Our company does manage a stock of solutions for our customers. We use some tools like Splunk SIEM and some other technologies as well.
Services Sales Consultant at Alpha
A stable solution in the SIEM and SOC space that can be deployed with ease
Pros and Cons
- "The solution has proven to be stable so far...The solution is easy to scale up."
- "The technical support of the solution is an area with shortcomings and needs improvement."
What is our primary use case?
What is most valuable?
The reason why a customer chooses the solution for its features depends on the customer. Customers may choose it based on budget or the features they're looking for, and it varies, honestly.
I am from the sales team and the technical team, because of which I can't speak much about its features.
What needs improvement?
Customers may plan their next year's budget. If customers find that they haven't derived value from the solution, they might think about the prices, and then they would reevaluate the solution, after which they choose another solution.
The technical support of the solution is an area with shortcomings and needs improvement. My customers didn't face any issues regarding support from the solution's vendor, but it could be from the partner or from those providing support for the solution. Support could be more flexible, and they can delegate the support part of their operations to partners.
For how long have I used the solution?
I have been using Securonix Next-Gen SIEM for three or four years. My company acts as a system integrator and reseller while also having a partnership with Securonix.
Buyer's Guide
Securonix Next-Gen SIEM
October 2024
Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution has proven to be stable so far.
What do I think about the scalability of the solution?
The solution is easy to scale up.
My customers who use the solution are enterprise-sized businesses.
How are customer service and support?
Technical support for Securonix is good. I rate the technical support an eight out of ten. I don't give a ten out of ten rating because all the solutions need a marginal score to improve. None of the solutions would have a hundred percent satisfaction from customers.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I work with Splunk. The pros and cons of a solution depend on its features, customers, and the scale of the customer.
How was the initial setup?
As per our technical team, the initial setup was fine. It wasn't really difficult.
I am from the sales department, so I don't get involved in the implementation.
The solution is deployed on-premises.
What's my experience with pricing, setup cost, and licensing?
Pricing of the solution is an aspect that depends on a customer's budget. Sometimes the price fits a customer's budget. At times, the solution's price becomes a huge burden on the customer.
A yearly payment has to be made toward the solution's licensing costs.
Additional costs other than the solution's licensing costs are for the installation and support.
I rate the pricing an eight on a scale of one to ten, where one is cheap, and ten is very expensive. It is a pretty expensive tool.
What other advice do I have?
The solution requires maintenance, and the people required for maintenance depend on the applied or rolled-out solution's size. If the solution is applied at a larger scale, more team members are needed for maintenance. It is not difficult to maintain the solution.
I recommend the solution to those planning to use it since it is a good solution in the SIEM and SOC space. Some different providers or vendors also work in the SIEM and SOC space. The customers or potential users should evaluate a product before buying it, and everything would be fine.
The solution can fit all sizes. It's not only for enterprises since you'll find some SMBs looking for solutions like Securonix Next-Gen SIEM, but it will be a bit expensive out of their budget. Usually, SMBs don't place a budget for SOC since they can go for a managed SOC. Securonix Next-Gen SIEM could fit the requirements of SMBs as well.
It is a good product that needs to improve.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Cyber Intelligence Supervisor at a tech services company with 201-500 employees
Enrichment helps us discover information, and platform is great for visualizing and reviewing data
Pros and Cons
- "The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has."
- "The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
What is our primary use case?
We provide cyber SOC services by using it as an event correlator.
How has it helped my organization?
At the level of user visibility, it enriches a lot of data that the user might not otherwise know about and allows you to enrich other platforms with that data.
The contextual information added by Securonix has helped reduce investigation time by minutes because we no longer consult multiple sources and everything is centralized in one place.
It has helped improve our threat detection response and reduced noise from false positives, although it depends a lot on which network is being configured. The native ones trigger a lot, so we have introduced additional context in them.
But we have saved time in threat detection and noise reduction. It allows us to automate more use cases. I'm not sure if it has improved our level of threat investigation.
The solution has also helped detect advanced threats faster through the threat modeling. Several use cases are incorporated and it warns you about any behavior and more advanced threats. You don't need to review each threat but it informs you of the behaviors that you must take into account and it is easier to deduce them.
The dashboards that Securonix uses have helped us to do more in less time because if you need to see an anomaly or a specific event, the dashboard provides you with a summary of the data about that event.
Another benefit is that the platform has helped minimize infrastructure management. We invest less time in giving support and troubleshooting.
What is most valuable?
The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has. Something to keep in mind is that Securonix needs a lot of initial work to be able to properly enrich itself, but once installed it is very powerful.
It's very good in helping to ingest all our log sources when investigating threats. That is back to the enrichment theme. It's very powerful. When you ingest data to Securonix, what it does is feed back to other sources like your firewall, and antivirus proxy, and vice versa. And the use cases filter data.
The UEBA capabilities are also very valuable.
What needs improvement?
The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static.
Also, the Autonomous Threat Sweeper is very enriching but, that being said, the threat detection report lacks a little context. The feature to sweep autonomously is good. The way they could improve the ATS would be to use more awareness and communication with the user. They don't give us much detail in the threat detection report. It would be very helpful if they explained the impact to us.
For how long have I used the solution?
We have been using Securonix Next-Gen SIEM for about four months. We are service providers, not the final customers. At the moment, we only have the implementation in one location.
What do I think about the stability of the solution?
So far, we haven't had any problems. It's very stable.
What do I think about the scalability of the solution?
At the moment, we don't have enough records to scale, but based on the infrastructure and from what I have seen, Securonix is very practical and it is possible to increase its capacity.
How are customer service and support?
Support is an area for improvement because it takes a little time for them to attend to tickets. And regarding more complex configurations, for example, when you want to generate a change in the platform, you have to submit a ticket and you cannot modify templates or create things. That can only be done by administrators since it is a SaaS service.
In general, the tech support seems good. They solve the problems that occur, but their response times are not very good.
How would you rate customer service and support?
Neutral
How was the initial setup?
First, we saw how many events we had in the past SIEM. Under that same report, the infrastructure was made in Securonix, the RING was built, the platforms were connected, and then we let Securonix enrich in the system while the platform was configured. After that, the monitoring started.
There were particularities. The implementation of the infrastructure was simple, but the integration was complex due to integration issues in one of the solutions.
It took approximately three weeks until we implemented everything. In terms of staff from our side, there were two technicians, one who was in charge of integrations and another in charge of configurations in the SIEM. My responsibility was more on the strategic approach. Additionally, two integration managers from the Securonix team were involved.
Securonix notifies us when it needs to do maintenance. We only have to take care of the RING since it is local and not part of the SaaS infrastructure.
What's my experience with pricing, setup cost, and licensing?
The pricing is good, but by adding more things, the licensing becomes more complex because an EPS license fluctuates a lot. This licensing concept is going to be problematic in the long run.
Which other solutions did I evaluate?
Securonix is very easy and very intuitive compared to the other platforms. At the access level, it is much more practical. However, there are other platforms with better research levels and data ingestion than Securonix.
We evaluated Splunk, which is very similar to Securonix. We went with Securonix because we wanted to understand more about UEBA and enrichment, and for financial reasons.
In terms of threat investigations and onboarding, versus previous solutions that we have used, having access to UEBA allows you to analyze threats based more on behavior. But if you were to manually model, in other SIEMs, all the use cases that Securonix has, they would be very similar. Something that Securonix has in its favor is the enrichment prior to those threat detections. It took us about three to four weeks to get all the sources into the Securonix platform.
What other advice do I have?
When it comes to adding contextual information to security events, I would give it an eight or a nine out of 10. It enriches things a lot. But the concept by which Securonix works, which is to enrich by source and by modules, makes it very cumbersome to configure. If you set it all up, you can overload the SIEM. They tell you it's possible to set everything to the maximum capacity but this approach is not recommended.
Overall, it is a powerful platform. The cons are minimal and only require small attention and tedious initial work. Once Securonix is operative, it is very powerful.
It is a very good platform for discovering unknown information and is great at helping to visualize and review data. Thus, it indirectly supports data correlation. Thanks to Securonix, I learned that there are always things to discover. That's not only in the materialization of threats, but also in terms of discovery of permissions, users, and information about entities belonging to the company. And the enrichment gives you visibility that you didn't know about.
Foreign Language:(Spanish)
¿Cuál es nuestro caso de uso principal?
Brindamos servicios de SOC cibernético usando a SECURONIX como un correlacionador de eventos.
¿Cómo ha ayudado a mi organización?
A nivel de visibilidad del usuario, enriquece una gran cantidad de datos que el usuario podría no conocer de otra manera y le permite enriquecer otras plataformas con esos datos.
La información contextual agregada por Securonix ha ayudado a reducir el tiempo de investigación en minutos porque ya no consultamos múltiples fuentes y todo está centralizado en un solo lugar.
Ha ayudado a mejorar nuestra respuesta de detección de amenazas y ha reducido el ruido de los falsos positivos, aunque depende mucho de la red que se esté configurando. Los nativos se activan mucho, por lo que hemos introducido contexto adicional en ellos.
Pero hemos ahorrado tiempo en la detección de amenazas y reducción de ruido. Nos permite automatizar más casos de uso. No estoy seguro si ha mejorado nuestro nivel de investigación de amenazas.
La solución también ayudó a detectar amenazas avanzadas más rápido a través del modelado de amenazas. Se incorporan varios casos de uso y te advierte sobre cualquier comportamiento y amenazas más avanzadas. No necesitas revisar cada amenaza sino que te informa de los comportamientos que debes tener en cuenta y es más fácil deducirlos.
Los tableros que usa Securonix nos han ayudado a hacer más en menos tiempo porque si necesita ver una anomalía o un evento específico, el tablero le brinda un resumen de los datos sobre ese evento.
Otro beneficio es que la plataforma ha ayudado a minimizar la gestión de la infraestructura. Invertimos menos tiempo en dar soporte y solucionar problemas.
¿Qué es lo más valioso?
La característica más valiosa es lo que en Securonix llaman enriquecimiento. Securonix es muy poderoso debido a todos los datos que puede procesar y enriquecer automáticamente. La inteligencia accionable que proporciona es uno de sus beneficios debido a la capacidad de procesamiento que posee. Algo a tener en cuenta es que Securonix necesita mucho trabajo inicial para poder enriquecerse adecuadamente, pero una vez instalado es muy potente.
Es muy bueno para ayudar a ingerir todas nuestras fuentes de registro al investigar amenazas. Volviendo al tema del enriquecimiento. Es muy poderoso. Cuando ingiere datos a Securonix, lo que hace es retroalimentar a otras fuentes como su firewall y proxy antivirus, y viceversa. Y los casos de uso filtran datos.
Las capacidades de UEBA también son muy valiosas.
¿Qué necesita mejorar?
El enfoque basado en análisis para encontrar amenazas sofisticadas y reducir los falsos positivos es positivo y bueno, pero la plataforma requiere un concepto más dinámico. Todo es un poco estático.
Además, el barrido autónomo de amenazas es muy enriquecedor pero, dicho esto, el informe de detección de amenazas carece de un poco de contexto. La característica de barrer de forma autónoma es buena. La forma en que podrían mejorar el ATS sería usar más conciencia y comunicación con el usuario. No nos dan muchos detalles en el informe de detección de amenazas. Sería muy útil que nos explicaran el impacto.
¿Por cuánto tiempo he usado la solución?
Hemos estado usando Securonix Next-Gen SIEM durante cuatro meses aproximadamente. Somos proveedores de servicios, no clientes finales. Por el momento, solo tenemos la implementación en una ubicación.
¿Qué pienso sobre la estabilidad de la solución
Hasta ahora, no hemos tenido ningún problema. Es muy estable.
¿Qué opino de la escalabilidad de la solución?
Por el momento, no tenemos suficientes registros para escalar, pero en base a la infraestructura y por lo que he visto, Securonix es muy práctico y es posible aumentar su capacidad.
¿Cómo son el servicio de atención al cliente y el soporte?
El soporte es un área a mejorar porque les toma un poco de tiempo atender los tickets. Y en cuanto a configuraciones más complejas, por ejemplo, cuando quieres generar un cambio en la plataforma, tienes que enviar un ticket y no puedes modificar plantillas ni crear cosas. Eso solo lo pueden hacer los administradores ya que es un servicio SaaS.
En general, el soporte técnico me parece bueno. Solucionan los problemas que se presentan, pero sus tiempos de respuesta no son muy buenos.
¿Cómo calificaría el servicio y soporte al cliente?
Neutral
¿Cómo fue la configuración inicial?
Primero, vimos cuántos eventos tuvimos en el pasado SIEM. Bajo ese mismo informe, se hizo la infraestructura en Securonix, se construyó el RING, se conectaron las plataformas y luego dejamos que Securonix enriqueciera en el sistema mientras se configuraba la plataforma. Después de eso, comenzó el monitoreo.
Había particularidades. La implementación de la infraestructura fue simple, pero la integración fue compleja debido a problemas de integración en una de las soluciones.
Pasaron aproximadamente tres semanas hasta que implementamos todo. En cuanto al personal de nuestra parte, había dos técnicos, uno que estaba a cargo de las integraciones y otro a cargo de las configuraciones en el SIEM. Mi responsabilidad estaba más en el enfoque estratégico. Además, participaron dos gerentes de integración del equipo de Securonix.
Securonix nos avisa cuando necesita hacer mantenimiento. Solo tenemos que cuidar el RING ya que es local y no parte de la infraestructura SaaS.
¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?
El precio es bueno, pero al agregar más cosas, la licencia se vuelve más compleja porque una licencia EPS fluctúa mucho. Este concepto de licencia va a ser problemático a largo plazo.
¿Qué otras soluciones evalué?
Securonix es muy fácil y muy intuitivo en comparación con las otras plataformas. A nivel de acceso, es mucho más práctico. Sin embargo, existen otras plataformas con mejores niveles de investigación e ingesta de datos que Securonix.
Evaluamos Splunk, que es muy similar a Securonix. Elegimos Securonix porque queríamos saber más sobre UEBA y el enriquecimiento, y por razones financieras.
En términos de investigaciones e incorporación de amenazas, en comparación con las soluciones anteriores que hemos utilizado, tener acceso a UEBA te permite analizar las amenazas en función del comportamiento. Pero si tuvieras que modelar manualmente, en otros SIEMs, todos los casos de uso que tiene Securonix, serían muy similares. Algo que tiene Securonix a su favor es el enriquecimiento previo a esas detecciones de amenazas. Nos llevó entre tres y cuatro semanas incorporar todas las fuentes a la plataforma Securonix.
¿Qué otro consejo tengo?
A la hora de añadir información contextual a los eventos de seguridad le daría un ocho o un nueve sobre 10. Enriquece mucho las cosas. Pero el concepto por el que trabaja Securonix, que es enriquecer por fuente y por módulos, lo hace muy engorroso de configurar. Si lo configura todo, puede sobrecargar el SIEM. Te dicen que es posible configurar todo a la capacidad máxima, pero no se recomienda este enfoque.
En general, es una plataforma poderosa. Las desventajas son mínimas y sólo requieren poca atención y un tedioso trabajo inicial. Una vez que Securonix está operativo, es muy poderoso.
Es una muy buena plataforma para descubrir información desconocida y es excelente para ayudar a visualizar y revisar datos. Por lo tanto, admite indirectamente la correlación de datos. Gracias a Securonix, aprendí que siempre hay cosas por descubrir. Eso no es solo en la materialización de amenazas, sino también en términos de descubrimiento de permisos, usuarios e información sobre entidades pertenecientes a la empresa. Y el enriquecimiento te da una visibilidad que no conocías antes.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Securonix Next-Gen SIEM
October 2024
Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
SOC Analyst at ComWare S.A
Integration with third-party sources enables us to correlate and act on internal and external events
Pros and Cons
- "One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company."
- "We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
What is our primary use case?
We use it for the correlation of security events.
How has it helped my organization?
Securonix provides feedback from integrations with third parties so that it is always up to date regarding security events that occur daily.
It has helped a lot because previously we did not have as much control over the procedures or things that the company's users did. With Securonix, we have been able to monitor the activities of both internal and external users in the company.
Securonix has published a lot of information regarding how to use the platform. They have a lot of information online that has helped us add contextual information to security events. In the event of a security breach or a risk, it helps us monitor things. So far, with the solution in place, we have not witnessed any attacks, but it has helped us to monitor possible events that, if not taken into account, could be security breaches. It has helped us to mitigate potential gaps.
With this solution, we have saved hours in case management. It has helped us detect things faster and the integration with third-party sources has given us the ability to correlate and act on internal and external events, such as malicious attacks or malicious sites. We have improved in our response to certain incidents and types of browsing thanks to external lists that Securonix has provided us with. We can automatically detect threats.
Another benefit has been the ability to integrate practically all our specialists from different areas, including Windows, security, virtualization, et cetera, to respond with better quality. It has improved the efficiency of analysis.
It has also helped with data loss events in a certain way, through integration with our email accounts. In an event of data loss, the loss for our organization would be incalculable.
What is most valuable?
One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company. It has provided us with a lot of information and research.
What needs improvement?
We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform.
For how long have I used the solution?
We have been using Securonix Next-Gen SIEM for about a year.
What do I think about the stability of the solution?
It has not presented us with problems. Most of our support cases are related to the generation of policies, but the platform has not been an issue for us.
What do I think about the scalability of the solution?
Securonix carried out an analysis of our entire infrastructure. It provides us with the level of processing required and, if you are planning to take on new clients, you can always increase the EPS.
How are customer service and support?
I would rate their support at 8.5 to nine out of 10. Sometimes it has taken a little while because the investigation team has already begun to analyze other cases, but they always resolve our issues. While they are a little slow in certain cases, most of the time they solve them quickly and efficiently.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used McAfee before. The person who was in charge left the company just when Securonix came in and that is when I started working here.
One of the main differences is having service through the cloud. Before Securonix, we had the service locally. Now, the service is processed in the cloud and when a case is generated on the platform, they have always been willing to help us.
How was the initial setup?
Securonix is in the cloud. We have a virtual machine that stores certain platform configuration information, and since it is in the cloud, we can manage the platform from anywhere. The cloud-native platform helps minimize infrastructure management. Having everything integrated into one place makes things much easier for us.
I was only involved a little in the implementation of Securonix, but from what I heard, their team was helping our entire company, day and night, to get the implementation out as soon as possible. There may have been some problems in integration, but support cases were created and their team was always there with updates and new ways to connect our sources with their platform. Overall, it was not that complicated.
On our side, we had specialists involved from each department that wanted to be integrated with the platform, such as Windows, networking, security, et cetera. The Securonix staff was always present.
Securonix has provided us with a consultant here in Colombia. We are in contact regarding configuration of the platform to rule out possible false positives and help us focus on events that we must take into account.
It took us four months to incorporate all the sources.
There are no maintenance requirements on our part. They are constantly notifying us of updates and, before making changes, they let us know if there are going to be any interruptions in the service.
What was our ROI?
Our company is already trying to sell Securonix services, although it is a fairly new solution in the company. First, it is being handled internally, but they are already beginning the process of selling the service. That is the best return on investment.
What's my experience with pricing, setup cost, and licensing?
Compared to other brands it seems more affordable to us.
There are no costs in addition to the standard licensing fees.
Which other solutions did I evaluate?
The Securonix interface is very intuitive. McAfee had some good features and we have only been with Securonix for a short time, but it has not presented us with any problems. It seems to us much better compared to McAfee, in terms of event correlation and case tracking.
What other advice do I have?
Securonix seems to be a good solution that has met all our requirements.
If you want to have a more centralized solution to improve the performance of case and incident analysis and management, Securonix seems like a very good option.
The most important lesson is that you can always improve. There are features that may be unknown to you in the service but, through the documentation, you can realize all the benefits of things that might not be used initially.
Foreign Language:(Spanish)
¿Cuál es nuestro caso de uso principal?
Lo usamos para la correlación de eventos de seguridad.
¿Cómo ha ayudado a mi organización?
Securonix brinda retroalimentación de integraciones con terceros para que siempre esté actualizado sobre los eventos de seguridad que ocurren a diario.
Ha ayudado mucho porque antes no teníamos tanto control sobre los trámites o cosas que hacían los usuarios de la empresa. Con Securonix, hemos podido monitorear las actividades de los usuarios tanto internos como externos en la empresa.
Securonix ha publicado mucha información sobre cómo usar la plataforma. Tienen mucha información en línea que nos ha ayudado a agregar información contextual a los eventos de seguridad. En caso de una brecha de seguridad o un riesgo, nos ayuda a monitorear las cosas. Hasta el momento, con la solución implementada, no hemos sido testigos de ningún ataque, pero nos ha ayudado a monitorear posibles eventos que, si no se tienen en cuenta, podrían ser brechas de seguridad. Nos ha ayudado a mitigar posibles brechas.
Con esta solución hemos ahorrado horas en la gestión de casos. Nos ha ayudado a detectar cosas más rápido y la integración con fuentes de terceros nos ha dado la capacidad de correlacionar y actuar sobre eventos internos y externos, como ataques maliciosos o sitios maliciosos. Hemos mejorado en nuestra respuesta a determinadas incidencias y tipos de navegación gracias a listados externos que nos ha facilitado Securonix. Podemos detectar amenazas automáticamente.
Otro beneficio ha sido la capacidad de integrar prácticamente a todos nuestros especialistas de diferentes áreas, incluyendo Windows, seguridad, virtualización, etcétera, para responder con mejor calidad. Ha mejorado la eficiencia del análisis.
También ha ayudado con eventos de pérdida de datos de cierta manera, a través de la integración con nuestras cuentas de correo electrónico. En caso de pérdida de datos, la pérdida para nuestra organización sería incalculable.
¿Qué es lo más valioso?
Una de las características más valiosas es la integración de todo tipo de fuentes de datos para extraer información relevante sobre eventos. Es una buena solución en cuanto a las correlaciones que realiza dentro de todos los datos que se manejan en nuestra empresa. Nos ha proporcionado mucha información e investigación.
¿Qué necesita mejorar?
Nos gustaría un poco más de formación presencial. Securonix tiene varios tutoriales en su sitio web, pero queremos que haya una persona en Colombia que haga capacitaciones o talleres para que entendamos mejor la plataforma.
¿Por cuánto tiempo he usado la solución?
Hemos estado usando Securonix Next-Gen SIEM durante aproximadamente un año.
¿Qué pienso sobre la estabilidad de la solución?
No nos ha presentado problemas. La mayoría de nuestros casos de soporte están relacionados con la generación de pólizas, pero la plataforma no ha sido un problema para nosotros.
¿Qué opino de la escalabilidad de la solución?
Securonix realizó un análisis de toda nuestra infraestructura. Nos proporciona el nivel de procesamiento requerido y, si está planeando captar nuevos clientes, siempre puede aumentar el EPS.
¿Cómo son el servicio de atención al cliente y el soporte?
Calificaría su apoyo con un 8,5 a nueve del 1 al 10. A veces ha tardado un poco porque el equipo de investigación ya ha comenzado a analizar otros casos, pero siempre resuelven nuestros problemas. Si bien son un poco lentos en ciertos casos, la mayoría de las veces los resuelven de manera rápida y eficiente.
¿Cómo calificaría el servicio y soporte al cliente?
Positivo.
¿Qué solución usé anteriormente y por qué cambié?
Usábamos McAfee antes. La persona que estaba a cargo dejó la empresa justo cuando entró Securonix y ahí fue cuando empecé a trabajar aquí.
Una de las principales diferencias es tener servicio a través de la nube. Antes de Securonix, teníamos el servicio localmente. Ahora el servicio se tramita en la nube y cuando se genera un caso en la plataforma siempre han estado dispuestos a ayudarnos.
¿Cómo fue la configuración inicial?
Securonix está en la nube. Tenemos una máquina virtual que almacena cierta información de configuración de la plataforma, y como está en la nube, podemos administrar la plataforma desde cualquier lugar. La plataforma nativa de la nube ayuda a minimizar la gestión de la infraestructura. Tener todo integrado en un solo lugar nos facilita mucho las cosas.
Solo participé un poco en la implementación de Securonix, pero por lo que escuché, su equipo estaba ayudando a toda nuestra empresa, día y noche, a implementar la implementación lo antes posible. Es posible que haya habido algunos problemas en la integración, pero se crearon casos de soporte y su equipo siempre estuvo ahí con actualizaciones y nuevas formas de conectar nuestras fuentes con su plataforma. En general, no fue tan complicado.
De nuestro lado, teníamos especialistas involucrados de cada departamento que quería integrarse con la plataforma, como Windows, redes, seguridad, etcétera. El personal de Securonix siempre estuvo presente.
Securonix nos ha proporcionado un consultor aquí en Colombia. Estamos en contacto con respecto a la configuración de la plataforma para descartar posibles falsos positivos y ayudarnos a centrarnos en los eventos que debemos tener en cuenta.
Nos llevó cuatro meses incorporar todas las fuentes.
No hay requisitos de mantenimiento por nuestra parte. Constantemente nos avisan de las actualizaciones y, antes de hacer cambios, nos avisan si va a haber alguna interrupción en el servicio.
¿Cuál fue nuestro Retorno de Inversión?
Nuestra empresa ya está intentando vender los servicios de Securonix, aunque es una solución bastante nueva en la empresa. Primero se está manejando internamente, pero ya están iniciando el proceso de venta del servicio. Ese es el mejor retorno de la inversión.
¿Cuál es mi experiencia con los precios, el costo de configuración y las licencias?
Comparado con otras marcas nos parece más asequible.
No hay costos además de las tarifas de licencia estándar.
¿Qué otras soluciones evalué?
La interfaz de Securonix es muy intuitiva. McAfee tenía algunas buenas funciones y solo llevamos poco tiempo con Securonix, pero no nos ha presentado ningún problema. Nos parece mucho mejor en comparación con McAfee, en términos de correlación de eventos y seguimiento de casos.
¿Qué otro consejo tengo?
Securonix parece ser una buena solución que ha cumplido con todos nuestros requisitos.
Si desea tener una solución más centralizada para mejorar el rendimiento del análisis y la gestión de casos e incidentes, Securonix parece una muy buena opción.
La lección más importante es que siempre se puede mejorar. Hay características que pueden ser desconocidas para usted en el servicio pero, a través de la documentación, puede darse cuenta de todos los beneficios de las cosas que podrían no usarse inicialmente.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Specialist at a tech vendor with 10,001+ employees
Streamlined alert analysis with intuitive resource selection and an easy setup
Pros and Cons
- "We can select the resource group name or functionality directly of which type of security tool logs we want. We don't need to write the query for that; we just have to select."
- "I face slowness issues sometimes."
What is our primary use case?
We have created correlation rules. When the condition matches, we get the alerts. We start analyzing the alerts and then create tickets for it in ServiceNow. We have also created dashboards in Securonix. If any breaches of data or unpredictable work is detected, it will show in the dashboard.
How has it helped my organization?
Securonix is a money-sharing tool. Its price range is very low compared to other tools.
What is most valuable?
The most beneficial feature is the option for a resource group name. We don't have to type the query specifically. We can select the resource group name or functionality directly of which type of security tool logs we want. We don't need to write the query for that; we just have to select.
What needs improvement?
I face slowness issues sometimes, especially when we write a query to search specific logs from the resource group. Apart from that, there should be GUI changes.
For how long have I used the solution?
I have been working with the Securonix solution for eight to ten months.
What do I think about the stability of the solution?
Securonix is stable, yet sometimes there is slowness.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
We are not raising any questions with customer service or support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I was using Splunk for six months.
How was the initial setup?
The initial setup was straightforward, and I did not face any challenges.
What other advice do I have?
For new users, it is good to use. For experienced users, they need fast query resolution; otherwise, it will be difficult for them to use. It does not require much maintenance.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 30, 2024
Flag as inappropriateCo-Founder/Director at Bangkok MSP Company Limited
Saves three to four hours of manual work and helps in decision-making
Pros and Cons
- "The solution's AI features reduce the need for manual analysis and help in decision-making. It displays the report in seconds. It saves my resources three to four hours of work."
- "Securonix Next-Gen SIEM's deployment is complex and you need a team to do it."
What is our primary use case?
My use cases relate to SIEM.
What is most valuable?
I like Securonix Next-Gen SIEM's integration with in-house AI. I use its behavior analytics feature and am happy with it. It helps to enhance security.
The solution's AI features reduce the need for manual analysis and help in decision-making. It displays the report in seconds. It saves my resources three to four hours of work.
What needs improvement?
Securonix Next-Gen SIEM's deployment is complex and you need a team to do it.
For how long have I used the solution?
I have been using the product for two years.
What do I think about the stability of the solution?
I rate the solution's stability a ten out of ten.
What do I think about the scalability of the solution?
The tool is scalable since it's on the cloud. There are no limitations.
How are customer service and support?
I haven't contacted the technical support since we have a strong in-house team.
What about the implementation team?
We did the deployment in-house.
What's my experience with pricing, setup cost, and licensing?
The solution's price is double the competitors.
What other advice do I have?
I would recommend Securonix Next-Gen SIEM to SMBs if they have the money. I rate it a ten out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Aug 29, 2024
Flag as inappropriateSecurity Developer at a tech consulting company with 201-500 employees
Enrichment of event data via connectors to Third Party Intelligence had made investigations more efficient
Pros and Cons
- "The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
- "It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
How has it helped my organization?
Securonix provides us with a fine-tuned environment. It helps eliminate false positives with certain parameters.
It is a SIEM that works automatically when it comes to behavior and the analysis of certain parameters that we did not have visibility into before. It is very productive for our business. So far, from what we have seen, Securonix is very useful.
Securonix provides "enrichment" of event information thanks to connectors with Third Party Intelligence and that has helped to make us more efficient in our investigations. Threat hunting that used to take two to three hours can now be done in less than one hour because we have certain graphs configured within the platform that allow us to search for more detailed events in a shorter amount of time. The training we have received has been absorbed quickly by our analysts and we have managed to do more in less time.
Another benefit is that, as a SaaS environment, it allows us to free ourselves from support issues. We escalate everything directly with Securonix.
What is most valuable?
Among the most valuable features are its
- reporting capacity
- graphics
- UEBA analytics.
The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it.
The autonomous threat sweeper also seems very good to me. It is a very striking and productive tool for our business. It's highly important to implement ATS because it allows us to scan for specific events that may happen.
Also, the ease of searching that the Spotter tool offers us is a welcome feature and the data insights have been very useful for our research work.
What needs improvement?
It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail.
For how long have I used the solution?
I have been using Securonix Next-Gen SIEM for six months.
What do I think about the stability of the solution?
We have not had any major problems with the platform since we started working with it. There has only been one problem that had to do with something that did not load on the platform, but that was it.
We have had no problems ingesting all our log sources.
What do I think about the scalability of the solution?
Being a cloud environment, it gives us unlimited scalability. When we have integrated larger sources we have not experienced any problems.
How are customer service and support?
We have had some slightly delayed response times from technical support, but it is nothing out of the ordinary.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We use platforms such as RSA enVision, QRadar, and McAfee. We have not eliminated these platforms but we are more inclined toward Securonix because it provides us with UEBA analytics, which is something that we have not been able to exploit as much on other platforms. The solution's UEBA data analysis is what caught our attention.
How was the initial setup?
I was involved in a certain part of the implementation that focused on the RING installation. The implementation was simple. They shared an interactive manual with us and there were no problems. Onboarding the sources was not such a complicated process. We needed three to five employees for the implementation.
They also provided guided training in which a representative from Securonix helped us with the queries we had.
Maintenance is mostly managed by Securonix. We are hardly involved in it.
What was our ROI?
More than anything, we have seen ROI thanks to the metrics we get from Securonix.
Which other solutions did I evaluate?
Securonix is very user-friendly and intuitive. In terms of nomenclature, it is very easy to understand where the information you want is located. Compared to other platforms, there are several UI qualities in favor of Securonix. It puts everything at your fingertips and the options tab is very accessible.
In terms of reducing false positives, we have not seen much difference between Securonix and other platforms at the moment.
What other advice do I have?
Information about Securonix is all available within the online documentation and it enables you to get to know the platform independently. It is very beneficial if you're looking for a high-quality SIEM.
The most important thing I have learned by using Securonix is the exploitation of UEBA analytics. I had not seen that in another SIEM and it has been a definite benefit for me.
Foreign Language:(Spanish)
¿Cómo ha ayudado a mi organización?
Securonix nos proporciona un entorno optimizado. Ayuda a eliminar falsos positivos con ciertos parámetros.
Es un SIEM que funciona de forma automática en respecto a comportamientos y análisis de ciertos parámetros que no eran visibles antes. Es muy productivo para nuestro negocio. Hasta ahora, por lo que hemos visto, Securonix es muy útil.
Securonix proporciona un "enriquecimiento" de la información de eventos gracias a conexiones con Third Party Intelligence, esto nos ha ayudado a ser más eficientes en nuestras investigaciones. La búsqueda de amenazas que antes tomaba de dos a tres horas ahora se puede hacer en menos de una hora porque tenemos ciertos gráficos configurados dentro de la plataforma que nos permiten buscar eventos más detallados en menos tiempo. La formación que hemos recibido ha sido absorbida rápidamente por nuestros analistas y hemos conseguido hacer más en menos tiempo.
Otro beneficio que tiene es que, como se trata de un entorno SaaS, nos permite liberarnos de los problemas de soporte. Escalamos todo directamente con Securonix.
¿Qué es lo más valioso?
Entre las características más valiosas se encuentran..
- capacidad de reporte
- gráficos
- analíticas UEBA.
La funcionalidad de UEBA indica mucho sobre comportamientos que no se encuentran a través de un SIEM tradicional. Eso lo hemos explotado más que nada desde que empezamos a usarlo.
El barredor de amenazas autónomo también me parece muy bueno. Es una herramienta muy llamativa y productiva para nuestro negocio. Es muy importante implementar ATS porque nos permite buscar eventos específicos que puedan ocurrir.
Además, la facilidad de búsqueda que nos ofrece la herramienta Spotter es una característica beneficiosa y la información de los datos ha sido muy útil para nuestro trabajo de investigación.
¿Qué necesita mejorar?
Me parece que dentro de Securonix no hay opción de visualizar completamente los tipos de fuentes ni tampoco si hay alguna pérdida de logs. Escuché que tienen un módulo adicional para validar ese tipo de casos, pero en términos de la plataforma en sí, solo puedo ver la frecuencia con la que envía datos, pero ningún detalle específico
¿Por cuánto tiempo he usado la solución?
He estado usando Securonix Next-Gen SIEM durante seis meses.
¿Qué pienso sobre la estabilidad de la solución?
No hemos tenido mayores problemas con la plataforma desde que empezamos a trabajar con ella. Solo ha habido un problema que tenía que ver con algo que no cargaba en la plataforma, pero eso fue todo.
No hemos tenido problemas para ingerir todas nuestras fuentes de registro.
¿Qué opino de la escalabilidad de la solución?
Al ser un entorno en la nube, nos brinda una escalabilidad ilimitada. Cuando hemos integrado fuentes más grandes no hemos experimentado ningún problema.
¿Y el servicio de atención al cliente y el soporte?
Hemos tenido algunos tiempos de respuesta ligeramente retrasados por parte del soporte técnico, pero no es nada fuera de lo común.
¿Cómo calificaría el servicio y soporte al cliente?
Positivo
¿Qué solución usé anteriormente y por qué cambié?
Utilizamos plataformas como RSA enVision, QRadar y McAfee. No hemos eliminado estas plataformas, pero nos inclinamos más por Securonix porque nos brinda análisis UEBA, que es algo que no hemos podido explotar tanto en otras plataformas. El análisis de datos UEBA de la solución es lo que llamó nuestra atención.
¿Cómo fue la configuración inicial?
Estuve involucrado en cierta parte de la implementación que se centró en la instalación de RING. La implementación fue sencilla. Compartieron un manual interactivo con nosotros y no hubo problemas. Incorporar las fuentes no fue un proceso tan complicado. Necesitábamos de tres a cinco empleados para la implementación.
También brindaron capacitación guiada en la que un representante de Securonix nos ayudó con las consultas que teníamos.
El mantenimiento es administrado principalmente por Securonix. Apenas estamos involucrados en eso.
¿Cuál fue nuestro Retorno de Inversión?
Más que nada, hemos visto el Retorno de Inversión gracias a las métricas que obtenemos de Securonix.
¿Qué otras soluciones evalué?
Securonix es muy fácil de usar e intuitivo. En cuanto a la nomenclatura, es muy fácil entender dónde se encuentra la información que buscas. En comparación con otras plataformas, hay varias cualidades de interfaz de usuario a favor de Securonix. Pone todo al alcance de tu mano y la pestaña de opciones es muy accesible.
En términos de reducción de falsos positivos, no hemos visto mucha diferencia entre Securonix y otras plataformas por el momento.
¿Qué otro consejo tengo?
Toda la información sobre Securonix está disponible en la documentación en línea y te permite conocer la plataforma de forma independiente. Es muy beneficioso si estás buscando un SIEM de alta calidad.
Lo más importante que he aprendido usando Securonix es la explotación de análisis UEBA. Eso no lo había visto en otro SIEM y definitivamente ha sido un beneficio para mí.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Lead Security Engineer at a tech services company with 1-10 employees
The solution has helped by reducing the number of false positives in half
What is our primary use case?
We are using it for Azure logins outside of US and Azure brute force use cases. We have use cases for our firewalls, like Palo Alto. These are use cases that we created ourselves. These are not the use cases out-of-the-box that Securonix provided us.
How has it helped my organization?
Without this product, my organization would not be able to function at all. It is our main monitoring product for our clients. We monitor everything through it. Securonix Security Analytics is the main process of providing services to our client because we are a 24/7/365 security operations center. So, Securonix is helping me out on daily basis all the time, every minute.
Security Analytics helps provide actionable intelligence on threats related to our use cases, which is very important. They are improving it almost on a daily basis. They send it to us and keep it running on the back-end for all the tenants. If anything gets raised, according to the threat intelligence that they have generated, we will get an alert. We will then start digging into those events. After that, we work with clients to respond to that incident.
The product can help increase efficiency. My analysts were working 12-hour shifts when we started. Now, they are working eight-hour shifts. However, it also depends on the person and how efficient they want to be. My analysts are monitoring, training, and doing their certifications all at the same time. This definitely divides their attention.
What is most valuable?
Features, like Spotter, are the most valuable. Spotter is a wide range of research for any of the incidents that happened under my clients' data.
They also have a feature that separates violations according to top violators. So, I can go in and see all the use cases that got preserved under them. It is an intensive search type of thing. You can just keep digging in. There are other policies attached to it. There are some remediation steps and recommendations attached to it.
Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.
It helps us find sophisticated threats.
What needs improvement?
The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product.
I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time.
It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.
For how long have I used the solution?
I have been using it for a year and three months.
What do I think about the stability of the solution?
It is pretty stable. Out of 100%, I would rate the stability between 80% to 85%. 20% can be unstable for any product. There can be bugs. There can be a failure in the core or a syntax error in the core. When I notify the support of these types of issues, they quickly fix the problem for me.
We have experienced a few performance issues, about 10%, when Security Analytics is ingesting our log sources. This can happen with any product. We informed them that we are facing this issue and get pretty good support on it.
What do I think about the scalability of the solution?
Scalability is pretty good. It does grow with our license. We work according to EPS. So, as our EPS pool grows, the solution will keep growing.
Cloud Scale is super scalable. You can scale Securonix pretty well. Even if you have too much data coming in, you can figure things out or put more resources on it. Securonix is pretty good at doing these things. For example, they have load balancers already in place, which automatically take care of these things.
There are 12 of us right now using the solution. I'm the senior engineer, and I have eight analysts who are using it. I have a senior manager who is also using it.
How are customer service and support?
Six months ago, if someone asked me about the support, I would say, "Not good." Now, the support is pretty effective. They try to resolve problems ASAP. For example, if it's a critical ticket, they get it fixed within an hour.
I would rate the support as eight out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We had a generic system previously, which has none of the things which have helped us by using Security Analytics. This solution automatically detects threats. There is a response bar that we can deploy. There is an email notification. So, if I am not available, then I will get an email that I can respond to pretty quickly. As far as threat detection, we get policy updates every three minutes. Therefore, if anything is detected, it will be right there on my screen.
I have previously trained on FortiGate and Splunk. Securonix and Splunk are not that different. Splunk has a lot of things on one screen. Whereas, Securonix tries to clean it up.
How was the initial setup?
If you follow the documentation, it is straightforward. If you don't want to read, it will be complex. I don't review documentation anymore. I did it twice when I started, then I went in, wrote a batch script, and automated the whole process. Now, I just need to make some changes before running that script.
The deployment takes 35 minutes on the client side.
What about the implementation team?
I am the only person involved in the managing and deployment of the solution.
If there is any kind of setup that needs to be done on the cloud side, Securonix does that for us. I integrate clients with my platform, but Securonix takes care of the back-end.
What was our ROI?
The Securonix cloud-native platform helps minimize infrastructure management. We don't need that much manpower. If there is infrastructure to maintain, I need an engineer to maintain infrastructure, a software engineer who will look for the application, a security unit who will look for the threats and attacks, and a response person. Now, I don't need a software engineer or infrastructure engineer. That has gone away. Currently, I need only a security engineer and response person, which one person can do. We can also hire two people to do the different jobs. That is no problem.
We don't have to put more focus on infrastructure, which helps. There is a little bit of an infrastructure included, but that is a one-time setup thing. You don't need to go and maintain it again and again.
Securonix Security Analytics adds contextual information into security events. For example, on a generic system, if I used to put in an hour, now I'm putting in 35 to 40 minutes on this. So, it's saving me about 20 minutes of time.
What's my experience with pricing, setup cost, and licensing?
Compared to the pricing of other products, Securonix's pricing is pretty good. Clients can get half of the price of other companies by going with Securonix. Other products, like IBM and Splunk, have pretty high pricing. Nowadays, we see CrowdStrike as up and coming, and they are pretty expensive.
Pricing does depend on what model you are looking for, e.g., are you going for an MSP or single tenant?
Which other solutions did I evaluate?
I don't find a lot of difference between solutions. Everybody tries to improve their product over time. I do free testing for multiple products, and they are basically copying each other's functions.
I like Securonix because I am familiar with it and can do threat hunting in 10 minutes instead of the 30 minutes that it might take if I used other solutions.
What other advice do I have?
According to my clients and the security world, I cannot eliminate all the false positives because you cannot let false positives go. You need to make sure that there are no attacks attached to that false positive. So, we have a team of analysts who monitor it every time. So, if a false positive policy gets an alert, then we just go ahead and make sure to analyze it. That is okay. If it is a false positive, then we mark it as one. We did eliminate a lot of false positives, but not all of them. It is our choice, not Securonix's, what we want to keep or eliminate.
I would rate Securonix as nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner - MSP
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
Open platform allows us to modify policies and tune policies as needed
Pros and Cons
- "The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
- "Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
What is our primary use case?
Our primary use case is privileged-account monitoring. We wanted the ability to monitor what privileged accounts do, what time of day they typically log in, what machines they log in from, what type of configuration changes they make, etc.
We're using the SNYPR Cloud UEBA.
How has it helped my organization?
The areas where behavior analytics helps in terms of advanced threats are around some of the rarity-based policies. An example would be if someone is logging in to a machine for the first time, someone who has never logged in to that machine before. Another would be a rare time of day when somebody is logging in. Policies such as rare suspicious-process also help. We have a list of processes that we typically don't expect many users to run, so if somebody's running one of them in the environment for the first time, it helps us understand that something potentially malicious or at least suspicious is taking place.
We had a recent internal penetration test to try to simulate attacker activity, and Securonix really stood out regarding some of its detection capabilities versus our traditional SIEM, with a lot of the policies that we have for rare-process running on a machine. The enumeration-type activities, where it's looking for an increase in the number of, say, accounts that are accessed, or the number of machines or file share that are accessed, was something that stood out significantly for us.
An example where the solution detected a threat that would otherwise have gone unnoticed recently was a Word document that launched PowerShell and tried downloading a malicious file. We have a policy which is looking for a rare process launched from a child process, and that detected a specific type of malware.
Also, given that the solution is offered as a cloud platform, it probably reduced the potential need for additional headcount. Had we gone with an on-premise solution - because it would have a lot of the administrative tasks of maintaining the hardware and doing updates, and some operational costs - we probably would have required an additional headcount. By going with the cloud, it didn't require us to add to our headcount, and yet we were able to add this new technology.
The solution has also enabled our team to focus on threats rather than on engineering of the platform. We're a very hands-on organization. We've done some of the engineering, whether it be to create new policies specific to our environment or specific to a threat that we're looking for. So it has helped us to focus on threats, but we also do a decent amount of engineering.
Securonix has decreased the time required to investigate alerts or threats. A lot of the information is right there for us, so it's easy to search and try to help with an investigation. In terms of how much time it has saved us, it's really a case-by-case scenario. It would be difficult to pinpoint an exact time on it.
As for the solution surfacing high-risk events that require immediate action, Securonix correlates different policy-violations together into what it calls threat models. There have been a few examples of threat models that have been triggered which gave us a high degree of confidence that there's a threat that we want to investigate right away. Using the threat models has really helped prioritize events of interest for us.
What is most valuable?
- The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed.
- There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us.
- Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us.
In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc.
What needs improvement?
Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things.
For how long have I used the solution?
We've been using Securonix for a year-and-a-half now, as a production customer. We started a pilot back in July of 2017, so if you consider the pilot time, it's about two years in total.
What do I think about the stability of the solution?
Initially, within the first six to eight months, we had some issues with stability. In the last year we've really had no stability issues. There's been no downtime. Any time there are updates, we're always notified when they will take place, with adequate notice. After the updates, there's very minimal downtime as a result.
The earlier instability was growing pains. At the time, we were one of the largest customers going to their cloud solution. It was just a matter of some of the growing pains as they were trying to scale to handle the quantity of logs that we were sending to it.
They've also added additional features and enhancements, and we haven't had any issues with it or any downtime as a result of that.
What do I think about the scalability of the solution?
We haven't had any issues with scalability. We've been able to send more log sources to it and we haven't had any issues with them being able to handle the volume.
We have close to 6,000 employees. We have about 9,000 servers and workstations in total, and we're sending about 5,000 events per second.
We have plans to increase our use of Securonix. Right now we use a different vendor for SIEM, LogRhythm, and we use Securonix for UEBA. We're looking at potential options to consolidate to one platform.
How are customer service and technical support?
Their technical support has been pretty helpful. We have a lot of direct contacts with some of the higher-level support, people who help with the integration. A lot of times, when we have issues, we may email them directly and they're able to work on a resolution relatively quickly.
That being said, we do have a technical account manager and that person does a really good job of prioritizing resources to make sure that, if we do have any issues, they get addressed in a timely fashion.
Which solution did I use previously and why did I switch?
We piloted Exabeam but we didn't go forward with them.
How was the initial setup?
The initial setup was a little complex, but going into it we knew it's a complex solution. We didn't expect that it would be out-of-the-box. Our expectation was that it was going to take a little bit of time to get it set up and integrated and then to learn different profiles on users. It was somewhat complex, but it wasn't anything that we weren't expecting.
Our case is a unique situation where we aren't using Securonix as our SIEM so we had to send logs from our SIEM over to Securonix. There was some tweaking of the parsing that we had to do; how they were able to normalize the log and stuff like that. That took a little while to get up and running.
Overall, our deployment took about two to three months.
In terms of an implementation strategy, we had Professional Services from Securonix help with the implementation. They did a lot of the heavy lifting for us.
What about the implementation team?
Our experience with Securonix Professional Services was very good. They were able to do the integration. It didn't really require a heavy amount of effort from us to work with them. It was just time-consuming. They were updating the parses to support our environment for several weeks.
What was our ROI?
We have definitely seen ROI using Securonix.
Which other solutions did I evaluate?
We piloted Exabeam but we didn't go forward with them. We looked a little bit at LogRhythm's UEBA capability as well. At the time they were in the beta stages, so we didn't feel comfortable going with them.
One of the things that we really liked about Securonix was that it is very open-platform, where we have the ability to tune and tweak and create new policies as needed. With Exabeam, everything required us to go through their Professional Services to make some of those changes. The real benefit that we liked with Securonix over Exabeam was the reporting capabilities. Exabeam pretty much removed almost all their reporting and threat-hunting capabilities. I think there was some bug that was taking place. The other thing that Securonix does that I really like is that they give you the raw log message so you can see all the details. Exabeam was only providing parts of the log message, parts they thought were relevant for an investigation, but they didn't provide everything.
LogRhythm versus Securonix is not one-to-one. We're using LogRhythm for our SIEM, long-term retention, being able to look at things over a 90-day period of time. We're using Securonix more just for the UEBA capabilities. Based on how we're using them today it would be difficult to say the pros and cons of either one. We've had some challenges with LogRhythm support and some of their feature enhancements. Some of the things they've rolled out don't necessarily work as expected or we've experienced a lot of bugs with their product. We haven't had the same issues with Securonix.
What other advice do I have?
From a positive standpoint, with Securonix, or with any UEBA vendor, but specifically Securonix as that's the one that we're using, it definitely overcomes a lot of the challenges with trying to understand what's normal and what's not normal in an environment. With the traditional SIEM rules, it's very difficult to tune some of the policies to understand what is normal for your environment. That's really helped us quite a bit. Another thing that might be helpful regarding understanding the platform is that it takes a little bit of time to come up with the behavior profiles. It might take 30 days, depending on what you're trying to look at, before you start seeing some alerts trigger, because you're looking at things over a longer period of time.
The biggest lesson I've learned using Securonix is that with behavioral analytics, and any UEBA vendor, it does reduce some of the alerts but it also has the potential to create additional volume or additional alerts, which could be good or bad. So just understand that there definitely is the potential to get a lot more security alerts as a result of using the product.
The way we try to work around the increase is through the ability to tune some of the policies to remove some of the few things that produce known noise. The biggest thing is just tuning things out, where applicable. Another is by leveraging their threat models. Correlating several different policies together, which are part of a threat model, might provide a little bit more context. As an example, if two of these three policies fire within a certain period of time, it might be a little more interesting than just, say, this one stand-alone policy triggering by itself.
The behavior analytics probably doesn't help us to prioritize advanced threats. It's just the nature of UEBA, I don't think it's necessarily a reflection of Securonix. But one of the challenges with being able to detect a lot of rare activity or anomalous activity is that you tend to find there's a lot more rare stuff happening in your environment than you would expect. It helps us, but sometimes it has the potential to create a little bit more noise as well.
With SNYPR, they have what's called SNYPREye which monitors the cloud solutions of SNYPR to detect if there is any type of operational issue.
We have five people on our team who use Securonix. They're security threat analysts. They all have the same feelings that I do: That it's very helpful with security monitoring, and that it also provides threat-hunting and investigations on users.
We have shared roles, so I wouldn't say we have dedicated focus on just Securonix. We're a small team that does a little bit of everything. At a minimum, if we didn't have that shared focus, maintenance of Securonix would take one full-time resource.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Identity Threat Detection and Response (ITDR)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
Cisco Identity Services Engine (ISE)
CyberArk Privileged Access Manager
IBM Security QRadar
Elastic Security
Rapid7 InsightVM
AWS Security Hub
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Microsoft Defender for Identity
Buyer's Guide
Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?