Securonix Next-Gen SIEM Reviews

Our primary use case is privileged-account monitoring. We wanted the ability to monitor what privileged accounts do, what time of day they typically log in, what machines they log in from, what type of configuration changes they make, etc.

We're using the SNYPR Cloud UEBA.

The areas where behavior analytics helps in terms of advanced threats are around some of the rarity-based policies. An example would be if someone is logging in to a machine for the first time, someone who has never logged in to that machine before. Another would be a rare time of day when somebody is logging in. Policies such as rare suspicious-process also help. We have a list of processes that we typically don't expect many users to run, so if somebody's running one of them in the environment for the first time, it helps us understand that something potentially malicious or at least suspicious is taking place.

We had a recent internal penetration test to try to simulate attacker activity, and Securonix really stood out regarding some of its detection capabilities versus our traditional SIEM, with a lot of the policies that we have for rare-process running on a machine. The enumeration-type activities, where it's looking for an increase in the number of, say, accounts that are accessed, or the number of machines or file share that are accessed, was something that stood out significantly for us.

An example where the solution detected a threat that would otherwise have gone unnoticed recently was a Word document that launched PowerShell and tried downloading a malicious file. We have a policy which is looking for a rare process launched from a child process, and that detected a specific type of malware.

Also, given that the solution is offered as a cloud platform, it probably reduced the potential need for additional headcount. Had we gone with an on-premise solution - because it would have a lot of the administrative tasks of maintaining the hardware and doing updates, and some operational costs - we probably would have required an additional headcount. By going with the cloud, it didn't require us to add to our headcount, and yet we were able to add this new technology.

The solution has also enabled our team to focus on threats rather than on engineering of the platform. We're a very hands-on organization. We've done some of the engineering, whether it be to create new policies specific to our environment or specific to a threat that we're looking for. So it has helped us to focus on threats, but we also do a decent amount of engineering.

Securonix has decreased the time required to investigate alerts or threats. A lot of the information is right there for us, so it's easy to search and try to help with an investigation. In terms of how much time it has saved us, it's really a case-by-case scenario. It would be difficult to pinpoint an exact time on it.

As for the solution surfacing high-risk events that require immediate action, Securonix correlates different policy-violations together into what it calls threat models. There have been a few examples of threat models that have been triggered which gave us a high degree of confidence that there's a threat that we want to investigate right away. Using the threat models has really helped prioritize events of interest for us.

• The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. 
• There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us. 
• Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us.

In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc.

Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things.

Initially, within the first six to eight months, we had some issues with stability. In the last year we've really had no stability issues. There's been no downtime. Any time there are updates, we're always notified when they will take place, with adequate notice. After the updates, there's very minimal downtime as a result.

The earlier instability was growing pains. At the time, we were one of the largest customers going to their cloud solution. It was just a matter of some of the growing pains as they were trying to scale to handle the quantity of logs that we were sending to it.

They've also added additional features and enhancements, and we haven't had any issues with it or any downtime as a result of that.

We haven't had any issues with scalability. We've been able to send more log sources to it and we haven't had any issues with them being able to handle the volume.

We have close to 6,000 employees. We have about 9,000 servers and workstations in total, and we're sending about 5,000 events per second.

We have plans to increase our use of Securonix. Right now we use a different vendor for SIEM, LogRhythm, and we use Securonix for UEBA. We're looking at potential options to consolidate to one platform.

Their technical support has been pretty helpful. We have a lot of direct contacts with some of the higher-level support, people who help with the integration. A lot of times, when we have issues, we may email them directly and they're able to work on a resolution relatively quickly. 

That being said, we do have a technical account manager and that person does a really good job of prioritizing resources to make sure that, if we do have any issues, they get addressed in a timely fashion.

We piloted Exabeam but we didn't go forward with them.

The initial setup was a little complex, but going into it we knew it's a complex solution. We didn't expect that it would be out-of-the-box. Our expectation was that it was going to take a little bit of time to get it set up and integrated and then to learn different profiles on users. It was somewhat complex, but it wasn't anything that we weren't expecting.

Our case is a unique situation where we aren't using Securonix as our SIEM so we had to send logs from our SIEM over to Securonix. There was some tweaking of the parsing that we had to do; how they were able to normalize the log and stuff like that. That took a little while to get up and running.

Overall, our deployment took about two to three months.

In terms of an implementation strategy, we had Professional Services from Securonix help with the implementation. They did a lot of the heavy lifting for us.

Our experience with Securonix Professional Services was very good. They were able to do the integration. It didn't really require a heavy amount of effort from us to work with them. It was just time-consuming. They were updating the parses to support our environment for several weeks.

We have definitely seen ROI using Securonix.

We piloted Exabeam but we didn't go forward with them. We looked a little bit at LogRhythm's UEBA capability as well. At the time they were in the beta stages, so we didn't feel comfortable going with them. 

One of the things that we really liked about Securonix was that it is very open-platform, where we have the ability to tune and tweak and create new policies as needed. With Exabeam, everything required us to go through their Professional Services to make some of those changes. The real benefit that we liked with Securonix over Exabeam was the reporting capabilities. Exabeam pretty much removed almost all their reporting and threat-hunting capabilities. I think there was some bug that was taking place. The other thing that Securonix does that I really like is that they give you the raw log message so you can see all the details. Exabeam was only providing parts of the log message, parts they thought were relevant for an investigation, but they didn't provide everything.

LogRhythm versus Securonix is not one-to-one. We're using LogRhythm for our SIEM, long-term retention, being able to look at things over a 90-day period of time. We're using Securonix more just for the UEBA capabilities. Based on how we're using them today it would be difficult to say the pros and cons of either one. We've had some challenges with LogRhythm support and some of their feature enhancements. Some of the things they've rolled out don't necessarily work as expected or we've experienced a lot of bugs with their product. We haven't had the same issues with Securonix.

From a positive standpoint, with Securonix, or with any UEBA vendor, but specifically Securonix as that's the one that we're using, it definitely overcomes a lot of the challenges with trying to understand what's normal and what's not normal in an environment. With the traditional SIEM rules, it's very difficult to tune some of the policies to understand what is normal for your environment. That's really helped us quite a bit. Another thing that might be helpful regarding understanding the platform is that it takes a little bit of time to come up with the behavior profiles. It might take 30 days, depending on what you're trying to look at, before you start seeing some alerts trigger, because you're looking at things over a longer period of time.

The biggest lesson I've learned using Securonix is that with behavioral analytics, and any UEBA vendor, it does reduce some of the alerts but it also has the potential to create additional volume or additional alerts, which could be good or bad. So just understand that there definitely is the potential to get a lot more security alerts as a result of using the product.

The way we try to work around the increase is through the ability to tune some of the policies to remove some of the few things that produce known noise. The biggest thing is just tuning things out, where applicable. Another is by leveraging their threat models. Correlating several different policies together, which are part of a threat model, might provide a little bit more context. As an example, if two of these three policies fire within a certain period of time, it might be a little more interesting than just, say, this one stand-alone policy triggering by itself.

The behavior analytics probably doesn't help us to prioritize advanced threats. It's just the nature of UEBA, I don't think it's necessarily a reflection of Securonix. But one of the challenges with being able to detect a lot of rare activity or anomalous activity is that you tend to find there's a lot more rare stuff happening in your environment than you would expect. It helps us, but sometimes it has the potential to create a little bit more noise as well.

With SNYPR, they have what's called SNYPREye which monitors the cloud solutions of SNYPR to detect if there is any type of operational issue.

We have five people on our team who use Securonix. They're security threat analysts. They all have the same feelings that I do: That it's very helpful with security monitoring, and that it also provides threat-hunting and investigations on users.

We have shared roles, so I wouldn't say we have dedicated focus on just Securonix. We're a small team that does a little bit of everything. At a minimum, if we didn't have that shared focus, maintenance of Securonix would take one full-time resource.

We use it for the correlation of security events.

Securonix provides feedback from integrations with third parties so that it is always up to date regarding security events that occur daily.

It has helped a lot because previously we did not have as much control over the procedures or things that the company's users did. With Securonix, we have been able to monitor the activities of both internal and external users in the company.

Securonix has published a lot of information regarding how to use the platform. They have a lot of information online that has helped us add contextual information to security events. In the event of a security breach or a risk, it helps us monitor things. So far, with the solution in place, we have not witnessed any attacks, but it has helped us to monitor possible events that, if not taken into account, could be security breaches. It has helped us to mitigate potential gaps.

With this solution, we have saved hours in case management. It has helped us detect things faster and the integration with third-party sources has given us the ability to correlate and act on internal and external events, such as malicious attacks or malicious sites. We have improved in our response to certain incidents and types of browsing thanks to external lists that Securonix has provided us with. We can automatically detect threats.

Another benefit has been the ability to integrate practically all our specialists from different areas, including Windows, security, virtualization, et cetera, to respond with better quality. It has improved the efficiency of analysis.

It has also helped with data loss events in a certain way, through integration with our email accounts. In an event of data loss, the loss for our organization would be incalculable.

One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company. It has provided us with a lot of information and research.

We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform.

We have been using Securonix Next-Gen SIEM for about a year.

It has not presented us with problems. Most of our support cases are related to the generation of policies, but the platform has not been an issue for us.

Securonix carried out an analysis of our entire infrastructure. It provides us with the level of processing required and, if you are planning to take on new clients, you can always increase the EPS.

I would rate their support at 8.5 to nine out of 10. Sometimes it has taken a little while because the investigation team has already begun to analyze other cases, but they always resolve our issues. While they are a little slow in certain cases, most of the time they solve them quickly and efficiently.

Positive

We used McAfee before. The person who was in charge left the company just when Securonix came in and that is when I started working here.

One of the main differences is having service through the cloud. Before Securonix, we had the service locally. Now, the service is processed in the cloud and when a case is generated on the platform, they have always been willing to help us.

Securonix is in the cloud. We have a virtual machine that stores certain platform configuration information, and since it is in the cloud, we can manage the platform from anywhere. The cloud-native platform helps minimize infrastructure management. Having everything integrated into one place makes things much easier for us.

I was only involved a little in the implementation of Securonix, but from what I heard, their team was helping our entire company, day and night, to get the implementation out as soon as possible. There may have been some problems in integration, but support cases were created and their team was always there with updates and new ways to connect our sources with their platform. Overall, it was not that complicated.

On our side, we had specialists involved from each department that wanted to be integrated with the platform, such as Windows, networking, security, et cetera. The Securonix staff was always present.

Securonix has provided us with a consultant here in Colombia. We are in contact regarding configuration of the platform to rule out possible false positives and help us focus on events that we must take into account.

It took us four months to incorporate all the sources.

There are no maintenance requirements on our part. They are constantly notifying us of updates and, before making changes, they let us know if there are going to be any interruptions in the service. 

Our company is already trying to sell Securonix services, although it is a fairly new solution in the company. First, it is being handled internally, but they are already beginning the process of selling the service. That is the best return on investment.

Compared to other brands it seems more affordable to us.

There are no costs in addition to the standard licensing fees.

The Securonix interface is very intuitive. McAfee had some good features and we have only been with Securonix for a short time, but it has not presented us with any problems. It seems to us much better compared to McAfee, in terms of event correlation and case tracking.

Securonix seems to be a good solution that has met all our requirements. 

If you want to have a more centralized solution to improve the performance of case and incident analysis and management, Securonix seems like a very good option.

The most important lesson is that you can always improve. There are features that may be unknown to you in the service but, through the documentation, you can realize all the benefits of things that might not be used initially.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Lo usamos para la correlación de eventos de seguridad.

¿Cómo ha ayudado a mi organización?

Securonix brinda retroalimentación de integraciones con terceros para que siempre esté actualizado sobre los eventos de seguridad que ocurren a diario.

Ha ayudado mucho porque antes no teníamos tanto control sobre los trámites o cosas que hacían los usuarios de la empresa. Con Securonix, hemos podido monitorear las actividades de los usuarios tanto internos como externos en la empresa.

Securonix ha publicado mucha información sobre cómo usar la plataforma. Tienen mucha información en línea que nos ha ayudado a agregar información contextual a los eventos de seguridad. En caso de una brecha de seguridad o un riesgo, nos ayuda a monitorear las cosas. Hasta el momento, con la solución implementada, no hemos sido testigos de ningún ataque, pero nos ha ayudado a monitorear posibles eventos que, si no se tienen en cuenta, podrían ser brechas de seguridad. Nos ha ayudado a mitigar posibles brechas.

Con esta solución hemos ahorrado horas en la gestión de casos. Nos ha ayudado a detectar cosas más rápido y la integración con fuentes de terceros nos ha dado la capacidad de correlacionar y actuar sobre eventos internos y externos, como ataques maliciosos o sitios maliciosos. Hemos mejorado en nuestra respuesta a determinadas incidencias y tipos de navegación gracias a listados externos que nos ha facilitado Securonix. Podemos detectar amenazas automáticamente.
Otro beneficio ha sido la capacidad de integrar prácticamente a todos nuestros especialistas de diferentes áreas, incluyendo Windows, seguridad, virtualización, etcétera, para responder con mejor calidad. Ha mejorado la eficiencia del análisis.

También ha ayudado con eventos de pérdida de datos de cierta manera, a través de la integración con nuestras cuentas de correo electrónico. En caso de pérdida de datos, la pérdida para nuestra organización sería incalculable.

¿Qué es lo más valioso?

Una de las características más valiosas es la integración de todo tipo de fuentes de datos para extraer información relevante sobre eventos. Es una buena solución en cuanto a las correlaciones que realiza dentro de todos los datos que se manejan en nuestra empresa. Nos ha proporcionado mucha información e investigación.

¿Qué necesita mejorar?

Nos gustaría un poco más de formación presencial. Securonix tiene varios tutoriales en su sitio web, pero queremos que haya una persona en Colombia que haga capacitaciones o talleres para que entendamos mejor la plataforma.

¿Por cuánto tiempo he usado la solución?

Hemos estado usando Securonix Next-Gen SIEM durante aproximadamente un año.

¿Qué pienso sobre la estabilidad de la solución?

No nos ha presentado problemas. La mayoría de nuestros casos de soporte están relacionados con la generación de pólizas, pero la plataforma no ha sido un problema para nosotros.

¿Qué opino de la escalabilidad de la solución?

Securonix realizó un análisis de toda nuestra infraestructura. Nos proporciona el nivel de procesamiento requerido y, si está planeando captar nuevos clientes, siempre puede aumentar el EPS.

¿Cómo son el servicio de atención al cliente y el soporte?

Calificaría su apoyo con un 8,5 a nueve del 1 al 10. A veces ha tardado un poco porque el equipo de investigación ya ha comenzado a analizar otros casos, pero siempre resuelven nuestros problemas. Si bien son un poco lentos en ciertos casos, la mayoría de las veces los resuelven de manera rápida y eficiente.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo.

¿Qué solución usé anteriormente y por qué cambié?

Usábamos McAfee antes. La persona que estaba a cargo dejó la empresa justo cuando entró Securonix y ahí fue cuando empecé a trabajar aquí.

Una de las principales diferencias es tener servicio a través de la nube. Antes de Securonix, teníamos el servicio localmente. Ahora el servicio se tramita en la nube y cuando se genera un caso en la plataforma siempre han estado dispuestos a ayudarnos.

¿Cómo fue la configuración inicial?

Securonix está en la nube. Tenemos una máquina virtual que almacena cierta información de configuración de la plataforma, y como está en la nube, podemos administrar la plataforma desde cualquier lugar. La plataforma nativa de la nube ayuda a minimizar la gestión de la infraestructura. Tener todo integrado en un solo lugar nos facilita mucho las cosas.

Solo participé un poco en la implementación de Securonix, pero por lo que escuché, su equipo estaba ayudando a toda nuestra empresa, día y noche, a implementar la implementación lo antes posible. Es posible que haya habido algunos problemas en la integración, pero se crearon casos de soporte y su equipo siempre estuvo ahí con actualizaciones y nuevas formas de conectar nuestras fuentes con su plataforma. En general, no fue tan complicado.

De nuestro lado, teníamos especialistas involucrados de cada departamento que quería integrarse con la plataforma, como Windows, redes, seguridad, etcétera. El personal de Securonix siempre estuvo presente.

Securonix nos ha proporcionado un consultor aquí en Colombia. Estamos en contacto con respecto a la configuración de la plataforma para descartar posibles falsos positivos y ayudarnos a centrarnos en los eventos que debemos tener en cuenta.

Nos llevó cuatro meses incorporar todas las fuentes.
No hay requisitos de mantenimiento por nuestra parte. Constantemente nos avisan de las actualizaciones y, antes de hacer cambios, nos avisan si va a haber alguna interrupción en el servicio.

¿Cuál fue nuestro Retorno de Inversión?

Nuestra empresa ya está intentando vender los servicios de Securonix, aunque es una solución bastante nueva en la empresa. Primero se está manejando internamente, pero ya están iniciando el proceso de venta del servicio. Ese es el mejor retorno de la inversión.

¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?

Comparado con otras marcas nos parece más asequible.

No hay costos además de las tarifas de licencia estándar.

¿Qué otras soluciones evalué?

La interfaz de Securonix es muy intuitiva. McAfee tenía algunas buenas funciones y solo llevamos poco tiempo con Securonix, pero no nos ha presentado ningún problema. Nos parece mucho mejor en comparación con McAfee, en términos de correlación de eventos y seguimiento de casos.

¿Qué otro consejo tengo?

Securonix parece ser una buena solución que ha cumplido con todos nuestros requisitos.

Si desea tener una solución más centralizada para mejorar el rendimiento del análisis y la gestión de casos e incidentes, Securonix parece una muy buena opción.

La lección más importante es que siempre se puede mejorar. Hay características que pueden ser desconocidas para usted en el servicio pero, a través de la documentación, puede darse cuenta de todos los beneficios de las cosas que podrían no usarse inicialmente.

It is a good tool. My company uses it for all our SIEM projects. 

It doesn't take as much time to work on policies or injectors, saving us time.

We can now process more data in 20 minutes.

It has improved analyst efficiency by 30%.

We haven't experienced any data loss, which is good.

The policy violation feature is quite interesting. Policy violations trigger before the end of the month and they go into effect.

We haven't seen any security complaints or data breaches, reducing the time needed for investigations by 30%.

The user interface is easy to learn and navigate.

Sometimes, the injectors lag and are not loading. It would be nice if that could be improved.

Securonix Next-Gen SIEM is good for helping us ingest all our log sources when investigating threats. However, there is a glitch where we can't get it up and running. They are working on this issue, which is good.

I have been using Securonix Next-Gen SIEM for the last eight months. Before that, I didn't have much experience in Securonix. These days, I am training people on how to use the solution.

It is quite stable.

The solution hasn't required maintenance so far.

It is scalable.

The technical support is fine. I would rate them as eight out of 10.

Positive

We haven't used another solution apart from this one.

I am just an analyst. I didn't take part in the deployment.

It took us a month to realize the solution's benefits.

This is one of the best tools that I have seen.

When we started, there were a lot of false positives. Now, the amount of false positives has been reduced. It is much better than before.

I would definitely recommend this solution to others. I would rate Securonix Next-Gen SIEM as nine out of 10.

We use Securonix Next-Gen SIEM to provide managed security services. We have an MSSP delivery model using the Securonix asset platform tool that delivers the solution to multiple customers using their multi-tenant approach. It is a shared service delivery model, and we have close to five customers using the tool in our MSSP model.

We get very positive responses from the customer regarding their lock management and storage.

The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features.

Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities. Other products have machine learning and AI algorithms that can trigger alerts automatically. This is a key feature that Securonix Next-Gen SIEM needs to be improved.

I have been using Securonix Next-Gen SIEM for three years now. We use the solution's latest version.

There are many integration issues. I rate the solution’s stability a seven out of ten.

I rate the solution’s scalability a seven out of ten.

We have worked with QRadar SIEM, Splunk, and Microsoft Sentinel. We use Securonix because we have a managed services model. 

We rely entirely on Securonix's production services for maintenance. They handle this, so we do not need to be involved in maintenance. In that area, I recommend this product. Overall, I rate the solution an eight out of ten.

From my experience, clients have been enjoying the product because it enables faster threat detection. We use it daily for hunting and developing strategies, which are much more extensive compared to the results from a traditional SIEM.

With Next-Gen SIEM, we are achieving more with less effort. We can gather more information from the logs and organize it in a different product view, which reduces the need for a large workforce. So we can achieve more with fewer people, and this is particularly advantageous in my line of work, where we need to hire additional staff as we sell more products. However, with this kind of solution bringing in more information about threats and improvements for the organization, we can handle the workload with fewer personnel.

The most valuable aspect is the ability to automate tasks, particularly user behavior analytics. It streamlines processes and makes it very efficient to work with, both for me and the users in my company.

I work in Brazil, and the solution is not very well known here. The market for technology in Brazil, not related to the quality of the product, is not very favorable yet. I see this as a challenge. We need to invest more effort in raising awareness and educating people about the product's capabilities. 

Additionally, one aspect that could be improved is the pricing of the product in Brazil. It is reasonable, but when compared to similar tools or products that are more common in Brazil, it tends to be a bit higher.

I started to use this solution about two years ago; my company started to work with Next-Gen SIEM.

To say the truth, neither I nor my colleagues who work with me have encountered any complaints about stability. As the leading company in Brazil for Securonix or the biggest seller of Securonix in Brazil, we have had no issues with stability up to this point. It has been very reliable, and there have been no instances of lagging, crashing, or any significant downtime reported.

The solution is highly scalable since it operates in a public cloud environment. This allows us to store and process a large amount of information as needed. The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud.

Since I work in the sales team, I didn't need technical support. My role is mainly focused on discussing and selling the product to customers, highlighting its advantages.

So, if any technical assistance is required, it would be handled by the partner or someone else in the client-facing team. I have mostly been involved in the sales process, and I haven't had the need to engage with the technical support team.

I work with two options for Securonix. I use the Legacy and the Advantage versions. The Advantage option is beneficial because it includes the features of the Legacy version at the price of the Legacy package. However, it gets complicated when dealing with User and Entity Behavior Analytics (UBA) and other additional features. The EPS (Events Per Second) quantity grows significantly, leading to the need for more resources to handle the workload when using UBA and other advanced features. 

If Securonix aims to grow more and improve its position in the Brazilian market, it might need to consider adjusting its pricing to be more competitive. Currently, as we work with AI solutions, the price might need to go down to better grow its presence in the Brazilian market.

I believe in the quality of the product, so I would rate the pricing as a seven out of ten, where one is low pricing, and ten is high pricing.

When we talk about SIEM, it's important to understand how it brings the necessary information to the company and how we can apply the right intelligence to extract insights about threats and other relevant aspects. I suggest investing time to clearly define what you want to achieve with the SIEM solution. If you don't have a clear understanding of your objectives, the results may not meet your expectations. Take the time to thoroughly understand your requirements to make the most out of the system.

In my market and environment, I compete with Splunk, QRadar, and IBM. I've also heard about Hexabeam, but it's not a major competitor here in Brazil. Another one we're considering, which has posed some challenges, is Google Chronicle. However, the two biggest competitors for me are Splunk and QRadar.

When comparing Securonix to Splunk, one issue is the pricing; I believe even Securonix is on the higher side. However, in terms of working with cloud environments, Securonix has an advantage as it performs exceptionally well in the cloud. Unlike Splunk, which struggles in cloud setups, Securonix handles it perfectly. Additionally, in terms of crunching work in the database (DB), Securonix performs better and more efficiently than Splunk, making it a better choice for such tasks.

Other products seem to have a more established market presence, and people are familiar with them, but they might not be as acquainted with Securonix. However, I am confident about the quality of Securonix, and when I get the chance to demonstrate how it works, people tend to like it.

Furthermore, in comparison to IBM, I don't encounter any technical problems with Securonix. The quality of Securonix is solid, and I have no issues discussing its capabilities. When it comes to pricing, Securonix offers a more competitive solution. Even if it's only ten percent better than Splunk in some aspects, the overall value makes it a better option in the end. If the price difference is not as significant, it's more likely that customers will choose Securonix over other options.

Overall, I would rate the solution an eight out of ten. 

We provide cyber SOC services by using it as an event correlator.

At the level of user visibility, it enriches a lot of data that the user might not otherwise know about and allows you to enrich other platforms with that data.

The contextual information added by Securonix has helped reduce investigation time by minutes because we no longer consult multiple sources and everything is centralized in one place.

It has helped improve our threat detection response and reduced noise from false positives, although it depends a lot on which network is being configured. The native ones trigger a lot, so we have introduced additional context in them.
But we have saved time in threat detection and noise reduction. It allows us to automate more use cases. I'm not sure if it has improved our level of threat investigation.

The solution has also helped detect advanced threats faster through the threat modeling. Several use cases are incorporated and it warns you about any behavior and more advanced threats. You don't need to review each threat but it informs you of the behaviors that you must take into account and it is easier to deduce them.

The dashboards that Securonix uses have helped us to do more in less time because if you need to see an anomaly or a specific event, the dashboard provides you with a summary of the data about that event.

Another benefit is that the platform has helped minimize infrastructure management. We invest less time in giving support and troubleshooting. 

The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has. Something to keep in mind is that Securonix needs a lot of initial work to be able to properly enrich itself, but once installed it is very powerful.

It's very good in helping to ingest all our log sources when investigating threats. That is back to the enrichment theme. It's very powerful. When you ingest data to Securonix, what it does is feed back to other sources like your firewall, and antivirus proxy, and vice versa. And the use cases filter data.

The UEBA capabilities are also very valuable.

The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static.

Also, the Autonomous Threat Sweeper is very enriching but, that being said, the threat detection report lacks a little context. The feature to sweep autonomously is good. The way they could improve the ATS would be to use more awareness and communication with the user. They don't give us much detail in the threat detection report. It would be very helpful if they explained the impact to us.

We have been using Securonix Next-Gen SIEM for about four months. We are service providers, not the final customers. At the moment, we only have the implementation in one location.

So far, we haven't had any problems. It's very stable.

At the moment, we don't have enough records to scale, but based on the infrastructure and from what I have seen, Securonix is very practical and it is possible to increase its capacity.

Support is an area for improvement because it takes a little time for them to attend to tickets. And regarding more complex configurations, for example, when you want to generate a change in the platform, you have to submit a ticket and you cannot modify templates or create things. That can only be done by administrators since it is a SaaS service.

In general, the tech support seems good. They solve the problems that occur, but their response times are not very good.

Neutral

First, we saw how many events we had in the past SIEM. Under that same report, the infrastructure was made in Securonix, the RING was built, the platforms were connected, and then we let Securonix enrich in the system while the platform was configured. After that, the monitoring started.

There were particularities. The implementation of the infrastructure was simple, but the integration was complex due to integration issues in one of the solutions.

It took approximately three weeks until we implemented everything. In terms of staff from our side, there were two technicians, one who was in charge of integrations and another in charge of configurations in the SIEM. My responsibility was more on the strategic approach. Additionally, two integration managers from the Securonix team were involved.

Securonix notifies us when it needs to do maintenance. We only have to take care of the RING since it is local and not part of the SaaS infrastructure.

The pricing is good, but by adding more things, the licensing becomes more complex because an EPS license fluctuates a lot. This licensing concept is going to be problematic in the long run.

Securonix is very easy and very intuitive compared to the other platforms. At the access level, it is much more practical. However, there are other platforms with better research levels and data ingestion than Securonix.

We evaluated Splunk, which is very similar to Securonix. We went with Securonix because we wanted to understand more about UEBA and enrichment, and for financial reasons.

In terms of threat investigations and onboarding, versus previous solutions that we have used, having access to UEBA allows you to analyze threats based more on behavior. But if you were to manually model, in other SIEMs, all the use cases that Securonix has, they would be very similar. Something that Securonix has in its favor is the enrichment prior to those threat detections. It took us about three to four weeks to get all the sources into the Securonix platform.

When it comes to adding contextual information to security events, I would give it an eight or a nine out of 10. It enriches things a lot. But the concept by which Securonix works, which is to enrich by source and by modules, makes it very cumbersome to configure. If you set it all up, you can overload the SIEM. They tell you it's possible to set everything to the maximum capacity but this approach is not recommended.

Overall, it is a powerful platform. The cons are minimal and only require small attention and tedious initial work. Once Securonix is operative, it is very powerful.

It is a very good platform for discovering unknown information and is great at helping to visualize and review data. Thus, it indirectly supports data correlation. Thanks to Securonix, I learned that there are always things to discover. That's not only in the materialization of threats, but also in terms of discovery of permissions, users, and information about entities belonging to the company. And the enrichment gives you visibility that you didn't know about.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Brindamos servicios de SOC cibernético usando a SECURONIX como un correlacionador de eventos.

¿Cómo ha ayudado a mi organización?

A nivel de visibilidad del usuario, enriquece una gran cantidad de datos que el usuario podría no conocer de otra manera y le permite enriquecer otras plataformas con esos datos.

La información contextual agregada por Securonix ha ayudado a reducir el tiempo de investigación en minutos porque ya no consultamos múltiples fuentes y todo está centralizado en un solo lugar.

Ha ayudado a mejorar nuestra respuesta de detección de amenazas y ha reducido el ruido de los falsos positivos, aunque depende mucho de la red que se esté configurando. Los nativos se activan mucho, por lo que hemos introducido contexto adicional en ellos.

Pero hemos ahorrado tiempo en la detección de amenazas y reducción de ruido. Nos permite automatizar más casos de uso. No estoy seguro si ha mejorado nuestro nivel de investigación de amenazas.

La solución también ayudó a detectar amenazas avanzadas más rápido a través del modelado de amenazas. Se incorporan varios casos de uso y te advierte sobre cualquier comportamiento y amenazas más avanzadas. No necesitas revisar cada amenaza sino que te informa de los comportamientos que debes tener en cuenta y es más fácil deducirlos.

Los tableros que usa Securonix nos han ayudado a hacer más en menos tiempo porque si necesita ver una anomalía o un evento específico, el tablero le brinda un resumen de los datos sobre ese evento.

Otro beneficio es que la plataforma ha ayudado a minimizar la gestión de la infraestructura. Invertimos menos tiempo en dar soporte y solucionar problemas.

¿Qué es lo más valioso?

La característica más valiosa es lo que en Securonix llaman enriquecimiento. Securonix es muy poderoso debido a todos los datos que puede procesar y enriquecer automáticamente. La inteligencia accionable que proporciona es uno de sus beneficios debido a la capacidad de procesamiento que posee. Algo a tener en cuenta es que Securonix necesita mucho trabajo inicial para poder enriquecerse adecuadamente, pero una vez instalado es muy potente.

Es muy bueno para ayudar a ingerir todas nuestras fuentes de registro al investigar amenazas. Volviendo al tema del enriquecimiento. Es muy poderoso. Cuando ingiere datos a Securonix, lo que hace es retroalimentar a otras fuentes como su firewall y proxy antivirus, y viceversa. Y los casos de uso filtran datos.

Las capacidades de UEBA también son muy valiosas.

¿Qué necesita mejorar?

El enfoque basado en análisis para encontrar amenazas sofisticadas y reducir los falsos positivos es positivo y bueno, pero la plataforma requiere un concepto más dinámico. Todo es un poco estático.

Además, el barrido autónomo de amenazas es muy enriquecedor pero, dicho esto, el informe de detección de amenazas carece de un poco de contexto. La característica de barrer de forma autónoma es buena. La forma en que podrían mejorar el ATS sería usar más conciencia y comunicación con el usuario. No nos dan muchos detalles en el informe de detección de amenazas. Sería muy útil que nos explicaran el impacto.

¿Por cuánto tiempo he usado la solución?

Hemos estado usando Securonix Next-Gen SIEM durante cuatro meses aproximadamente. Somos proveedores de servicios, no clientes finales. Por el momento, solo tenemos la implementación en una ubicación.

¿Qué pienso sobre la estabilidad de la solución

Hasta ahora, no hemos tenido ningún problema. Es muy estable.

¿Qué opino de la escalabilidad de la solución?

Por el momento, no tenemos suficientes registros para escalar, pero en base a la infraestructura y por lo que he visto, Securonix es muy práctico y es posible aumentar su capacidad.

¿Cómo son el servicio de atención al cliente y el soporte?

El soporte es un área a mejorar porque les toma un poco de tiempo atender los tickets. Y en cuanto a configuraciones más complejas, por ejemplo, cuando quieres generar un cambio en la plataforma, tienes que enviar un ticket y no puedes modificar plantillas ni crear cosas. Eso solo lo pueden hacer los administradores ya que es un servicio SaaS.

En general, el soporte técnico me parece bueno. Solucionan los problemas que se presentan, pero sus tiempos de respuesta no son muy buenos.

¿Cómo calificaría el servicio y soporte al cliente?

Neutral

¿Cómo fue la configuración inicial?

Primero, vimos cuántos eventos tuvimos en el pasado SIEM. Bajo ese mismo informe, se hizo la infraestructura en Securonix, se construyó el RING, se conectaron las plataformas y luego dejamos que Securonix enriqueciera en el sistema mientras se configuraba la plataforma. Después de eso, comenzó el monitoreo.

Había particularidades. La implementación de la infraestructura fue simple, pero la integración fue compleja debido a problemas de integración en una de las soluciones.

Pasaron aproximadamente tres semanas hasta que implementamos todo. En cuanto al personal de nuestra parte, había dos técnicos, uno que estaba a cargo de las integraciones y otro a cargo de las configuraciones en el SIEM. Mi responsabilidad estaba más en el enfoque estratégico. Además, participaron dos gerentes de integración del equipo de Securonix.

Securonix nos avisa cuando necesita hacer mantenimiento. Solo tenemos que cuidar el RING ya que es local y no parte de la infraestructura SaaS.

¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?

El precio es bueno, pero al agregar más cosas, la licencia se vuelve más compleja porque una licencia EPS fluctúa mucho. Este concepto de licencia va a ser problemático a largo plazo.

¿Qué otras soluciones evalué?

Securonix es muy fácil y muy intuitivo en comparación con las otras plataformas. A nivel de acceso, es mucho más práctico. Sin embargo, existen otras plataformas con mejores niveles de investigación e ingesta de datos que Securonix.

Evaluamos Splunk, que es muy similar a Securonix. Elegimos Securonix porque queríamos saber más sobre UEBA y el enriquecimiento, y por razones financieras.

En términos de investigaciones e incorporación de amenazas, en comparación con las soluciones anteriores que hemos utilizado, tener acceso a UEBA te permite analizar las amenazas en función del comportamiento. Pero si tuvieras que modelar manualmente, en otros SIEMs, todos los casos de uso que tiene Securonix, serían muy similares. Algo que tiene Securonix a su favor es el enriquecimiento previo a esas detecciones de amenazas. Nos llevó entre tres y cuatro semanas incorporar todas las fuentes a la plataforma Securonix.

¿Qué otro consejo tengo?

A la hora de añadir información contextual a los eventos de seguridad le daría un ocho o un nueve sobre 10. Enriquece mucho las cosas. Pero el concepto por el que trabaja Securonix, que es enriquecer por fuente y por módulos, lo hace muy engorroso de configurar. Si lo configura todo, puede sobrecargar el SIEM. Te dicen que es posible configurar todo a la capacidad máxima, pero no se recomienda este enfoque.

En general, es una plataforma poderosa. Las desventajas son mínimas y sólo requieren poca atención y un tedioso trabajo inicial. Una vez que Securonix está operativo, es muy poderoso.

Es una muy buena plataforma para descubrir información desconocida y es excelente para ayudar a visualizar y revisar datos. Por lo tanto, admite indirectamente la correlación de datos. Gracias a Securonix, aprendí que siempre hay cosas por descubrir. Eso no es solo en la materialización de amenazas, sino también en términos de descubrimiento de permisos, usuarios e información sobre entidades pertenecientes a la empresa. Y el enriquecimiento te da una visibilidad que no conocías antes.

In our organization, we handle cybersecurity. As an IT services company, we are limited to setting up the security operations center in different forms for our customers' requirements.

We are in the business of setting up the security operation center for the customers and we also provide other stock services for many of the customers. We do have a lot of service offerings on our stock management platform.

We do MDR via cloud security and its monitoring services, so we are very familiar with the leading platforms in the market today like QRadar and Splunk. We use them in our environment today. I have been searching out the next-gen SIEM. Then I brought Securonix to my board. I came to learn that Securonix is leading in the innovative ideas and innovations on the SIEM platform side. Particularly because my role is a security practice in Veeam SM. If you evaluate the market trends you understand the products released into the market and how best to leverage that integration and make sure that there is no bounce back to the customer in these situations. That's why I started evaluating the Securonix in a typical lead evaluation.

We are not partnered, we have just done a couple of initial discussions with some of the folks here in India. We are still in the stage of evaluating these products, including Securonix.

I noticed that this is more on the open data platform when it comes to managing the locks from a different angle and for different assets. That's one area which is more interesting for us.

Compared to other competitors in the market, what I have seen is that their module is the UEBA, User and Entity Behavior Analytics, module. That is something different which they are offering today.

These are some of the differences I see. Additionally, is the pricing issue. They are moving from DB pricing to the identity-based pricing. But I'm still confused about that identity pricing. I still have to get more clarification from the products.

The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors.

As far as what can be improved, again it is the pricing. I'm not sure how they are proceeding with the identity-based pricing compared with DB pricing which most of the vendors are using today. Some of them are dealing with EPS based pricing.

There is still a need to evaluate the stability because we are very new to this platform. So we need some more time to do that.

The initial setup is straightforward, it is easy to deploy.

We did evaluate other options before choosing Securonix. As an MSSP we use many products. It all depends on the kind of requirements we get from the customer. We evaluated QRadar and Splunk. As an MSSP, we use a combination of tools.

The major difference between Securonix and the rest is that their security data-link is very open and the hosting of that platform is much simpler compared to other vendors.

Because there is no proprietary thing involved here the log management should be much easier compared to others.

On a scale of one to ten I would rate Securonix an eight.

Our company does manage a stock of solutions for our customers. We use some tools like Splunk SIEM and some other technologies as well.

The reason why a customer chooses the solution for its features depends on the customer. Customers may choose it based on budget or the features they're looking for, and it varies, honestly.

I am from the sales team and the technical team, because of which I can't speak much about its features.

Customers may plan their next year's budget. If customers find that they haven't derived value from the solution, they might think about the prices, and then they would reevaluate the solution, after which they choose another solution.

The technical support of the solution is an area with shortcomings and needs improvement. My customers didn't face any issues regarding support from the solution's vendor, but it could be from the partner or from those providing support for the solution. Support could be more flexible, and they can delegate the support part of their operations to partners.

I have been using Securonix Next-Gen SIEM for three or four years. My company acts as a system integrator and reseller while also having a partnership with Securonix.

The solution has proven to be stable so far.

The solution is easy to scale up.

My customers who use the solution are enterprise-sized businesses.

Technical support for Securonix is good. I rate the technical support an eight out of ten. I don't give a ten out of ten rating because all the solutions need a marginal score to improve. None of the solutions would have a hundred percent satisfaction from customers.

Positive

I work with Splunk. The pros and cons of a solution depend on its features, customers, and the scale of the customer.

As per our technical team, the initial setup was fine. It wasn't really difficult.

I am from the sales department, so I don't get involved in the implementation.

The solution is deployed on-premises.

Pricing of the solution is an aspect that depends on a customer's budget. Sometimes the price fits a customer's budget. At times, the solution's price becomes a huge burden on the customer.

A yearly payment has to be made toward the solution's licensing costs.

Additional costs other than the solution's licensing costs are for the installation and support.

I rate the pricing an eight on a scale of one to ten, where one is cheap, and ten is very expensive. It is a pretty expensive tool.

The solution requires maintenance, and the people required for maintenance depend on the applied or rolled-out solution's size. If the solution is applied at a larger scale, more team members are needed for maintenance. It is not difficult to maintain the solution.

I recommend the solution to those planning to use it since it is a good solution in the SIEM and SOC space. Some different providers or vendors also work in the SIEM and SOC space. The customers or potential users should evaluate a product before buying it, and everything would be fine.

The solution can fit all sizes. It's not only for enterprises since you'll find some SMBs looking for solutions like Securonix Next-Gen SIEM, but it will be a bit expensive out of their budget. Usually, SMBs don't place a budget for SOC since they can go for a managed SOC. Securonix Next-Gen SIEM could fit the requirements of SMBs as well.

It is a good product that needs to improve.

Overall, I rate the solution an eight out of ten.