Share your experience using Haystax Analytics Platform

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region. 

Overall, I rate the solution a seven out of ten.

My main use case for Splunk User Behavior Analytics is to provide user behavior analytics, where we have users accessing very critical servers and services, including databases and very critical information, allowing me to implement Splunk User Behavior Analytics to detect abnormal behavior from users.

A quick specific example of how Splunk User Behavior Analytics helped me detect abnormal behavior is when we integrated with Active Directory to always monitor user behavior. If we suddenly discovered high traffic usage for a user, we could stop that user from Active Directory and create an incident based on this.

I always have day-to-day operations on the dashboard for Splunk User Behavior Analytics, which helps me gain insight into user activity. Whatever abnormal traffic from a user appears, we can stop it.

The best features Splunk User Behavior Analytics offers are usability and stability, and the licensing model is excellent.

Usability stands out for me because I can get very critical insights into user activity from the dashboard. Stability means the product is reliable, and every upgrade is completed successfully with a straightforward licensing model featuring various types of options.

Splunk User Behavior Analytics positively impacts my organization by providing deep visibility into user behavior, allowing us to protect our data from abnormal users and ensuring everything is monitored to secure our data.

I believe Splunk User Behavior Analytics can be improved by enhancing support. I have only reached support once, and they require more information to engage with critical cases, so improving support is a vital feature.

The customer support needs improvement.

I have been using Splunk User Behavior Analytics for six months.

Splunk User Behavior Analytics is stable.

Splunk User Behavior Analytics is scalable and excellent in terms of scalability.

The customer support needs improvement.

I did not previously use a different solution.

I have seen a return on investment. All of this has already happened after implementing Splunk User Behavior Analytics.

My experience with pricing, setup cost, and licensing was excellent. The pricing and setup cost, along with the licensing model, is outstanding.

I did not evaluate other options before choosing Splunk User Behavior Analytics.

I recommend that users or technical buyers get deeply familiar with the documentation from Splunk before implementing Splunk User Behavior Analytics, as that will be very useful to them. I gave this review a rating of ten.