What is our primary use case?
This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.
What is most valuable?
Integration is very easy and the reporting is good.
What needs improvement?
This is a good product, although it does require some fine-tuning.
The dashboard is pathetic and it takes a long time to perform a search.
The graphics need to be improved.
Providing good support is something that they need to work on.
It would be helpful if IBM published more use cases.
For how long have I used the solution?
We have been using QRadar UBA since 2016.
How are customer service and technical support?
The issue that I have with technical support is related to their large pool of resources. If you are lucky then you get good support, but sometimes you get pathetic support. Suppose you open a ticket, there are times where it will be very good, but the quality is intermittent.
Which solution did I use previously and why did I switch?
I have experience working with Splunk and I find that the searching capabilities are better with it. Also, the processing time in Splunk is better. With QRadar UBA, when you have three, four, or five rules together, it takes more time to respond.
How was the initial setup?
The complexity and length of time required for the initial setup depend on the requirements. There are some out-of-the-box features that can be implemented right away, but some equipment is not supported directly, so you need to write a DSM (device support module).
Implementing a DSM takes some time, although it will depend on the log source. If the log source is fully compatible then it will be very quick. However, if it is not compatible then you will need to do some scripting and other work.
What's my experience with pricing, setup cost, and licensing?
The price of this product is high.
What other advice do I have?
QRadar is not perfect. It's a good security monitoring product that can provide threat intelligence, but it cannot do it alone. You need to integrate with many other things, such as IBM Orchestrator. Also, you need to have X-Force. After these kinds of things are integrated, it works a little bit better.
I would rate this solution a six out of ten.
Which deployment model are you using for this solution?