Try our new research platform with insights from 80,000+ expert users
Netsurion Logo

Netsurion pros and cons

Vendor: Netsurion
4.2 out of 5
273 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Weekly security reports summarize daily network events, highlighting potential threats and advising on remediation strategies.
Real-time alerts for user lockouts and invalid password attempts enhance IT department responsiveness.
Netsurion satisfies compliance requirements by centralizing the storage of all security event data, which is essential for auditing.
The Managed Threat Protection includes the MITRE ATT&CK Framework, recognized as an industry standard for evaluating threats.
Netsurion's 24/7 monitoring provides actionable threat intelligence, enhancing company security by detecting and preventing malicious activities.

CONS

The deployment of agents poses challenges, often leading to agents quitting or requiring redeployment.
There are issues with long search times, especially when looking back beyond 30 days, even with improvements in version 9 requiring a solid-state hard drive.
Too many domain controllers complicate updates and firewall management.
Agents on endpoints frequently fail, needing manual intervention from local administrators.
System requirements are high, demanding powerful servers that impact on-premise components.
 

Netsurion Pros review quotes

JB
Jun 28, 2021
The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on.
RT
Sep 10, 2019
I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective.
RC
Nov 16, 2021
When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with.
Learn what your peers think about Netsurion. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
Kevin Lohan - PeerSpot reviewer
Aug 22, 2023
The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network.
MO
Dec 23, 2019
I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows.
BS
Dec 7, 2021
Netsurion was easy to deploy. I have worked with other systems that were a little less complex, but they weren't quite as easy to deploy.
ML
Oct 1, 2020
There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
JH
Dec 23, 2019
I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one.
reviewer1154436 - PeerSpot reviewer
Nov 28, 2019
If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.
reviewer1717125 - PeerSpot reviewer
Nov 16, 2021
I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that.
 

Netsurion Cons review quotes

JB
Jun 28, 2021
With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again.
RT
Sep 10, 2019
Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it.
RC
Nov 16, 2021
I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events.
Learn what your peers think about Netsurion. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
Kevin Lohan - PeerSpot reviewer
Aug 22, 2023
I would also like to have a dashboard that I can access anytime to review the real-time data from their website.
MO
Dec 23, 2019
Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging.
BS
Dec 7, 2021
We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports.
ML
Oct 1, 2020
Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told.
JH
Dec 23, 2019
It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email.
reviewer1154436 - PeerSpot reviewer
Nov 28, 2019
The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated.
reviewer1717125 - PeerSpot reviewer
Nov 16, 2021
The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically.