IBM QRadar User Behavior Analytics OverviewUNIXBusinessApplication

IBM QRadar User Behavior Analytics is the #7 ranked solution in top User Behavior Analytics - UEBA tools. PeerSpot users give IBM QRadar User Behavior Analytics an average rating of 7.2 out of 10. IBM QRadar User Behavior Analytics is most commonly compared to Securonix UEBA: IBM QRadar User Behavior Analytics vs Securonix UEBA. IBM QRadar User Behavior Analytics is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
IBM QRadar User Behavior Analytics Buyer's Guide

Download the IBM QRadar User Behavior Analytics Buyer's Guide including reviews and more. Updated: November 2022

What is IBM QRadar User Behavior Analytics?

The User Behavior Analytics for QRadar (UBA) app is a tool for detecting insider threats in your organization. It is built on top of the app framework to use existing data in your QRadar to generate new insights around users and risk. UBA adds two major functions to QRadar: risk profiling and unified user identities.

Risk profiling is done by assigning risk to different security use cases. Examples might include simple rules and checks such as bad websites, or more advanced stateful analytics that use machine learning. Risk is assigned to each one depending on the severity and reliability of the incident detected. UBA uses existing event and flow data in your QRadar system to generate these insights and profile risks of users.

IBM QRadar User Behavior Analytics was previously known as IBM QRadar UBA, QRadar UBA, QRadar User Behavior Analytics.

IBM QRadar User Behavior Analytics Video

IBM QRadar User Behavior Analytics Pricing Advice

What users are saying about IBM QRadar User Behavior Analytics pricing:
  • "The solution has a licensing model that is based on events per second so it scales to need and budget."
  • "IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs."
  • "We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk."
  • IBM QRadar User Behavior Analytics Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Head of Cyber security analysis at DNV Poland Sp. z o.o.
    Real User
    Top 5
    It has good support and works with Linux platforms
    Pros and Cons
    • "It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
    • "I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."

    What is our primary use case?

    We analyze all our authentication traffic in QRadar UBA using the solution's AI module to detect and understand uncommon authentication patterns. There is also the rule logic, but we don't use that much. Instead, we mostly rely on AI to do that. In that respect, I wouldn't say we are using the product to the fullest extent because we only have the AI and what the CM is providing. We have a suite of security products, and QRadar UBA is only one source of information that we rely on.

    QRadar UBA collects information on 16,000 employees in the company, including when they log in and out or when they launch applications. We have a team of 10 security analysts who go into the solution to check the alarms. IBM has set the solution up so that we only need to react to the alarms. The UBA will flag it if someone does something weird, and our security team will investigate the anomaly to see if that was valid or malicious. 

    We are currently on QRoC — short for QRadar for Cloud — so it's the latest and greatest solution. It was originally on a private cloud, but we moved to the public cloud three years ago.

    What is most valuable?

    It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform.

    What needs improvement?

    Better algorithms or AI would always be appreciated, but this product does what it's supposed to do. And maybe there is something behind the scenes that could be improved, but I don't know. 

    UBA is a plugin for QRadar SIEM. If we're talking about the SIEM solution as a whole, there is a lot I can talk about, but there isn't much to say about UBA as a standalone. I'm not in a position to criticize or comment on the underlying code.

    For how long have I used the solution?

    I have been using QRadar UBA for six years.

    Buyer's Guide
    IBM QRadar User Behavior Analytics
    November 2022
    Learn what your peers think about IBM QRadar User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    657,397 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    I haven't had any problems. We have never needed to add more memory or CPU. 

    How are customer service and support?

    IBM technical support is excellent. 10 out of 10. IBM is highly professional when it comes to security support. IBM's support for other types of solutions isn't quite as good, but the security domain is a different world. I've worked with IBM in other areas, and it's different. Security support is on a tier by itself inside IBM. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are also using a Microsoft solution called Azure Advanced Threat Protection. It provides similar UBA features but only for a Microsoft environment.  Most UBA products do exactly the same thing. I haven't tried many other solutions besides QRadar, Microsoft, and Splunk.

    Splunk is brilliant. It does the same thing, but it's slightly more expensive, so we selected IBM. Microsoft's solution is a little cheaper, but it lacks Linux support currently. There are minor differences, but we went with IBM in this case because it has the best support.

    How was the initial setup?

    IBM did the setup. I called them to ask for UBA, and it was available the next day. They handled all the deployment and maintenance. 

    What about the implementation team?



    What was our ROI?

    I have not calculated ROI for this product. QRadar UBA is a tiny part of the entire security portfolio. In the context of the SIEM as a whole, the cost is so low that it's hard to defend not doing it.

    What's my experience with pricing, setup cost, and licensing?

    I have no idea what QRadar UBA costs as a standalone solution because it is bundled with the QRoC security operation center and several other modules that we pay for in a big lump sum. However, I don't think that part is too expensive. It's a plugin to the QRadar SIEM that feeds off the same data. We have X-Force Threat Exchange, so IBM is operating the SIEM for us. I say to them, "I want UBA," and there it is.

    What other advice do I have?

    I rate QRadar UBA eight out of 10. It's a small product doing exactly what it's supposed to do as an integrated part of our SIEM. It looks good and works well. I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft.

    Regardless of which solution you use, I recommend user behavior analytics. It provides valuable information to the security team. It doesn't matter whether you use Splunk or Microsoft— you should use a UBA solution. 

    We will probably stick with QRadar for the foreseeable future. It depends on the developments in the SIEM market. We will probably continue with IBM because changing SIEM is not something you do lightly. As long as we keep the IBM SIEM, we will continue to use QRadar UBA.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Director of Incident Response at a retailer with 10,001+ employees
    Real User
    Top 20
    Robust and reliable but needs some fine-tuning
    Pros and Cons
    • "It'll get you from point A to B."
    • "There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."

    What is our primary use case?

    The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.

    What is most valuable?

    I equate QRadar to a robust solution. You get all the live sources. If you have someone there fine-tuning the solution and creating rules for the team to ensure the fence is alert. It's a robust solution.

    In the past, I've heard the term that it's like a Cadillac, a trusted Cadillac. It'll get you from point A to B. It does what integration is supposed to do.

    What needs improvement?

    It needs a little bit perhaps more fine-tuning on the SIM aspect of it. Out of the box, it's just not one of those things that I leverage as a single source of truth regarding the user behavior analytics aspect of it.

    With QRadar, IBM has had ample time to innovate, make changes to the interface, and keep up with some of the competitors. Yet, IBM delays innovating QRadar, since, once people are tied into it, they stick to the SIM as that's what they're used to. Right now, you have many other players in the market, like Datadog, Sumo Logic, and Splunk. Splunk has a ton of connectors as well, which is making it more appealing for other people to look at other solutions, especially when they're trying to look at a cloud-native solution.

    There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies. I know that many other solutions now provide ease of use in terms of sharing rules and for identifying and tracking some of these zero-day vulnerabilities out there. Radar needs to do the same.

    For how long have I used the solution?

    I’ve been using the solution for about four years or so.

    What do I think about the stability of the solution?

    The stability's great. The solution is robust. It's trusted. Depending on how you have it deployed if it's a standalone appliance or it's high availability paired so that you have redundancy, the solution is reliable.

    What do I think about the scalability of the solution?

    Anywhere from 25 to 50 users are using it. The primary users are security operations. However, then you do have some folks on the infrastructure side that also leverage QRadar. It wasn't always the case. That said, once we provided access to the infrastructure team, they enjoy using QRadar for looking at logs, and troubleshooting. That would involve the networking team and the server team. They also leverage it as well.

    How are customer service and support?

    Overall, the IBM team is responsive in regards to ticketing. Obviously, you have to create a ticket with IBM and they will get someone to get on a WebEx with you within a reasonable amount of time depending on the urgency.

    They will help resolve issues and create cases. The support is there in terms of having any issues or QRadar is generating errors. Support will guide you and record the session and help remove any issues or obstacles that you have, so I definitely would rate them high on the support aspect of it.

    How was the initial setup?

    I didn't set it up. Probably part of the engineering team set it up.

    What's my experience with pricing, setup cost, and licensing?

    I do not know the exact cost. It's a bit tricky as some of it is tied into pre-contracts that we have. Some parts of the company do prepaid funds for certain solutions. It's different. It varies.

    What other advice do I have?

    While I use QRadar, I'm in a managerial role, so I'm not living in it every single day as my team members are.

    Every situation is different. I know a lot of organizations or a lot of C-suite executives all go to the same kind of conferences each year. Then they all come back singing the same song: "We all have to go to the Cloud."

    I’d rate the solution six out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    IBM QRadar User Behavior Analytics
    November 2022
    Learn what your peers think about IBM QRadar User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    657,397 professionals have used our research since 2012.
    Technical Analyst at a manufacturing company with 10,001+ employees
    Real User
    Top 20
    Real-time detection is quite efficient but the dashboard lacks important visibility for threat hunting
    Pros and Cons
    • "Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
    • "The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."

    What is our primary use case?

    Our company includes 20 senior engineers and analysts who use the solution to detect viruses on Windows servers and critical assets.

    We also track user activity such as connections during travel. 

    We have many use cases and playbooks in our portfolio. 

    How has it helped my organization?

    Our company uses the solution as our main CM to detect malicious activity. There are many campaigns targeting Europe and other countries so it is important that we remain vigilant about suspicious activity inside our organization. 

    The solution uses rules to identify suspicious activity that needs to be investigated. We conduct advanced forensic investigations based on the solution's output, including collecting logs from devices and correlating them for processing by a security analyst. 

    What is most valuable?

    Blocks of predefined conditions can be used to configure detection rules without having to write complicated script. 

    Real-time detection is quite efficient and valuable. Other products such as Splunk focus only on running searches to detect a particular behavior.

    The Vulnerability Manager module is useful and quite efficient. 

    What needs improvement?

    The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity. We deal with large data sets so need to have great visibility for detection of malicious activity and indicators for cybersecurity. 

    For example, the dashboards for Power BI and Splunk are very efficient and it is easy to observe suspicious activity. 

    For how long have I used the solution?

    I have been using the solution for five years.

    What do I think about the stability of the solution?

    The solution is stable and easy to use if deployed well.

    On occasion, you might get an error when running advanced analytics but reboots are not needed. 

    What do I think about the scalability of the solution?

    The solution is scalable and it is easy to add appliances or expand your license. 

    How are customer service and support?

    Engineers used technical support regularly between 2016 and 2019 and found them to be very helpful and responsive. If a situation was urgent, technical support intervened immediately. 

    I rate technical support an eight out of ten. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I used the solution, switched to Splunk, then switched back to the solution. 

    How was the initial setup?

    The ease of setup is based on the complexity of your environment and network architecture.

    The initial setup is not complicated and should go smoothly if you set all predefined requirements prior to installing the solution.  

    It took us two weeks to prepare all requirements and a few hours to deploy which included installing all resources. 

    Documentation for the installation process is pretty straightforward. 

    What about the implementation team?

    An in-house team that handles integrations was responsible for implementing the solution. Myself and other cybersecurity analysts participated with the team.

    A team of three engineers handle ongoing maintenance for our large environment. 

    What's my experience with pricing, setup cost, and licensing?

    The solution has a licensing model that is based on events per second so it scales to need and budget. 

    At the time of deployment, we were premium partners with IBM so received advantageous pricing. 

    The on-premises solution and its license are not impacted by the number of users so it is easy to add staff. 

    Which other solutions did I evaluate?

    In my experience, Splunk is efficient because it is customizable. You can create scripts to detect multiple behaviors based on scheduled jobs. 

    What other advice do I have?

    I rate the solution a seven out of ten because it is difficult to write script for advanced detection cases and the dashboard is insufficient. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Artur Marzano - PeerSpot reviewer
    Security Analyst at Localiza
    Real User
    Investigates suspicious user activity through machine learning algorithms and risk scoring, but user experience needs improvement
    Pros and Cons
    • "What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
    • "What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."

    What is our primary use case?

    Currently, our main use case for IBM QRadar User Behavior Analytics revolves around investigating user activity: specific user activity which we find suspicious. We don't monitor the dashboard of IBM QRadar User Behavior Analytics actively, but whenever we have an alert from other tools, we use it to check whether the user has triggered rules in our SIEM, whether the risk score is high, and other suspicious behaviors we can track.

    What is most valuable?

    What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment. I also find the risk scoring feature of IBM QRadar User Behavior Analytics pretty interesting. I don't use it well enough today, but it's a feature I look at closely.

    What needs improvement?

    What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. For example: we are constantly looking for updates on the app and other features, so we could have a better user experience. Some screens are a bit clunky. We're still trying to figure out whether the solution is going to have a better user experience in the future, but nowadays it's a bit too complex. We need it to be more user-friendly.

    For how long have I used the solution?

    I've been using IBM QRadar User Behavior Analytics for eighteen months. 

    What do I think about the stability of the solution?

    We've had issues with the stability of IBM QRadar User Behavior Analytics. We had bugs once or twice, but they were quickly solved by IBM's support team. The bugs weren't really something that stopped us from working. We managed to solve them rather quickly.

    What do I think about the scalability of the solution?

    IBM QRadar User Behavior Analytics is easy to scale.

    How are customer service and support?

    Technical support for IBM QRadar User Behavior Analytics was helpful.

    How was the initial setup?

    IBM QRadar User Behavior Analytics was really easy to set up. There were no issues with setting it up.

    What other advice do I have?

    I don't recall the exact version of IBM QRadar User Behavior Analytics I'm using, but it's probably the latest one. It's version 4.1.7.

    My advice to others looking into implementing IBM QRadar User Behavior Analytics is to have a dedicated team to implement the solution. Some solutions require close knowledge of your environment, so someone would have to know your infrastructure, your network, your users, and your Active Directory environment well. These are things partners aren't able to do well if they are not supported by internal teams inside their company.

    I'm rating IBM QRadar User Behavior Analytics seven out of ten.

    My company has a contract with another company that is a partner of IBM. The company I'm in is just a customer, not an IBM partner.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Ertugrul Akbas - PeerSpot reviewer
    Manager at ANET
    Real User
    Top 5Leaderboard
    Scalable, easy to use, but lacking features and modern user interface
    Pros and Cons
    • "IBM QRadar User Behavior Analytics's most important feature is its ease of use."
    • "IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."

    What is our primary use case?

    We are mainly using predefined rules on IBM QRadar User Behavior Analytics

    How has it helped my organization?

    When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

    What is most valuable?

    IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

    What needs improvement?

    IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

    Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

    For how long have I used the solution?

    I have been using IBM QRadar User Behavior Analytics for approximately three years.

    What do I think about the stability of the solution?

    IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

    What do I think about the scalability of the solution?

    The scalability of IBM QRadar User Behavior Analytics is good. 

    We have two people using this solution. We do not have plans to increase usage.

    How are customer service and support?

    We use a consultancy company for support and are not directly connected to IBM support.

    How was the initial setup?

    The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

    What about the implementation team?

    We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

    What was our ROI?

    I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

    What's my experience with pricing, setup cost, and licensing?

    IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

    I rate the price of IBM QRadar User Behavior Analytics a four out of five.

    What other advice do I have?

    IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

    I rate IBM QRadar User Behavior Analytics a six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Lokesh Puthalapattu - PeerSpot reviewer
    Senior Marketing Specialist II at Harman International
    Real User
    Top 5Leaderboard
    Easy to access, priced well, and straightforward installation
    Pros and Cons
    • "I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
    • "Whenever we are upgrading or installing any type of patch, at that time we have some delays."

    What is our primary use case?

    Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.

    What is most valuable?

    I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters.

    The most useful feature of IBM QRadar User Behavior Analytics is the User Behavior Analytics aspect. For example, whoever logs into the Amazon AWS to the interface, if someone is logging in for the first time that the administrator has created, or someone is logging in, we receive an email notification saying that they have logged in, we need to check. Based on that, we will start checking to see if the visit was a valid one or a malicious one. Even if we only have a few users, such as 25 to 30 Amazon AWS records.

    What needs improvement?

    Whenever we are upgrading or installing any type of patch, at that time we have some delays. 

     Sometimes by mistake, AWS has migrated some other accounts to my enrollment. At that time, we receive a notification special for that. We have created one rule and a case. We receive a notification and we are informed that the Amazon AWS team, sent an email apologizing for this happening. They have confirmed that going forward we will not receive this type of account modification issue. They have sent an email to us. 

    If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed. It is because Splunk is using Elasticsearch, while IBM QRadar User Behavior Analytics uses a normal one. For example, if Splunk takes two minutes, it will take IBM QRadar User Behavior Analytics approximately three minutes.

    For how long have I used the solution?

    I have been using IBM QRadar User Behavior Analytics for approximately seven years.

    Which solution did I use previously and why did I switch?

    I have used many other solutions previously, such as Splunk and McAfee SIEM tool.

    How was the initial setup?

    The initial setup of IBM QRadar User Behavior Analytics is straightforward. We only have to activate a few aspects. We directly installed our process characters, and an all-in-one setup with it to do the installation. The deployment took use 30 to 40 minutes. However, if you want to add components it will take more time.

    What was our ROI?

    We have seen a good return on investment with IBM QRadar User Behavior Analytics.

    What's my experience with pricing, setup cost, and licensing?

    We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk.

    What other advice do I have?

    I rate IBM QRadar User Behavior Analytics an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    DipeshBhawsar - PeerSpot reviewer
    Archtect manager at Principal Global Limited
    Real User
    Easy to set up and expand but has too many false positives
    Pros and Cons
    • "The scalability is very good. It's not a problem."
    • "I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."

    What is most valuable?

    To be very frank, it's not that much help as of now. We are not getting that many insights from UVA, which we wanted, actually. As of now, we are exploring that UVA, and we have installed it. It's still quite new.

    The initial setup is straightforward. 

    What needs improvement?

    The solution is still new to us. Currently, it's a work in progress with this. I'm not in any particular condition to tell what exact improvements are required. I will let a few more months go by before analyzing the overall UBS solution QRadar to get to know and final understanding of this particular application.

    There are a lot of things that require modification. That's my initial observation, however, I need more time and a few more months to get to know it and get a final understanding of the solution as a whole.

    I want a reduction of false positives. I want crisp true positive incidents out of it. I want to see proper user behavior. Whatever algorithm is working in the background, that algorithm should produce accurate, true positive incidents and not false positives.

    For how long have I used the solution?

    We are using QRadar as an appliance for the last four years, however, we recently, for the last six months, started using UBS.

    What do I think about the stability of the solution?

    I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it.

    What do I think about the scalability of the solution?

    The scalability is very good. It's not a problem.

    How are customer service and support?

    Technical support has been very supportive. We're largely satisfied with them.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward and simple. It's not very complex. 

    We are using multiple features in QRadar. UVA is just one feature. We have overall 14 data nodes and we are almost 2,500 GB of data integrated with it and we are using multiple applications in QRadar. We have a nine-member team that manages the overall QRadar architecture, not only UBA.

    What about the implementation team?

    We did a direct integration.

    What's my experience with pricing, setup cost, and licensing?

    I'm an architect. Normally costs and licensing are handled by senior management.

    For UBA, they haven't asked for any extra charges or anything. It's included in the licensing.

    What other advice do I have?

    We're an IBM partner. We have platinum support with IBM.

    We have segregated our data between on-prem and the cloud. All the on-prem data we have integrated with the QRadar. QRadar itself is an on-prem solution. We have QRadar hardware with us.

    At this point, I would not recommend the solution to others. 

    I'd rate the solution a six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    willie.Na. - PeerSpot reviewer
    System Engineer at Trans Business Machines Ltd
    Real User
    Top 5
    Incredible capacity for creating machine models; falls short on documentation
    Pros and Cons
    • "The timeline and machine learning features are great."
    • "The solution lacks vendor support."

    What is our primary use case?

    Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer. 

    What is most valuable?

    The timeline and the machine learning features are great at quickly flagging users who have either left the organization or have dormant accounts. The way that the app has transformed over time is quite phenomenal. One of the major improvements is its capacity for creating machine models. It comes with 16 default machine learning models, where it tracks user activity and changes in profiles and authentications. There are various default machine learning models and I'm able to model those to parameters that suit my needs. It's great that I'm able to implement an unlimited number of use cases on the UBA, putting in as many different kinds of logic as I want. It's a big advantage. 

    What needs improvement?

    I'd like to see improved support from the vendor. In addition there are things that are not documented on the IBM site. If you'd like to do something at a high level, the information is not available in the documentation and you have to find it elsewhere. 

    For how long have I used the solution?

    I've been using this solution for five years. 

    What do I think about the stability of the solution?

    The solution has never crashed or failed, it's stable. 

    What do I think about the scalability of the solution?

    We haven't tested scalability and currently have around 100 users. I'm responsible for maintenance.

    How are customer service and support?

    The customer support is helpful but that's more about it being a good solution. 

    How was the initial setup?

    The initial setup is straightforward, it's just a download and it installs. It's a matter of configuring a few parameters in terms of tweaking the thresholds that you want the app to fire in on. Installing takes a few seconds, but in terms of letting it land so that you can tweak it and tune the various metrics, takes about a week. 

    What's my experience with pricing, setup cost, and licensing?

    This is a free solution which is one of the main reasons we chose it. It's just a matter of getting a license for the curator as a platform.

    What other advice do I have?

    I recommend this solution and rate it seven out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free IBM QRadar User Behavior Analytics Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free IBM QRadar User Behavior Analytics Report and get advice and tips from experienced pros sharing their opinions.