WiseCatEnterprise Architect, CISSP at a tech services company
Genrlmgr67Senior Security Engineer at a government
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Most of the features are good. It is an excellent solution."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"Integration is very easy and the reporting is good."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"The most valuable features are the indexing and powerful search features."
"The solution is definitely scalable."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"The product is at the forefront of auto-remediation networking. It's great."
"This is a good security product."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"From a functionality point of view there are issues sometimes."
"While the interface is easy to use, it could be a little more responsive."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"The dashboard is pathetic and it takes a long time to perform a search."
"The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"The correlation engine should have persistent and definable rules."
"In the future I would like to see simplified statistics and analytical threats."
"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"The price of Splunk UBA is too high."
"The price of this solution is a little bit expensive, so if it were cheaper then it would help."
"It's free of charge."
"The price of this product is high."
"The licensing costs is around 10,000 dollars."
"Pricing varies based on the packages you choose and the volume of your usage."
The User Behavior Analytics for QRadar (UBA) app is a tool for detecting insider threats in your organization. It is built on top of the app framework to use existing data in your QRadar to generate new insights around users and risk. UBA adds two major functions to QRadar: risk profiling and unified user identities.
Risk profiling is done by assigning risk to different security use cases. Examples might include simple rules and checks such as bad websites, or more advanced stateful analytics that use machine learning. Risk is assigned to each one depending on the severity and reliability of the incident detected. UBA uses existing event and flow data in your QRadar system to generate these insights and profile risks of users.
IBM QRadar User Behavior Analytics is ranked 9th in User Behavior Analytics - UEBA with 8 reviews while Splunk User Behavior Analytics is ranked 4th in User Behavior Analytics - UEBA with 7 reviews. IBM QRadar User Behavior Analytics is rated 6.8, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM QRadar User Behavior Analytics writes "Stable and solid security intelligence but lacks some functionalities ". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM QRadar User Behavior Analytics is most compared with Securonix UEBA, Cynet, LogRhythm Enterprise UEBA and Citrix Analytics, whereas Splunk User Behavior Analytics is most compared with Darktrace, Cisco Stealthwatch, Exabeam Fusion SIEM, ELK Elasticsearch and Securonix Security Analytics. See our IBM QRadar User Behavior Analytics vs. Splunk User Behavior Analytics report.
See our list of best User Behavior Analytics - UEBA vendors.
We monitor all User Behavior Analytics - UEBA reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.