From my experience, clients have been enjoying the product because it enables faster threat detection. We use it daily for hunting and developing strategies, which are much more extensive compared to the results from a traditional SIEM.
Cyber Security Sales Engineer Manager at a comms service provider with 501-1,000 employees
Efficient use of resources, allowing more work to be done with fewer personnel and highly scalable solution
Pros and Cons
- "The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
- "One aspect that could be improved is the pricing of the product in Brazil."
What is our primary use case?
How has it helped my organization?
With Next-Gen SIEM, we are achieving more with less effort. We can gather more information from the logs and organize it in a different product view, which reduces the need for a large workforce. So we can achieve more with fewer people, and this is particularly advantageous in my line of work, where we need to hire additional staff as we sell more products. However, with this kind of solution bringing in more information about threats and improvements for the organization, we can handle the workload with fewer personnel.
What is most valuable?
The most valuable aspect is the ability to automate tasks, particularly user behavior analytics. It streamlines processes and makes it very efficient to work with, both for me and the users in my company.
What needs improvement?
I work in Brazil, and the solution is not very well known here. The market for technology in Brazil, not related to the quality of the product, is not very favorable yet. I see this as a challenge. We need to invest more effort in raising awareness and educating people about the product's capabilities.
Additionally, one aspect that could be improved is the pricing of the product in Brazil. It is reasonable, but when compared to similar tools or products that are more common in Brazil, it tends to be a bit higher.
Buyer's Guide
Securonix Next-Gen SIEM
October 2024
Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I started to use this solution about two years ago; my company started to work with Next-Gen SIEM.
What do I think about the stability of the solution?
To say the truth, neither I nor my colleagues who work with me have encountered any complaints about stability. As the leading company in Brazil for Securonix or the biggest seller of Securonix in Brazil, we have had no issues with stability up to this point. It has been very reliable, and there have been no instances of lagging, crashing, or any significant downtime reported.
What do I think about the scalability of the solution?
The solution is highly scalable since it operates in a public cloud environment. This allows us to store and process a large amount of information as needed. The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud.
How are customer service and support?
Since I work in the sales team, I didn't need technical support. My role is mainly focused on discussing and selling the product to customers, highlighting its advantages.
So, if any technical assistance is required, it would be handled by the partner or someone else in the client-facing team. I have mostly been involved in the sales process, and I haven't had the need to engage with the technical support team.
What's my experience with pricing, setup cost, and licensing?
I work with two options for Securonix. I use the Legacy and the Advantage versions. The Advantage option is beneficial because it includes the features of the Legacy version at the price of the Legacy package. However, it gets complicated when dealing with User and Entity Behavior Analytics (UBA) and other additional features. The EPS (Events Per Second) quantity grows significantly, leading to the need for more resources to handle the workload when using UBA and other advanced features.
If Securonix aims to grow more and improve its position in the Brazilian market, it might need to consider adjusting its pricing to be more competitive. Currently, as we work with AI solutions, the price might need to go down to better grow its presence in the Brazilian market.
I believe in the quality of the product, so I would rate the pricing as a seven out of ten, where one is low pricing, and ten is high pricing.
When we talk about SIEM, it's important to understand how it brings the necessary information to the company and how we can apply the right intelligence to extract insights about threats and other relevant aspects. I suggest investing time to clearly define what you want to achieve with the SIEM solution. If you don't have a clear understanding of your objectives, the results may not meet your expectations. Take the time to thoroughly understand your requirements to make the most out of the system.
Which other solutions did I evaluate?
In my market and environment, I compete with Splunk, QRadar, and IBM. I've also heard about Hexabeam, but it's not a major competitor here in Brazil. Another one we're considering, which has posed some challenges, is Google Chronicle. However, the two biggest competitors for me are Splunk and QRadar.
When comparing Securonix to Splunk, one issue is the pricing; I believe even Securonix is on the higher side. However, in terms of working with cloud environments, Securonix has an advantage as it performs exceptionally well in the cloud. Unlike Splunk, which struggles in cloud setups, Securonix handles it perfectly. Additionally, in terms of crunching work in the database (DB), Securonix performs better and more efficiently than Splunk, making it a better choice for such tasks.
Other products seem to have a more established market presence, and people are familiar with them, but they might not be as acquainted with Securonix. However, I am confident about the quality of Securonix, and when I get the chance to demonstrate how it works, people tend to like it.
Furthermore, in comparison to IBM, I don't encounter any technical problems with Securonix. The quality of Securonix is solid, and I have no issues discussing its capabilities. When it comes to pricing, Securonix offers a more competitive solution. Even if it's only ten percent better than Splunk in some aspects, the overall value makes it a better option in the end. If the price difference is not as significant, it's more likely that customers will choose Securonix over other options.
What other advice do I have?
Overall, I would rate the solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Senior Security Consultant at LTI - Larsen & Toubro Infotech
Scans our environment for threats, provides good reports, and has a lot of features and analytics
Pros and Cons
- "SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
- "Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
What is our primary use case?
Securonix or SNYPR is a UEBA tool. It has all the features. It can work as a traditional SIEM as well as do behavior-based analysis.
In terms of deployment, it is on the cloud. It is hosted with Securonix. We are using it as a service, however i have worked on premise deployements as well.
How has it helped my organization?
We have this tool to monitor all types of log activities. It can monitor whatever is happening. It can monitor traffic-related things, and it can monitor EDR and all types of logs. It has a set of use cases, and it can alert us if any abnormal activities are happening and if there is any suspicious and malicious traffic. It definitely does 24x7 monitoring of the activities happening in our environment and the type of possible attack that can happen in any of the environments.
It provides a lot of analytics. For handling alerts, we have a manual approach, and it is a team effort. Whenever there is a flag or violation, we check the behavior in the tool or in the UI itself. We can check each and everything in the tool itself. On the basis of that, we identify whether something is a false positive or not. If it is a false positive, we work on the policy condition.
An analyst's efficiency is all about the analytics present in the tool. They provide sufficient analytics. Recently, they have added one more analytics. They already have more than 15 analytics for threat detection purposes. They definitely help us to do more in less time.
In our environment, we do not have external TPI integrated. So, we don't have any external sources for IOCs. With Securonix, all the IOCs are available in their Threat Lab. We are using that feature, and we are also receiving the reports. They check our environment against the IOCs available in their lab and provide us with the report. So far, we haven't got any high severity or medium severity issues. Whatever we got has been of low severity. Sometimes, we see traffic coming from a particular IP address continually, which is blocked in our fiber. We get to know that we have to be very careful about this external, malicious IP address that is trying to hit our environment. Because we do not have the external IOCs or TPIs integrated, we find this report very useful.
It adds contextual information to security events, which is very helpful.
What is most valuable?
SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable. It is a value-added item. It also has third-party TPI.
SNYPR is valuable for any organization because it is not only a traditional SIEM. It is also a UEBA tool. It does behavior analytics. As a UEBA tool, it has a lot of features. You can see a lot of things in the UI itself. It provides a lot of analytics. You can see how a policy is working and how it is giving you the flags if you want to reduce false positives. You can have all the visibility in the UI itself. You don't need to check anything in the backend for this.
It has a feature called Threat Model to identify a threat. For intelligence, it has a feature called Autonomous Threat Sweep that is valuable.
What needs improvement?
Sometimes, there is instability in the data in terms of the customization of the time. They should work on stability on tool. However 6.4 jupiter version is much more stable.
For how long have I used the solution?
I have been working with this tool since 2018 till today.
What do I think about the stability of the solution?
They have improved it a lot over time. We don't see a lot of issues related to stability in our environment. Sometimes, we see instability issues, but they are not very regular.
Performance-wise, it is good. It has a lot of analytics. We see the value in having this tool. Our management is also happy with the tool. It is reliable. We had a lot of configuration mistakes in our environment, and we could detect them with the tool.
What do I think about the scalability of the solution?
It is scalable. We have 1,500 active users. We are operating in the US at three locations.
In terms of the integration of the data sources or the log sources with the Securonix tool, if the connectors are available, we never see any difficulty. I have integrated more than 50 log sources with Securonix. However, if they don't have a connector, we won't have any option for integration. This is common to all the SIEM tools. It isn't something that's specific to this. In any of the SIEM tools, if the connector isn't available, you won't have any option to integrate.
How are customer service and support?
Their support has improved it a lot, They do support us or they do reply to us, but they need to be very fast. They need to be very quick. I would rate them nine out of ten in terms of support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I started with Securonix itself. I have read about other solutions such as QRadar and Splunk, but I did not get a chance to work on these tools.
It was not at all difficult for me to use Securonix's interface. This is the first tool that I used. It was not difficult for me to learn. Its interface is very user-friendly, and I don't think anyone will face difficulty operating the tool. Everything is displayed nicely.
How was the initial setup?
When we have a cloud deployment or we take it as a service, we don't get involved in the deployment of the SNYPR application, but we do get involved with on-prem Remote Ingester. So, application deployment is done by Securonix, but the integration with other sources is done by us. We don't have any difficulties with the integration because we have been working with it for a long time. So, we're aware of the backend and how to integrate. It is quite simple and easy. We also have a call with Securonix SME twice a week.
The maintenance is handled by Securonix themselves. They sometimes do the monthly maintenance. We only get the notification, and we know of the maintenance window. After maintenance, we check everything. We just validate that everything is working fine. They also validate from their end, but we also validate. We haven't had any difficulty after the maintenance or upgrade. It always works fine. There are no issues.
The Securonix cloud-native platform helps minimize infrastructure management. We don't need to buy a server. We don't need to manage it.
What other advice do I have?
It is a good solution, but it definitely requires some improvements. It has already improved a lot. They are upgrading it in every build, and it is getting better. They work on policy decommission. Whenever a policy gets old or replicated, they remove the policy. They work on the content refresh. For example, last year when we had the Log4j vulnerability, they immediately updated their content and applied the policy. They provided an update for the Log4j vulnerability.
I would definitely recommend this tool. It is really a good tool. It has all the features available. I don't know anything about the pricing. I don't know if it is more expensive or cheap as compared to the other tools, but as a UEBA tool, I would definitely recommend it to everyone.
Overall, I would rate it an 9.5 out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Securonix Next-Gen SIEM
October 2024
Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Head of Cybersecurity at a tech services company with 11-50 employees
Provides flexible data ingestion and good optimization and data analysis
Pros and Cons
- "We can customize our use cases with the tools provided by Securonix. It is an excellent tool that can ingest data in different ways and is very flexible."
- "Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
What is our primary use case?
We have customized the uses of the platform for our benefit. In general, we use it for failed access attempts, network issues, and allowed/blocked, and we have use cases for platforms such as Windows Server.
We are a service company and partners of various vendors. We provide support to customers. Our strategy is that each piece of equipment sold to customers comes with value-added service, and Securonix protects our customers.
How has it helped my organization?
It is an excellent tool that helps us optimize threat-hunting operations, detect intrusive events on the network, and respond to security incidents. It is a tool that helps debug false positives and eliminate noisy alerts. It helps us focus on the alerts that we should take into account for analysis.
Using old, traditional SIEMs did not provide us with the same responsiveness and ability to operate. And if they did provide us with something similar, we needed more staff to review things, event by event. That meant some risky events could occur unnoticed. With Securonix, those issues no longer exist. Securonix shows us information that we must consider as a threat and helps us know when to start an investigation to avoid an incident.
It's very good at adding contextual information to security events. It has reduced the time spent by admins on the dashboard. They can now see information connected to attack risks or even users. The single dashboard alerts them and quickly reports if there is any threat.
It has helped us to better understand what is happening in our network through the indicators of compromise. We have saved days of work. And it optimizes the time that analysts take to review events, compared to other tools that do not have as much intelligence and as many indicators. With Securonix, the information automatically enters and adds intelligence to the indicators. This saves a lot of time that would otherwise be spent reviewing noisy data. It saves our analyst between four and eight hours when analyzing events.
When it comes to advanced threats, it shows us the threats or events that have been detected, with their risk level. It shows us a vulnerability bar and that helps us see who is looking at us, who is trying to deliver certain information to our systems, who exploited us, or if there is any alert due to someone extracting certain information. The automation of information delivery has facilitated everything, saving us three or four days.
What is most valuable?
For optimization and data analysis, it has a good evaluation engine for repeat offenders and that has helped us to detect, on time, what other basic SIEMs did not detect. Those other solutions needed more time to detect at that same level.
We can customize our use cases with the tools provided by Securonix.
It is an excellent tool that can ingest data in different ways and is very flexible.
What needs improvement?
Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence databases that they use. The idea is that they share what threats they are detecting.
For how long have I used the solution?
I have been using Securonix Next-Gen SIEM for about a year.
What do I think about the stability of the solution?
It is stable, both in the cloud and on the servers. We have never had access problems or experienced any performance issues.
What do I think about the scalability of the solution?
Scaling is flexible. If we fall short in terms of EPS, we would simply increase the EPS. And if the RIN server has low resources, as it is a virtual machine we could increase the resources according to the data quantity.
It is an excellent option for the cloud in terms of scalability. It is flexible for both us and our clients. We have plans to increase usage for certain customers.
How are customer service and support?
The support is excellent. At the service level, they attend to us quickly. We have a post-sale person who follows up in some cases. He can also see the tickets and can escalate something according to the urgency.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used a traditional SIEM where everything was very manual. It did not have threat intelligence or threat hunting of compromises, while Securonix has those features.
We changed because we wanted a good tool to automate certain manual processes so that everything is more flexible. With Securonix, you have the option of integrating with other indicator-of-compromise services, and that helps create a more powerful platform and eliminate false positives.
How was the initial setup?
I started the process of design and continued with onboarding and implementation. The initial implementation was simple, but we had some delays because we had new solutions and we had to create new templates. But in general, if you have traditional solutions that have a template, it is easy to implement. It would take a week.
As for our implementation strategy, the tool that we had previously had a forwarding functionality, so what we did was deploy information to the RIN and, from there, sent the information to the cloud. After that, we created a pipeline and sent the rest of the events so that we could take the previous SIEM out of production.
The sources took a month to incorporate. It took us a month to get access to the teams because we do not manage certain teams. It was a bureaucratic process.
Securonix does the maintenance. It doesn't require work from us. They send us emails indicating that the system is going to have a brief reboot and it takes a short amount of time.
What about the implementation team?
We hired an onboarding engineer from Securonix who helped us with the implementation of the RIN. He explained the process to us until we understood everything.
Our experience with the onboarding engineer was good. He helped us with any questions we had and followed up through emails.
For the implementation of Securonix, we only needed one person from our side. I was the point of contact with our other areas.
What was our ROI?
Where we see our best return on investment is in the time and manpower we save. Before Securonix, our staff had to investigate events constantly. Now, one engineer with some expertise is enough to speed things up and give the rest of the admins time to do other things.
What's my experience with pricing, setup cost, and licensing?
The pricing is fine compared to the market but I think that at some point the competitors will catch up on price. It would be good if, for example, there were an option to offer customers who have used the solution for more than a year some kind of additional trial or service.
There is no cost outside of the standard licensing fee, other than an initial installation service charge. Otherwise, there is simply a monthly cost for the service.
Which other solutions did I evaluate?
We were thinking about Splunk, QRadar, and Rapid7. One of the drawbacks of those systems would be the infrastructure. Many of the other platforms, including McAfee, need boxes or deployment servers in our infrastructure or our clients' infrastructures and, in many cases, the infrastructure is growing continuously.
With Securonix, that does not happen. It is a cloud solution that only requires a small deployment server with low resources, depending on how many events are received. And all that information is stored in the cloud as well.
The cost, compared to other solutions, is better.
Compared to other platforms, it is very simple yet, at the same time, it is very efficient because it packs information into a glance. After that, it gives you the option of hunting threats and that can be initiated on the dashboard.
It is very intuitive. A person who has a certain notion of cyber security can move quickly since it gives you information about any attack. It gives you a summary and it gives you links to receive information. And if you don't have much knowledge of the tool, you can always take the courses that are free on the web. Doing so helped us understand the solution.
What other advice do I have?
This is a solution that will help you a lot in hardware processing and in optimizing the time it takes to review events, which is what admins often spend their time doing.
There are things on the network that you can't see with traditional tools. There are tools that don't give you the visibility that Securonix gives you.
Foreign Language:
(Spanish)
¿Cuál es nuestro caso de uso principal?
Hemos personalizado los usos de la plataforma para nuestro beneficio. En general, lo usamos para intentos de acceso fallidos, problemas de red y permisos/bloqueos, y tenemos casos de uso para plataformas como Windows Server.
Somos una empresa de servicios y socios de varios proveedores. Brindamos soporte a los clientes. Nuestra estrategia es que cada equipo vendido a los clientes venga con un servicio de valor agregado, y Securonix protege a nuestros clientes.
¿Qué es lo más valioso?
Para optimización y análisis de datos tiene un buen motor de evaluación de reincidentes y eso nos ha ayudado a detectar, a tiempo, lo que otros SIEM básicos no detectaban. Esas otras soluciones necesitaban más tiempo para detectar al mismo nivel.
Podemos personalizar nuestros casos de uso con las herramientas proporcionadas por Securonix.
Es una excelente herramienta que puede ingerir datos de diferentes maneras y es muy flexible.
¿Por cuánto tiempo he usado la solución?
He estado usando Securonix Next-Gen SIEM durante un año aproximadamente.
¿Qué opino de la escalabilidad de la solución?
El escalado es flexible. Si nos quedamos cortos en términos de EPS, simplemente aumentaríamos el EPS. Y si el servidor RIN tiene pocos recursos, al ser una máquina virtual podríamos aumentar los recursos según la cantidad de datos.
Es una excelente opción para la nube en términos de escalabilidad. Es flexible tanto para nosotros como para nuestros clientes. Tenemos planes para aumentar el uso para ciertos clientes.
¿Cómo son el servicio de atención al cliente y el soporte?
El soporte es excelente. A nivel de servicio nos atienden rápido. Contamos con una persona de post venta que da seguimiento en algunos casos. También puede ver los tickets y puede escalar algo según la urgencia.
¿Cómo calificaría el servicio y soporte al cliente?
Positivo.
¿Qué solución usé anteriormente y por qué cambié?
Usamos un SIEM tradicional donde todo era muy manual. No tenía inteligencia de amenazas o búsqueda de amenazas de compromisos, mientras que Securonix tiene esas características.
Cambiamos porque queríamos una buena herramienta para automatizar ciertos procesos manuales para que todo sea más flexible. Con Securonix, tienes la opción de integrarte con otros servicios de indicadores de compromiso, y eso ayuda a crear una plataforma más poderosa y eliminar los falsos positivos.
¿Cómo fue la configuración inicial?
Comencé el proceso de diseño y continué con la incorporación e implementación. La implementación inicial fue simple, pero tuvimos algunos retrasos porque teníamos nuevas soluciones y tuvimos que crear nuevos modelos. Pero, en general, si tiene soluciones tradicionales que tienen un modelo creado, es fácil de implementar. Tardaría una semana.\
En cuanto a nuestra estrategia de implementación, la herramienta que teníamos anteriormente tenía una funcionalidad de reenvío, entonces lo que hicimos fue desplegar información al RIN y de ahí enviamos la información a la nube. Después de eso, creamos una canalización y enviamos el resto de los eventos para que pudiéramos sacar de producción el SIEM anterior.
Las fuentes tardaron un mes en incorporarse. Nos tomó un mes tener acceso a los equipos porque no administramos ciertos equipos. Fue un proceso burocrático.\
Securonix hace el mantenimiento. No requiere trabajo de nosotros. Nos envían correos electrónicos que indican que el sistema se reiniciará brevemente y normalmente no tarda mucho.
¿Y el equipo de implementación?
Contratamos a un ingeniero de incorporación de Securonix que nos ayudó con la implementación del RIN. Nos explicó el proceso hasta que entendimos todo.
Nuestra experiencia con el ingeniero de incorporación fue buena. Nos ayudó con cualquier pregunta que tuviéramos y nos dio seguimiento a través de correos electrónicos.
Para la implementación de Securonix, solo necesitábamos una persona de nuestro lado. Yo era el punto de contacto con nuestras otras áreas.
¿Cuál fue nuestro Retorno de Inversión?
Donde vemos nuestro mejor retorno de la inversión es en el tiempo y la mano de obra que ahorramos. Antes de Securonix, nuestro personal tenía que investigar eventos constantemente. Ahora, un ingeniero con algo de experiencia es suficiente para acelerar las cosas y dar tiempo al resto de los administradores para hacer otras cosas.
¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?
El precio está bien en comparación con el mercado, pero creo que en algún momento los competidores alcanzarán el precio. Sería bueno que, por ejemplo, hubiera una opción para ofrecer a los clientes que han utilizado la solución durante más de un año algún tipo de servicio adicional.
No hay ningún costo fuera de la tarifa de licencia estándar, aparte de un cargo por servicio de instalación inicial. De lo contrario, simplemente hay un costo mensual por el servicio.
¿Qué otras soluciones evalué?
Estábamos pensando en Splunk, QRadar y Rapid7. Uno de los inconvenientes de esos sistemas sería la infraestructura. Muchas de las otras plataformas, incluida McAfee, necesitan cajas o servidores de implementación en nuestra infraestructura o en las infraestructuras de nuestros clientes y, en muchos casos, la infraestructura crece continuamente.
Con Securonix, eso no sucede. Es una solución en la nube que solo requiere un pequeño servidor de implementación con pocos recursos, dependiendo de cuántos eventos se reciban. Y toda esa información también se almacena en la nube.
El costo, en comparación con otras soluciones, es mejor.
Comparado con otras plataformas, es muy simple pero, al mismo tiempo, es muy eficiente porque empaqueta la información en un vistazo. Después de eso, le da la opción de cazar amenazas y eso puede iniciarse en el tablero.
Es muy intuitivo. Una persona que tiene cierta noción de ciberseguridad puede moverse rápidamente ya que te da información sobre cualquier ataque. Te da un resumen y te da enlaces para recibir información. Y si no tienes mucho conocimiento de la herramienta, siempre puedes tomar los cursos que están gratis en la web. Hacerlo nos ayudó a comprender la solución.
¿Qué otro consejo tengo?
Esta es una solución que ayudará mucho en el procesamiento de hardware y en la optimización del tiempo que lleva revisar los eventos, que es a lo que los administradores suelen dedicar su tiempo.\
Hay cosas en la red que no puedes ver con las herramientas tradicionales. Hay herramientas que no te dan la visibilidad que te da Securonix.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Cyber Security - Consultant at LTI - Larsen & Toubro Infotech
The built-in management tool has improved our security teams' efficiency
Pros and Cons
- "I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
- "It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
What is our primary use case?
We use Securonix to monitor attempted malware attacks. It sends us alerts, so we can investigate suspicious entities. We'll refer it to the consent team, who will give their solution or comments.
We have a server where all the data is stored. The Securonix people will take the data from that server, encrypt it, and send it back to the application. From there, we can work on the alert and monitor the data.
How has it helped my organization?
The product reduced our investigation times by about 85 percent. Data and geolocation enrichment are the two essential components of the detection part. When there is an IPS alert, we generally need to check to see where the IP is located. Securonix will tell you where the IP is located in the city and country. Securonix helped a lot when the Log4j cybersecurity attack broke out last year. It enabled us to investigate that threat deeper.
The behavioral analytics features reduce our false positive rate compared to traditional antivirus and cut the time spent detecting and responding to threats by about two hours each week.
Next-Gen SIEM provides valuable contextual information about security events. We are adding all the information, like user data, from Active Directory. Whenever a user is terminated or retires, we will get an alert stating that the user has separated.
The built-in management tool improved our security teams' efficiency. You can raise a ticket with one click when you see something suspicious. You can work on it and do your analysis in the backend. It will open a ticket and send it to the teams.
The analysis will be completed in 15 to 25 minutes. The solution will email the consent team to tell them they need immediate action. In other tools, we have to go to another third-party tool to raise a ticket, and we need to escalate the issue ourselves. There is typically another procedure, but Securonix has a built-in management tool. This reduces a process that would typically take an hour to about 15 or 25 minutes.
It also helped us avoid data loss because we integrated SharePoint into Securonix. We get a notification when someone deletes files in Sharepoint that reports the SharePoint link, the user, deleted files, etc. We will investigate whether it's a legitimate activity or something else.
What is most valuable?
The most attractive feature of Next-Gen SIEM is UEBA. The solution creates a user baseline and detects spikes and outliers. Before we started using Next-Gen SIEM, we used traditional signature-based detection. Signature-based detection checks whether a malware signature exists in the database, whereas behavioral detection analyzes all the data.
For example, let's say a given user accessed a device ten times in the last 30 days during regular business hours on weekdays. Next-Gen SIEM will send an alert if the user accesses the device on the weekend or 20 times in a single day. Based on that, we will investigate and email the manager.
The correlation rules and the Spotter carriers are essential in any SIEM. One new feature I like is the Autonomous Threat Sweeper. We will get a notification that a recent attack has entered the environment. They'll provide all the information we need to investigate. It's an excellent feature, but we've only been using it for three to four months. Threat Sweeper does the job in the background whenever we all have some other work. We go through the notifications and decide whether they're essential or not.
Threat Sweeper is handy. It will clearly show where the anomaly in the data occurs. There is clear information about the IOCs, IP addresses, domain names, etc. We can easily run it in the background and forward the same threat detection report to the other consult teams, like the network and server teams. Another new feature is XDR. I haven't used it, but I've heard it uses signatures and behavioral analysis efficiently.
When I started to use Securonix, I was a little confused, but I could pick it up after a week. Everything is UI-based, and all the information is available on one page, so you don't need to go to different tabs to get what you need. It's very user-friendly. With a click, you can open all the reports you want and generate as many queries as you need. There's no need to use commands.
What needs improvement?
It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process.
For how long have I used the solution?
I have been using Securonix for about a year and a half.
What do I think about the stability of the solution?
We can rely on Securonix. Whenever we get a new solution or new part, we'll always follow the vendor's suggestions, and they will give us an idea about what is happening or what we have to do.
What do I think about the scalability of the solution?
Securonix is scalable.
How are customer service and support?
I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours.
Which solution did I use previously and why did I switch?
I previously used McAfee's SIEM solution. I switched because I shifted to another project using Securonix. Securonix is faster and more user-friendly. McAfee takes five minutes to load, whereas Securonix will load in the blink of an eye, and I never face any slowness in the application in Securonix. It takes an hour to generate a report on McAfee. It's no competition for Securonix.
How was the initial setup?
I joined after the implementation, but it requires very little maintenance after deployment. We have one or two hours of downtime for quarterly maintenance.
What other advice do I have?
I rate Securonix Next-Gen SIEM nine out of ten. If you plan to implement Securonix, I recommend buying it now because they're offering a limited-time discount. It's an excellent SIEM, and anyone can afford it right now.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Project Manager at a manufacturing company with 10,001+ employees
Behavioral profiles help us identify somebody who is engaging in anomalous behavior
Pros and Cons
- "The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do."
- "[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
- "We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
What is our primary use case?
We use the solution for protection of engineering intellectual property. We currently look at engineering data in two systems, one a commercial system and one which is a homegrown system.
How has it helped my organization?
We've seen a couple of circumstances where people accessed data, especially in our internal application, and we weren't sure how they did it, because they shouldn't have been authorized to access it. We actually found a backdoor on our side. Their access did not go through that backdoor intentionally, but they did find a backdoor way to get the data. We shut that one down as soon as we found it.
The other thing we do, where it's been a big help, is that we people who, from a process standpoint, bring down a ton more data than they should. They aren't doing something malicious, but there are ways to bring down simplified data subsets. We've been able to educate the users to take down simplified sets. In essence, that saves them time and effort in having to bring all that data down and then call it up and use it. It's really tough to put hard numbers on that but we have certainly seen a reduction in the amount of these high-volume downloads and it's really been because of a process change on the part of the users.
What is most valuable?
The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects, files from either the engineering or the homegrown application. It's very easy to see people's patterns, what they typically do. The system might identify somebody who is engaging in anomalous behavior. Especially with the product's rev 6, there are a lot of tools to go in and do investigations, even without talking to the person, to try to determine what were they doing. Is it a case that they normally don't do something but this looks like a legitimate action, or is it something we need to investigate? That is pretty neat.
What needs improvement?
It's tough in some cases for the solution to do it, but we have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that. That's a difficult problem to solve because it's very application-driven and very user-driven, based on what the user's role is.
For how long have I used the solution?
We started our implementation in October of 2016. We are currently on Revision 6.2 of Securonix ( /products/securonix-security-analytics-reviews ) using the SaaS cloud version.
What do I think about the stability of the solution?
The stability has been pretty good. On rev 5, once we got it going, it was very stable. We didn't find very many issues.
As we go from rev 5 to rev 6, the architecture's a little bit different and we have run into a couple of issues which they are in the process of fixing. Once those are fixed, we'll discontinue use of rev 5 and use rev 6 because we feel comfortable with what we're seeing in the data for rev 6.
The stability issues I mentioned are definitely bug-related. We had a call with Securonix's development management last week and they gave me a very good technical explanation of what was going on. It made sense but it was complicated. It had to do with the sequence of what they were doing and the data sources and how it's different in the architecture. These are just things they didn't expect to run into. Once they understood it, they started fixing it and making sure that it not only fixes our instance but other customers' instances, where they might have run into something similar.
What do I think about the scalability of the solution?
It's certainly extremely scalable. They have a lot of connectors into different data sources. We haven't identified a data it seems we wouldn't be able to read in.
We certainly have plans to increase usage. We started this as more of a pilot with engineering data access on these two systems. Currently, on our homegrown system, there are about 20,000 users a month. On the commercial system, which houses a lot of the engineering model data, there about 13,000 users. That's the number of people whose activities we're looking at. That's internal, customer employees, as well as contract-contingent workers, onsite and offsite.
Which solution did I use previously and why did I switch?
We didn't have a previous solution. On our homegrown system, we made a little bit of a homegrown solution, but the only thing it did was that if somebody had a high number of downloads, it would send us a note. On the commercial system, we were trapping things in the log, but the logs are typically about 1.5 million rows a day, and that's really tough to analyze by hand. That is why I said, "I can't do this. I need an analytics tool to do this." This was really the first analytics tool that we deployed for this particular purpose.
How was the initial setup?
For me, the system setup, itself, was of medium complexity because, for both applications, there were standard connections into them. We had to write our own queries. We learned from that. Our homegrown system was fairly easy because we just look for objects downloaded. Our other application looks for more than just these download events. So it was more complicated to come up with the query and then for us to come up with use cases to have the system analyzed.
We find that that process is ongoing. From when we started, we've never really stopped improving how we're trying to get results with the system. From my experience, you don't set it up and you're done. It's very much an evolutionary process. As you learn more, you can help feed that into the system. You can say, "Oh, I thought this was a problem. You're saying it shouldn't be. Okay, I'll take care of that now and I won't flag that. Or I'll make a different peer group to analyze data against." For us, it's very much a continuous process so that we can improve and hopefully minimize what we think are things that we need to investigate.
In terms of how long our deployment took, to me, it is still evolving. If I look at the initial one that we did on rev 5, the system was set up in October and just after Christmas we were, for both sources, doing pretty well. We were getting very usable results. The homegrown one was very easy to implement and we got that one going before Christmas. The other one is a little more complicated and took about three months. We've constantly refined ever since.
The implementation strategy, initially, was to apply it to these two applications but we didn't necessarily know what we would find, what the typical behavior would be. So we really needed to understand what people are doing, with our various use cases. Our strategy has been to continue to improve, to reduce the amount of time we take to look at data to see if something is an issue. And then, we're looking at a reading in more engineering data sources.
Currently, we're in the process of figuring out the best way to read in from a SharePoint Azure site, to get data from our SharePoint on what people are using for accessing documents. Then we're also looking at what we call data "exfiltration," which is: Did somebody take the data once they downloaded, did they send it to a printer, did they email it out? Did the data go somewhere off the computer of the user to somewhere else? Our strategy has included taking that to the next step.
When we move from rev 5 to rev 6, there are new capabilities, new enhancements, and so it took a few months to get ready. The best way to describe the move to rev 6 is that it's a totally different system. It's a SaaS environment. The one we have now is on-premise. What you do is re-set up the use cases that you are currently using and your policies and then re-ingest data, but from a shorter timespan. Because of what we were doing, it is a little more work. But the Securonix folks helped us with the initial setup and the data ingest. From our standpoint, it was just a matter of validating on our internal system for rev 5, how the data was looking in rev 6. It certainly took some time.
What about the implementation team?
The consultants from Securonix are key, from our standpoint. I have almost daily calls with them to talk about what are we seeing, what are we doing, how can we improve things. We actually have a team call with some of the Securonix consultants and management every week. We generate a weekly report of what we have run into that we need help on, what our accomplishments have been, and if there are any issues, what their statuses are. We have excellent communication with the Securonix consultant folks. They're very good.
What was our ROI?
For this kind of solution, unless you find somebody who physically took something and was going to sell it or try to, and you were able to recover it, it's really tough to put a monetary number on intellectual property loss. You would be making an assumption about what might have happened if the competition had it.
Still, I would certainly say that that we have seen a return on investment. We haven't seen a return where we actually stopped our engineering IP from going out the door. Then we would definitely have an ROI because all it takes is stopping one person and you've paid for your investment over and over again.
But what we've been able to do, if nothing else, is to let more people know that we are aware, that we're watching what's going on. We've had factory managers who are actually appreciative and feel more comfortable knowing that someone is watching this information. Again, we're back to these intangibles, but our company very much sees the value in this and, as we move forward, we'll see even more value. It might cost us a little bit more but we'll see more ROI if we find out what's going on with things like data exfiltration.
What's my experience with pricing, setup cost, and licensing?
I can't say anything from a numbers standpoint, but we went in on a three-year agreement which has an annual licensing fee, based upon the number of people that we're monitoring. There have not been any additional costs to the standard licensing fees.
Which other solutions did I evaluate?
We did evaluate other options. The main competitor was Exabeam. My manager was the one who did a lot of the investigation of the various tools.
At the time, the competitor's system was extremely limited in the number of data sources it could read in, whereas Securonix had a lot of pre-made connectors. In our cases it had out-of-the-box connectors to the two data sources that we needed. We had to write our own query, but it could at least connect directly into the logs that we had.
The other thing that Securonix had, and the other one didn't, is incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it. Since it was all integrated, it was extremely helpful. That was one of the things that we liked.
Also, at the time, Securonix was the most mature in the user and entity behavioral analytics, among the groups which offered that kind of functionality and software.
What other advice do I have?
The best advice is to make sure that you understand your use cases. For example, we said we want it to trap a high number of downloads, we want to see if people downloaded and then emailed out any of the objects. We came up with the use cases of what we wanted to check for even before we started our implementation. Then the Securonix people were able to better set up the individual threats that we were watching for.
The other thing that we do is we categorize our data. We say a given type of intellectual property is high, medium, or low. That way we know what we really want to protect. Somebody taking a nut or a bolt isn't the same thing as somebody taking a turbocharged engine and trying to sell it to somebody.
It took us a while to actually come up with a standard for categorizing and then to actually categorize, because there were millions and millions of objects or drawings that we needed to classify. That was a project in and of itself. We did that before we did any kind of analytics with Securonix. The first thing we did was classify our data.
When I took this role, they said, "Hey, we want you to protect our high IP." So I smiled and said, "So how can I tell what the high IP is?" And they said, "Oh, well it's in this folder." I said, "What happens when it's out of the folder? How do I know?" I wanted it so that the data could always tell me it's IP level, regardless of what folder it was in or even if it was out on someone's desktop. That's why, to me, that's the first thing that you need to do. Because otherwise, it's just hearsay in terms what's important to protect. If it's important to protect, label it and then we'll understand.
We look for ways for us, and for the system, to improve identifying things. For the majority, we've been happy for what's there. With typical software you run into software issues that might slow you down and you have to get them fixed. They've been very good about resolving issues when we find them, especially because we find stuff that is pretty unique because of what we're doing with application monitoring. It's so specific and it's really customized for how we've set this up.
There are just a handful of users of the solution. I'm the main one who works with the consultants. Otherwise, it's a group of just under ten people who are even able to get into Securonix and look at the information. Like me, most are in IT. There's one person in insider-threat security who helps with coordinating investigations. There's also someone on the business side, even though he is, in a way, more IT-related. He works for the engineering standards group on the business side.
In terms of deployment and maintenance of the product, we certainly rely on the Securonix folks. There was one main person we used for the deployment of Securonix. Sometimes that person had a second, and I was involved as well. Only three people, from our side, were involved in the actual deployment, although I needed people to write the query to ingest the data. But once that was done, I didn't need those people anymore.
Maintenance is done by me and the Securonix consultant. Since it's a SaaS environment, I have no idea how many people they have on their side, making sure that the system's working fine.
For what we're doing and what it can do, on a scale of one to ten, I would put it in the nine to ten range. The only reason I wouldn't say ten is that means it's always perfect. There are always issues. But I'd say it's at least a nine.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Consultant at LTI - Larsen & Toubro Infotech
The user interface is easy to learn and navigate
Pros and Cons
- "The user interface is easy to learn and navigate."
- "Sometimes, the injectors lag and are not loading. It would be nice if that could be improved."
What is our primary use case?
It is a good tool. My company uses it for all our SIEM projects.
How has it helped my organization?
It doesn't take as much time to work on policies or injectors, saving us time.
We can now process more data in 20 minutes.
It has improved analyst efficiency by 30%.
We haven't experienced any data loss, which is good.
What is most valuable?
The policy violation feature is quite interesting. Policy violations trigger before the end of the month and they go into effect.
We haven't seen any security complaints or data breaches, reducing the time needed for investigations by 30%.
The user interface is easy to learn and navigate.
What needs improvement?
Sometimes, the injectors lag and are not loading. It would be nice if that could be improved.
Securonix Next-Gen SIEM is good for helping us ingest all our log sources when investigating threats. However, there is a glitch where we can't get it up and running. They are working on this issue, which is good.
For how long have I used the solution?
I have been using Securonix Next-Gen SIEM for the last eight months. Before that, I didn't have much experience in Securonix. These days, I am training people on how to use the solution.
What do I think about the stability of the solution?
It is quite stable.
The solution hasn't required maintenance so far.
What do I think about the scalability of the solution?
It is scalable.
How are customer service and support?
The technical support is fine. I would rate them as eight out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We haven't used another solution apart from this one.
How was the initial setup?
I am just an analyst. I didn't take part in the deployment.
What was our ROI?
It took us a month to realize the solution's benefits.
Which other solutions did I evaluate?
This is one of the best tools that I have seen.
What other advice do I have?
When we started, there were a lot of false positives. Now, the amount of false positives has been reduced. It is much better than before.
I would definitely recommend this solution to others. I would rate Securonix Next-Gen SIEM as nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cyber Security Consultant at LTI - Larsen & Toubro Infotech
Helps us to quickly detect advanced threats, gives us lower response times, and reduces false positives
Pros and Cons
- "The most valuable feature is that it works on user behavior and event rarities."
- "Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."
What is our primary use case?
We mainly use Securonix for SIEM software architecture and for logs. We generate all the logs from different APIs and firewalls. We also have created other policies. Securonix is the primary tool we use to get everything done for our projects and architecture. We even use it for other solutions like AD.
Primarily, I work on violations and policies, not the backend. As an analyst, I work on SIEM.
The solution is deployed on a private cloud. It is deployed with Microsoft Azure.
Everyone has access to SIEM, but they don't have admin access. We mainly have three people and a team lead on the Azure Securonix team. I am the backup and work on the operational side of that team. Everyone has read-only access except the three team members.
How has it helped my organization?
Securonix primarily helps with our log code situation. We found a vulnerability last December, so it helped us gather logs for that. We informed our vendor, and they provided some queries on how to get those vulnerabilities and logs.
I normally work on policies and face a lot of false positives. We reduced many false positives since using this solution. Securonix has definitely helped improve our threat detection response and reduced noise from false positives.
Sometimes we face threats and sign-in logs from different countries, but we're able to resolve those. Sometimes we face malicious activities from traffic but it's very rare. It happens about twice a month.
Securonix helps a lot with monitoring. My project is in the monitoring and operational stage, so it's a primary tool I use to monitor everything. The implementation stage has already been completed. We have created policies for all kinds of tools and APIs.
As we are the client, most of us don't have the SIEM threat model feature. There isn't a lot of proper information about how to implement that. Customer service doesn't have a proper idea either. We are lagging in this area, but it's good overall.
In some cases, we have observed that people start getting login failures, so we checked the logs from Securonix and resolved the issue. In that way, it's helped.
Securonix Next-Gen helps us detect advanced threats faster and gives us lower response times. Sometimes we face a data source delay and it's impacted badly, but overall it serves us a lot.
I haven't faced any data loss since using Securonix.
What is most valuable?
The most valuable feature is that it works on user behavior and event rarities. Those features are in Splunk too, but they're not as effective. Securonix's customer service is also pretty good.
It's not difficult to use the interface, but there's a lot of documentation to read.
We haven't experienced any performance issues when ingesting log sources and investigating threats. The response is good.
What needs improvement?
Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source. That should be updated on a regular basis.
In some of the policies, the geographical location for a single IP is from a specific country, but the IP doesn't match. For instance, if the log is from China, the actual location of that IP will be from somewhere else, not China.
For how long have I used the solution?
I have been using this solution for more than a year.
What do I think about the stability of the solution?
It's reliable and very stable. We haven't faced any major or even minor issues with security.
What do I think about the scalability of the solution?
It's definitely scalable and fulfills my needs.
How are customer service and support?
Technical support is good, but sometimes we face delays with responses.
I would rate technical support as nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution was already in the mid-stage of implementation when I joined the organization. I mostly worked on fine-tuning the policies.
We have a team that takes care of maintenance updates. The solution needed some updates because the user behavior wasn't working properly for some of the policies. As of now, instead of using user behavior, we use event rarity. After version 6.4 is implemented, the issue will be resolved. There are two or three more issues we have that will be resolved after the update.
What other advice do I have?
I would rate this solution a nine out of ten.
My advice is to get a proper idea of the tool you are working on and be sure to read the documentation.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Practice Head-CyberSecurity at ALTEN calsoft Labs
Analytics platform has open security data-links and it is easy to deploy
Pros and Cons
- "The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
- "The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
What is our primary use case?
In our organization, we handle cybersecurity. As an IT services company, we are limited to setting up the security operations center in different forms for our customers' requirements.
We are in the business of setting up the security operation center for the customers and we also provide other stock services for many of the customers. We do have a lot of service offerings on our stock management platform.
We do MDR via cloud security and its monitoring services, so we are very familiar with the leading platforms in the market today like QRadar and Splunk. We use them in our environment today. I have been searching out the next-gen SIEM. Then I brought Securonix to my board. I came to learn that Securonix is leading in the innovative ideas and innovations on the SIEM platform side. Particularly because my role is a security practice in Veeam SM. If you evaluate the market trends you understand the products released into the market and how best to leverage that integration and make sure that there is no bounce back to the customer in these situations. That's why I started evaluating the Securonix in a typical lead evaluation.
We are not partnered, we have just done a couple of initial discussions with some of the folks here in India. We are still in the stage of evaluating these products, including Securonix.
I noticed that this is more on the open data platform when it comes to managing the locks from a different angle and for different assets. That's one area which is more interesting for us.
Compared to other competitors in the market, what I have seen is that their module is the UEBA, User and Entity Behavior Analytics, module. That is something different which they are offering today.
These are some of the differences I see. Additionally, is the pricing issue. They are moving from DB pricing to the identity-based pricing. But I'm still confused about that identity pricing. I still have to get more clarification from the products.
What is most valuable?
The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors.
What needs improvement?
As far as what can be improved, again it is the pricing. I'm not sure how they are proceeding with the identity-based pricing compared with DB pricing which most of the vendors are using today. Some of them are dealing with EPS based pricing.
What do I think about the stability of the solution?
There is still a need to evaluate the stability because we are very new to this platform. So we need some more time to do that.
How was the initial setup?
The initial setup is straightforward, it is easy to deploy.
Which other solutions did I evaluate?
We did evaluate other options before choosing Securonix. As an MSSP we use many products. It all depends on the kind of requirements we get from the customer. We evaluated QRadar and Splunk. As an MSSP, we use a combination of tools.
The major difference between Securonix and the rest is that their security data-link is very open and the hosting of that platform is much simpler compared to other vendors.
Because there is no proprietary thing involved here the log management should be much easier compared to others.
What other advice do I have?
On a scale of one to ten I would rate Securonix an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Identity Threat Detection and Response (ITDR)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
Cisco Identity Services Engine (ISE)
CyberArk Privileged Access Manager
IBM Security QRadar
Elastic Security
Rapid7 InsightVM
AWS Security Hub
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Microsoft Defender for Identity
Buyer's Guide
Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?