Secureworks Red Cloak Threat Detection and Response [EOL] Reviews

I am a security consultant. I work for an MSSP, a managed service provider. I go in and evaluate what the deficiencies are. We don't sell any of these services. We're not a manufacturer, we're not a software company. We just help our clients implement the different technologies. If they don't have a SIM, we help them set one up if they need review scanning. We do pen testing, things like that. We originally started with this client as a pen test and then went on to security POS assessments, and from there, started making recommendations and we're going through that list of deficiencies.

Secureworks Red Cloak Threat Detection and Response is a SIM. It is monitoring an environment with three different business units. The business use case is that we just want a SIM that is not in-house, it's outsourced to Dell and they manage it for us, and they notify our IT staff as events are identified.

The features that I have found most valuable are that the search capabilities are easy to use. The dashboards are good. The reports are good. It is just simple from a deployment standpoint - that was easy.

In terms of what could be improved, there are a lot of things identified and there is a lot of continuous improvement. A lot of the things are of a short time frame and a lot are way out.

There was a tuning process but nothing specifically to call out.

As for what could be included in the next release, we are working on the basic feature set. There are probably some things that, as we move through it, we'll come across that are deficient but right now we are not that far along to know. I don't want to say that they could not do certain advancement. For example, there are some automated network response portions that we want to turn up, but we're not ready for that. I don't even know what the capabilities are there, but that's something that, probably in the next 24 months, we will move forward on.

In terms off stability, I work with the client so I don't own their systems, but from my perspective, running it is very easy.

In terms of scalability, I don't know its limitations, but for where we have taken it, we started out with one business unit and we rolled it out to two other business units in a year's time. I thought that was pretty good.

All the endpoint management is with Red Cloak. That includes three business units, 13 sites, and a little over 2,500 endpoints.

It's pretty good in the scope of what we needed to do. We didn't have any issues with it, other than that you have to take time to set up all the feeds into it if you want to get all the logging. That was on our side, trying to work with a client or onboard all the different devices and feeds into it, from the applications to the API builds. It was straightforward, but we couldn't do it all at one time.

In terms of their support, there were always things that were missing, some misconfiguration and stuff there, but that's normal. So nothing that stood out to be horrific or bad, it was all straightforward.

All these solutions have their advantages. QRadar has a really cool portal. I'm most familiar with Splunk, so that's just familiarity but I wouldn't say it is a better interface, it's just more familiar to me. I don't have any criticism of Secureworks, which is fairly new for me.

The initial setup was straightforward. They did the whole thing. You have to get all the feeds and the logging into it, so that took time, but it was not difficult.

I always think it's great when a customer adds a SIM. But the thing is, all of them work really well. In terms of implementation, from a turn up standpoint, Secureworks was easier than some of the other ones I dealt with, so that was probably a good plus on their side.

On a scale of one to ten, I put Secureworks at an eight.