What is our primary use case?
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
What is most valuable?
In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.
What needs improvement?
From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.
For how long have I used the solution?
I have been working with IBM QRadar User Behavior Analytics for two years.
What do I think about the stability of the solution?
I have not seen any issues with the stability of the solution either.
What do I think about the scalability of the solution?
I have not seen any issues with the scalability of the solution
How are customer service and technical support?
The technical support is fine now. I was not happy with the support when we started with this solution in 2017. If you look at that first year, 2017 to 2018, they had lots of support issues. We logged the cases and they would only call us back depending on their resources. There were no options to call them on a landline or a hotline number. They needed improvement there. They should have had a dedicated support response. Over the last year I have seen an improvement. I used to wait for a week to get a call back from them, but now, when you have critical tickets they will respond in two or three hours, depending on the criticality of your support case. They have improved.
How was the initial setup?
The initial setup was neither straightforward nor too complex. It did take some effort to implement, but it was manageable. We did not see any issues implementing it. We actually completed it in three to six months. When we initially implemented it we used some fresh use cases and observed the performance but these were all completed in three to six months. The initial deployment took hardly one week.
What's my experience with pricing, setup cost, and licensing?
Regarding the price, it is a bit high for normal customers. It is better for enterprise-class customers where they get a licensing model for MSSP for enterprises.
Which other solutions did I evaluate?
We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.
What other advice do I have?
Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product.
On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.
Which deployment model are you using for this solution?