CrowdStrike Falcon vs. IBM Security QRadar EDR

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
CrowdStrike Falcon
Score 9.1 out of 10
N/A
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.
$59.99
per endpoint/month (minimum number of endpoints applies)
IBM Security QRadar EDR
Score 7.5 out of 10
N/A
IBM Security QRadar EDR (formerly ReaQta) combines automation and dashboards to minimize analyst workloads, detect anomalous endpoint behavior and remediate threats in near real time. With visibility across endpoints, it combines expected features, like MITRE ATT&CK mapping and attack visualizations, with dual-engine AI and automation. For teams that need extended support, managed detection and response (MDR) services offers 24/7 monitoring and response to help keep users…N/A
Pricing
CrowdStrike FalconIBM Security QRadar EDR
Editions & Modules
Falcon Go (Small Business)
$59.99
per endpoint/month (minimum number of endpoints applies)
Falcon Go (Small Business)
$59.99
Falcon Pro
$99.99
per endpoint/month (for 5-250 endpoints, billed annually)
Falcon Enterprise
$184.99
per endpoint/month (minimum number of endpoints applies)
No answers on this topic
Offerings
Pricing Offerings
CrowdStrike FalconIBM Security QRadar EDR
Free Trial
YesYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeOptional
Additional Details
More Pricing Information
Community Pulse
CrowdStrike FalconIBM Security QRadar EDR
Features
CrowdStrike FalconIBM Security QRadar EDR
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
CrowdStrike Falcon
9.1
Ratings
6% above category average
IBM Security QRadar EDR
7.9
Ratings
8% below category average
Anti-Exploit Technology9.50 Ratings8.00 Ratings
Endpoint Detection and Response (EDR)9.70 Ratings8.30 Ratings
Centralized Management9.70 Ratings7.90 Ratings
Hybrid Deployment Support8.20 Ratings7.30 Ratings
Infection Remediation9.30 Ratings7.90 Ratings
Vulnerability Management7.70 Ratings00 Ratings
Malware Detection9.40 Ratings7.90 Ratings
Best Alternatives
CrowdStrike FalconIBM Security QRadar EDR
Small Businesses
ThreatLocker
ThreatLocker
Score 9.5 out of 10
ThreatLocker
ThreatLocker
Score 9.5 out of 10
Medium-sized Companies
BlackBerry Protect (CylancePROTECT)
BlackBerry Protect (CylancePROTECT)
Score 9.1 out of 10
BlackBerry Protect (CylancePROTECT)
BlackBerry Protect (CylancePROTECT)
Score 9.1 out of 10
Enterprises
BeyondTrust Endpoint Privilege Management
BeyondTrust Endpoint Privilege Management
Score 9.8 out of 10
BeyondTrust Endpoint Privilege Management
BeyondTrust Endpoint Privilege Management
Score 9.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CrowdStrike FalconIBM Security QRadar EDR
Likelihood to Recommend
9.6
(0 ratings)
8.2
(0 ratings)
Likelihood to Renew
10.0
(0 ratings)
-
(0 ratings)
Usability
10.0
(0 ratings)
-
(0 ratings)
Support Rating
10.0
(0 ratings)
-
(0 ratings)
In-Person Training
9.0
(0 ratings)
-
(0 ratings)
Implementation Rating
10.0
(0 ratings)
-
(0 ratings)
User Testimonials
CrowdStrike FalconIBM Security QRadar EDR
Likelihood to Recommend
CrowdStrike Falcon is well suited for any size of environment. Large to small, CrowdStrike Falcon does an amazing job. The ability to have the same security as a fortune 500 company and have a solution that sees the same threats that they are seeing is amazing. I do not think that there is a company or environment that wouldn't benefit from the CrowdStrike Falcon solution.
Read full review
IBM Security QRadaar EDR provides all the security features at one place with a reasonable price. Though for smaller organizations, the price may be quite high. Plus since it can detect threats and malwares in real time, every business should try them out.
Read full review
Pros
  • The Log analysis is very detailed and easy to use.
  • Prevent and block all type of malwares.
  • Great threat intelligence which is very up-to-date with the recent cyber attacks
  • very user friendly in access and management
  • Automated feature of detecting, taking action and closing incidents using fusion workflow.
Read full review
  • Uses advanced analytics to detect threats and malwares and vulnerabilities in real time.
  • Intuitive interface so everyone can use it.
  • Easy to implement and set it up.
Read full review
Cons
  • The Dashboard can become overwhelming at times, too much information to absorb
  • Computers that may have made it out into the field without the endpoint sensor are very difficult to find
  • As with all systems that rely on machine learning false positives occurr
Read full review
  • use AI to review previous false negatives that contributed wrongly in the AI suggestion on the follow alerts
  • easily run a script based on values from an hash, ips, path inside the boxes on the behavioral tree
  • apply the remediation to a range of endpoint instead to only the endpoint of the current alert
  • use ajax for example to update the alert page automatically while actions are happening
  • for api have profiles that allow only get actions, or just post on some actions
  • create users in bulk
Read full review
Likelihood to Renew
Crowdstrike has a large suite of tools built for helping the engineers triage and respond to security event whenever identified. The ability to customize the security policies and implement more granular policies to different devices based on the functionality is unmatched. Crowdstrike provides so much of ability in a decent budget which ascertains the value for money or ROI.
Read full review
No answers on this topic
Usability
I think it is a complete and very trustful XDR platform, with very few False Positives. It is very well supported by highly skilled professionals on all levels: from pre-sales engineers, Customer Account Managers and support engineers.
Read full review
No answers on this topic
Support Rating
Support is generally pretty fast and gets right to the issue. We haven't had to use them much, fortunately, but the issues and questions we've had are usually answered quickly. The customer success manager/account manager you're assigned will also follow up with you on a regular cadence to ensure you're getting the most out of the subscription. There's not a whole lot of room to improve, other than the general confusion about what is/what is not covered in custom packages you're subscribed to. The initial purchase took much longer because of a package name changes and realignments of different modules into those packages.
Read full review
No answers on this topic
In-Person Training
There is limited amount of learning that can be completed in an in-person training available. In my opinion, the self-paced learning provided by Falcon portal is more useful over in-person training. The support from Falcon is great and useful to overcome difficulties, if any.
Read full review
No answers on this topic
Online Training
The training provided by Crowdstrike Falcon is complete in terms of the depth of technical knowledge and teaches the users about going through with the platform. There are lots of jargons for different tools that Crowdstrike Falcon has and this training teaches them all which helps in managing the platform better. Plus, the regular knowledge checks are also very helpful for the end user.
Read full review
No answers on this topic
Implementation Rating
Read the documentation
Read full review
No answers on this topic
Alternatives Considered
We were a former Arctic Wolf customer and feel like they worked more as a team with us. Cylance is what we're looking at possibly migrating to.
Read full review
Bitdefender GravityZone combines multiple security services into a single platform to reduce the cost of building a trusted environment for endpoints. bit the IBM provides a vast support and always there to guide when in need With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Read full review
Return on Investment
  • CrowdStrike Falcon's proactive threat mitigation has significantly reduced the risk of successful cyber attacks, resulting in tangible savings related to potential data breaches or system compromises.
  • The cloud-native architecture and automated features have improved operational efficiency.
  • The platform's real-time visibility and threat hunting capabilities have drastically improved incident response times.
Read full review
  • NOCs and SOCs heavily use IBM Security QRadar EDR and IBM Security QRadar EDR reduced labor costs to identify endpoint security threats and the treat remediation
  • IBM Security QRadar EDR offers a consistent approach to endpoint threat identification and resolution, reduces enterprise security operations support costs
  • In general, IBM Security QRadar EDR enhances enterprise security posture
Read full review
ScreenShots

IBM Security QRadar EDR Screenshots

Screenshot of Behavioral tree: 
A behavioral tree provides full alert and attack visibility.Screenshot of Behavioral tree storyline: 
A visual storyline is automatically created as an attack unfolds, including mapping to MITRE ATT&CK, for full visibility.Screenshot of Cyber Assistant alerts: 
The Cyber Assistant, an AI-powered alert management system, can autonomously handle alerts, reducing analysts’ workloads.Screenshot of Cyber Assistant recommends:
The Cyber Assistant learns from analyst decisions, then retains the intellectual capital and learned behaviors to make recommendations and help reduce false positives.Screenshot of Custom detection strategies: 
Detection Strategy (DeStra) scripting allows users to build custom detection strategies — beyond preconfigured models — to address compliance or company-specific requirements without the need to reboot the endpoint.