PeerSpot’s valuable crowdsourced user review platform helps technology decision-makers around the world to better collaborate with peers and other independent technical experts to provide advice, share knowledge and expertise without vendor bias.
Our trusted users have ranked numerous popular solutions according to their valuable features, and have also made suggestions on where they see room for improvement.
You can read user reviews for Best SOC as a Service Solutions to help you decide which solution offers the best features for you and your organization.
PeerSpot users rank Arctic Wolf AWN CyberSOC as the number one solution for SOC as a Service.
Top Features: Excellent Integration and Straightforward Deployment
A PeerSpot reviewer who is a Network Security Administrator at a non-profit shares, "The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious."
The user goes on to say, “It is a straightforward solution. It is not complicated. Its deployment is also straightforward. I would rate it a 10 out of 10. They alerted us when there was a big vulnerability, so we're happy with their solution.”
A user who is an Information Systems Coordinator at an insurance company agrees: ”Its initial setup is fairly straightforward. They put in a couple of appliances, and we have to tie them to our firewall. That's the tricky part. If you're monitoring network traffic going out through the firewall, then you would have to tap into the firewall traffic. Some do this, and some don't. Some only have agents, and some have historically been traffic-only. Nowadays, most companies are trying to do both, but some still focus mostly on traffic, and some still focus mostly on agents. I'm sure some focus mostly on just detecting indicators of compromise that they're aware of. They are only looking for those. They are not looking at traffic or agents. So, there're many ways to skin the cat, and different companies are taking or have gotten really good at different approaches. Arctic Wolf's approach is primarily traffic-based, agent-based alerting, and a little bit of indicators compromise.”
Suggested Improvement: Individual User/Endpoint Monitoring
The user also suggests, “They focus on detecting administrator-level control compromises. Because they're focusing more on administrator-level compromise, they are less able to see if an individual user has been compromised. It is, admittedly, very difficult because they don't know what normal human behavior is. If a hacker compromises a human account and then acts just like the human, how are you ever going to notice, unless you have some inside knowledge of how the company works? For example, they overlook account lockouts on user accounts, whereas in our own alerting system, we do not. We review every account lockout, and if it is bad, we contact the person, whereas they think of that as noise because they're more focused on the administrator-level compromise. This is not their fault. I'm sure this is common with all SOCs. They can't look at everything, so they look at the important stuff.”
“I would rate Arctic Wolf AWN CyberSOC a nine out of ten,” they conclude.
#2 Alert Logic
Based on our user reviews, Alert Logic is the number two SOC as a Service solution.
Top Features: Incident Notification
Alex A., who is a system administrator at INSIGHT CREDIT UNION, shares, “The value of Alert Logic is that everything is in one dashboard; I'm notified when there's an incident, kept up to date, and advised on what steps to take. The solution has good intrusion detection.
PeerSpot user Alaina C., Information Technology Manager at Alaina M Callahan Consultant LLC, agrees, “Notifications and the detail of notifications are most valuable. It is a user-friendly solution.”
Suggested Improvement: Better User Menu
Alaina C., also suggests, “Its menu is not very intuitive. I would like to see the user menu expanded a bit. The user menu is very layered, and because of the layers, you have to go down a path that is not very intuitive.”
#3 Netsurion Managed Threat Protection
PeerSpot user reviews rank Netsurion Managed Threat Protection as the number three SOC as a Service solution.
Valued Feature: Threat Detection/Vulnerability Management
A user who is a Network Administrator at a construction company shares, “Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for. We haven't had any incidents, which is a good thing. It is a valuable product. The solution provides actionable threat intelligence. It is not a passive service. They go in and perform mitigations on whatever they find. It is timely. They provide context, so it is understood by anyone who receives these reports.
Gene A., IT Coordinator at a government, agrees, “Its threat detection and response is pretty good. We had a staff member who downloaded something, and I can't remember if they had had the authority to install it in this scenario. Anyhow, they downloaded something and were running something that was connecting to services in Europe which had a bad public reputation. The database or listing that they had referenced was either malware class or spyware. The visibility of seeing somebody had downloaded something that they weren't supposed to, and they weren't following organizational procedures for software procurement, was very helpful and useful. “
Suggested Improvement: Faster Response
Randy C., VP of IT Systems at Carteret-Craven Electric Cooperative, suggests, “I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events.”
Good very informative