of mobility."
"The most painful thing is the interface. It's a bit unclear sometimes."
 

Pricing and Cost Advice

"It is "expensive" and flexible."
"The price was fine."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"I don't like that they have different types of licenses."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"It would be great if this product were cheaper."
"There is a license to use this solution, which is paid annually. However, there are subscription options available."
"Pricing is good."
"I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive."
"They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis."
"The license is not subscription-based."
"The solution is priced fairly, there is a license for the solution, and we pay annually."
"There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
"It's an expensive solution. It would be nice if the cost were lower."
"There is an annual license required to use this solution."
"The solution offers value for money."
"It is higher than some competitors in the market."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"The solution is expensive but it's a good investment."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
900,644 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
8%
Manufacturing Company
8%
Financial Services Firm
14%
Government
10%
Manufacturing Company
9%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise52
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise3
Large Enterprise12
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
What needs improvement with Tanium?
While there is always room for improvement, I am pleased with Tanium.
What is your primary use case for Tanium?
The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the co...
What advice do you have for others considering Tanium?
For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it econom...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
Tanium Inc Cloud, Tanium XEM
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about IBM Security QRadar vs. Tanium and other solutions. Updated: June 2026.
900,644 professionals have used our research since 2012.