2020-05-11T06:07:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 8

What needs improvement with IBM QRadar User Behavior Analytics?

Please share with the community what you think needs improvement with IBM QRadar User Behavior Analytics.

What are its weaknesses? What would you like to see changed in a future version?

15
PeerSpot user
15 Answers
YE
Technical Analyst at a manufacturing company with 10,001+ employees
Real User
Top 20
2022-09-30T13:51:58Z
Sep 30, 2022

The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity. We deal with large data sets so need to have great visibility for detection of malicious activity and indicators for cybersecurity. For example, the dashboards for Power BI and Splunk are very efficient and it is easy to observe suspicious activity.

Search for a product comparison
EM
Director of Incident Response at a retailer with 10,001+ employees
Real User
Top 20
2022-07-27T20:23:37Z
Jul 27, 2022

It needs a little bit perhaps more fine-tuning on the SIM aspect of it. Out of the box, it's just not one of those things that I leverage as a single source of truth regarding the user behavior analytics aspect of it. With QRadar, IBM has had ample time to innovate, make changes to the interface, and keep up with some of the competitors. Yet, IBM delays innovating QRadar, since, once people are tied into it, they stick to the SIM as that's what they're used to. Right now, you have many other players in the market, like Datadog, Sumo Logic, and Splunk. Splunk has a ton of connectors as well, which is making it more appealing for other people to look at other solutions, especially when they're trying to look at a cloud-native solution. There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies. I know that many other solutions now provide ease of use in terms of sharing rules and for identifying and tracking some of these zero-day vulnerabilities out there. Radar needs to do the same.

DK Shrivastava - PeerSpot reviewer
Vice President & Country Head at Inspira Enterprise
Reseller
Top 10
2022-07-21T08:07:11Z
Jul 21, 2022

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

willie.Na. - PeerSpot reviewer
System Engineer at Trans Business Machines Ltd
Real User
Top 5
2022-06-21T05:59:23Z
Jun 21, 2022

I'd like to see improved support from the vendor. In addition there are things that are not documented on the IBM site. If you'd like to do something at a high level, the information is not available in the documentation and you have to find it elsewhere.

KM
Head of Cyber security analysis at DNV Poland Sp. z o.o.
Real User
Top 5
2022-06-07T16:25:00Z
Jun 7, 2022

Better algorithms or AI would always be appreciated, but this product does what it's supposed to do. And maybe there is something behind the scenes that could be improved, but I don't know. UBA is a plugin for QRadar SIEM. If we're talking about the SIEM solution as a whole, there is a lot I can talk about, but there isn't much to say about UBA as a standalone. I'm not in a position to criticize or comment on the underlying code.

Lokesh Puthalapattu - PeerSpot reviewer
Senior Marketing Specialist II at Harman International
Real User
Top 5Leaderboard
2022-05-01T05:38:22Z
May 1, 2022

Whenever we are upgrading or installing any type of patch, at that time we have some delays. Sometimes by mistake, AWS has migrated some other accounts to my enrollment. At that time, we receive a notification special for that. We have created one rule and a case. We receive a notification and we are informed that the Amazon AWS team, sent an email apologizing for this happening. They have confirmed that going forward we will not receive this type of account modification issue. They have sent an email to us. If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed. It is because Splunk is using Elasticsearch, while IBM QRadar User Behavior Analytics uses a normal one. For example, if Splunk takes two minutes, it will take IBM QRadar User Behavior Analytics approximately three minutes.

Learn what your peers think about IBM QRadar User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,849 professionals have used our research since 2012.
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at Magarah
Real User
Top 5Leaderboard
2022-02-15T12:37:14Z
Feb 15, 2022

The solution could improve by having more out-of-the-box use cases.

Muhammad Moqeet - PeerSpot reviewer
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel
Real User
2020-10-08T07:25:22Z
Oct 8, 2020

This is a good product, although it does require some fine-tuning. The dashboard is pathetic and it takes a long time to perform a search. The graphics need to be improved. Providing good support is something that they need to work on. It would be helpful if IBM published more use cases.

ErayKaraoglu - PeerSpot reviewer
Network & Cyber Security Engineer at Hyundai Assan Otomotiv San. A.S.
Real User
2020-09-27T04:10:00Z
Sep 27, 2020

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

Dmytro Petrashchuk - PeerSpot reviewer
Chief Technical Officer at IT Specialist LLC
Reseller
Top 5Leaderboard
2020-09-09T06:28:59Z
Sep 9, 2020

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

it_user1379427 - PeerSpot reviewer
Application Security Architect at Bank Al Habib Limited
Real User
2020-07-13T06:55:00Z
Jul 13, 2020

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere. Additionally, there should be integration with IBM Guardian. Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

WiseCat - PeerSpot reviewer
Enterprise Architect, CISSP at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-06-28T08:51:00Z
Jun 28, 2020

The price of this solution is a little bit expensive, so if it were cheaper then it would help. While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Real User
2020-06-15T07:33:00Z
Jun 15, 2020

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

VB
Principal Security Architect at Tech Mahindra Limited
Real User
2020-05-12T05:43:00Z
May 12, 2020

They have to build more quantitative monitoring, profiling, and make it more predictive.

NM
Solution Manager at ZZTL
Reseller
2020-05-11T06:07:00Z
May 11, 2020

Some of the features should be more cooperative but other than that, everything is okay.

Related Questions
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
Sep 30, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 12 answers
VB
Principal Security Architect at Tech Mahindra Limited
May 12, 2020
Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.
SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Jun 15, 2020
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Oct 8, 2020
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 6 answers
VB
Principal Security Architect at Tech Mahindra Limited
May 12, 2020
Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.
SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Jun 15, 2020
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
Download Free Report
Download our free IBM QRadar User Behavior Analytics Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.