Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Netsurion comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

Elastic Security
Ranking in Security Information and Event Management (SIEM)
5th
Ranking in Extended Detection and Response (XDR)
8th
Average Rating
7.6
Number of Reviews
61
Ranking in other categories
Log Management (5th), Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th)
Netsurion
Ranking in Security Information and Event Management (SIEM)
16th
Ranking in Extended Detection and Response (XDR)
18th
Average Rating
8.4
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (5th), SOC as a Service (3rd), Managed Detection and Response (MDR) (13th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Elastic Security is 7.3%, down from 9.1% compared to the previous year. The mindshare of Netsurion is 0.3%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Gajewski Marek - PeerSpot reviewer
Aug 13, 2024
Provides good anomaly detection and connectivity reporting
I use Elastic Security to aggregate all logs from different devices in one place. It works pretty well and provides one overview of everything The solution's most valuable features are anomaly detection and connectivity reporting. Elastic Security also has many automation capabilities, which can…
John-Berry - PeerSpot reviewer
Sep 11, 2023
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"It is scalable."
"It's open-source and free to use."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"The feature that we have found the most valuable is scalability."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
 

Cons

"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"The solution's query building is not that intuitive compared to other solutions."
"I would like more ways to manage permissions and restrict access to certain users."
"The solution's basic setup takes time, and a lot of effort is required from the beginning to make it actually work."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"The tool should improve its scalability."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
 

Pricing and Cost Advice

"I can say that the product is cheaply priced."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"Elastic Security is free to use."
"This is an open-source product, so there are no costs."
"We use the open-source version, so there is no charge for this solution."
"There is no charge for using the open-source version."
"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."
"The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same."
"You are paying for different levels, especially as far as the monitoring goes and how often you review it with the team. The other factor that figures in is how many nodes are on your network, such as clients, network equipment, servers, etc. There are some additional pieces on top of that, but it's laid out pretty simply, as far as how much you're going to pay for a node."
"Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."
"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
"In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."
"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
10%
Government
10%
University
7%
Computer Software Company
28%
Government
9%
Manufacturing Company
8%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Compared to other tools, Elastic Security is a cheaper solution.
What is your experience regarding pricing and costs for Netsurion Managed Threat Protection?
Their pricing is high. I don't know if it's a barrier. The quality speaks to the price. The price is the price. They provide what they promise. From a purchasing perspective, I just have to come ba...
What needs improvement with Netsurion Managed Threat Protection?
There is one area that needs improvement and that is with the agents and the server that's on-site. The system requirements are very, very high. So I need a pretty powerful server to run. If they c...
 

Also Known As

Elastic SIEM, ELK Logstash
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Learn More

Video not available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Find out what your peers are saying about Elastic Security vs. Netsurion and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.