IBM QRadar User Behavior Analytics Overview

IBM QRadar User Behavior Analytics is the #10 ranked solution in our list of top User Behavior Analytics - UEBA tools. It is most often compared to Securonix UEBA: IBM QRadar User Behavior Analytics vs Securonix UEBA

What is IBM QRadar User Behavior Analytics?

The User Behavior Analytics for QRadar (UBA) app is a tool for detecting insider threats in your organization. It is built on top of the app framework to use existing data in your QRadar to generate new insights around users and risk. UBA adds two major functions to QRadar: risk profiling and unified user identities.

Risk profiling is done by assigning risk to different security use cases. Examples might include simple rules and checks such as bad websites, or more advanced stateful analytics that use machine learning. Risk is assigned to each one depending on the severity and reliability of the incident detected. UBA uses existing event and flow data in your QRadar system to generate these insights and profile risks of users.

IBM QRadar User Behavior Analytics is also known as IBM QRadar UBA, QRadar UBA, QRadar User Behavior Analytics.

Buyer's Guide

Download the User Behavior Analytics - UEBA Buyer's Guide including reviews and more. Updated: May 2021

IBM QRadar User Behavior Analytics Video

Pricing Advice

What users are saying about IBM QRadar User Behavior Analytics pricing:
  • "The price of this product is high."
  • "It's free of charge."
  • "The price of this solution is a little bit expensive, so if it were cheaper then it would help."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Real User
Top 10
Stable and solid security intelligence but lacks some functionalities

What is our primary use case?

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

Pros and Cons

  • "QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
  • "From a functionality point of view there are issues sometimes."

What other advice do I have?

Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product. On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.
VB
Principal Security Architect at a computer software company with 10,001+ employees
Real User
They have to build more quantitative monitoring, profiling, and make it more predictive

What is our primary use case?

Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.

Pros and Cons

  • "In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
  • "They have to build more quantitative monitoring, profiling, and make it more predictive."

What other advice do I have?

If you are only looking at IBM, make sure to evaluate the product thoroughly. Make sure to see the complete list they offer, like more of the competitive features. Explore the options available on the market. It doesn't really integrate well with other products. I would rate it a three out of ten. It is missing key features.
Find out what your peers are saying about IBM, Securonix Solutions, Splunk and others in User Behavior Analytics - UEBA. Updated: May 2021.
511,307 professionals have used our research since 2012.
Misbah Fatima
Application Security Architect at Bank Al Habib Limited
Real User
Top 10
Stable and reliable but needs better integration with extensions

What is our primary use case?

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

Pros and Cons

  • "I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
  • "There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."

What other advice do I have?

What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different. On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven. I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement. It is a…
Muhammad Moqeet
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel
Real User
Top 5Leaderboard
Good reporting and integration is easy, but searching is slow and the dashboard needs to be improved

What is our primary use case?

This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.

Pros and Cons

  • "Integration is very easy and the reporting is good."
  • "The dashboard is pathetic and it takes a long time to perform a search."

What other advice do I have?

QRadar is not perfect. It's a good security monitoring product that can provide threat intelligence, but it cannot do it alone. You need to integrate with many other things, such as IBM Orchestrator. Also, you need to have X-Force. After these kinds of things are integrated, it works a little bit better. I would rate this solution a six out of ten.
Dmytro Petrashchuk
VP of Cybersecurity at IT Specialist LLC
Real User
Top 5
Free of charge and fully integrated with QRadar SIEM

What is our primary use case?

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

Pros and Cons

  • "The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
  • "The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users."

What other advice do I have?

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.
WiseCat
Enterprise Architect, CISSP at a tech services company with 1,001-5,000 employees
Real User
Top 5
A solution with a powerful and easy-to-use GUI and good technical support

What is our primary use case?

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

What is most valuable?

My favorite thing is that it comes with good usability. It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.

What needs improvement?

The price of this solution is a little bit expensive, so if it were cheaper then it would help. While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

For how long have I used the solution?

I have been using IBM QRadar for about a year.

What do I think about the stability of the solution?

We have not experienced any issues with stability. …
ErayKaraoglu
Network & Cyber Security Engineer at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
A stable solution that comes with many search options

What is most valuable?

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

What needs improvement?

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

For how long have I used the solution?

I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.

What do I think about the stability of the solution?

It is very stable, but the hard drive sometimes does not have logs.

How are customer service and technical support?

IBM is…
NM
Solution Manager at ZZTL
Reseller
Has a good feature set and good stability

What is most valuable?

Most of the features are good. It is an excellent solution. 

What needs improvement?

Some of the features should be more cooperative but other than that, everything is okay.

For how long have I used the solution?

I have been using IBM QRadar User Behavior Analytics for a year. 

What do I think about the stability of the solution?

It is very stable. 

What do I think about the scalability of the solution?

It is also scalable. 

How are customer service and technical support?

Our team handles its own support. We are capable of doing our own technical support but we also have IBM to get their help as well.

How was the initial setup?

The initial setup is not straightforward but of medium complexity. It's not simple but not so complex. It usually…