Please share with the community what you think needs improvement with IBM QRadar User Behavior Analytics.
What are its weaknesses? What would you like to see changed in a future version?
This is a good product, although it does require some fine-tuning. The dashboard is pathetic and it takes a long time to perform a search. The graphics need to be improved. Providing good support is something that they need to work on. It would be helpful if IBM published more use cases.
We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.
The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed. It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.
In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere. Additionally, there should be integration with IBM Guardian. Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.
The price of this solution is a little bit expensive, so if it were cheaper then it would help. While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.
From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.
They have to build more quantitative monitoring, profiling, and make it more predictive.
Some of the features should be more cooperative but other than that, everything is okay.
How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.