Head of Cyber security analysis at DNV Poland Sp. z o.o.
Jun 7, 2022
It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform.
It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment.
Lead Technical Architec at Commercial Bank of Ethiopia
Mar 30, 2022
QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs.
IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.