What advice do you have for others considering IBM Security QRadar?

The version of IBM QRadar User Behavior Analytics, which my company uses, is a little outdated from 2013. That version doesn't have the log collection feature. My rating for the version of IBM QRadar User Behavior Analytics I'm using is a seven overall.

I would recommend tuning it to the maximum before going live. I would rate IBM QRadar User Behavior Analytics a seven on a scale of one to ten.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

I rate the solution a seven out of ten because it is difficult to write script for advanced detection cases and the dashboard is insufficient.

While I use QRadar, I'm in a managerial role, so I'm not living in it every single day as my team members are. Every situation is different. I know a lot of organizations or a lot of C-suite executives all go to the same kind of conferences each year. Then they all come back singing the same song: "We all have to go to the Cloud." I’d rate the solution six out of ten.

I would rate QRadar UBA seven out of ten.

I recommend this solution and rate it seven out of 10.

I rate QRadar UBA eight out of 10. It's a small product doing exactly what it's supposed to do as an integrated part of our SIEM. It looks good and works well. I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft. Regardless of which solution you use, I recommend user behavior analytics. It provides valuable information to the security team. It doesn't matter whether you use Splunk or Microsoft— you should use a UBA solution. We will probably stick with QRadar for the foreseeable future. It depends on the developments in the SIEM market. We will probably continue with IBM because changing SIEM is not something you do lightly. As long as we keep the IBM SIEM, we will continue to use QRadar UBA.

I rate IBM QRadar User Behavior Analytics an eight out of ten.

I rate IBM QRadar User Behavior Analytics an eight out of ten.

QRadar is not perfect. It's a good security monitoring product that can provide threat intelligence, but it cannot do it alone. You need to integrate with many other things, such as IBM Orchestrator. Also, you need to have X-Force. After these kinds of things are integrated, it works a little bit better. I would rate this solution a six out of ten.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different. On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven. I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement. It is a complex product compared to LogRhythm.

I would rate this solution an eight out of ten.

Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product. On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.

If you are only looking at IBM, make sure to evaluate the product thoroughly. Make sure to see the complete list they offer, like more of the competitive features. Explore the options available on the market. It doesn't really integrate well with other products. I would rate it a three out of ten. It is missing key features.

IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer. I would rate it an eight out of ten. They should reduce the pricing.