Securonix Next-Gen SIEM Reviews

Data loss protection and account misuse are our primary use cases. We're utilizing it to help identify and correlate user behavior to identify potential data loss as well as to detect certain types of fraud.

The behavior analytics of Securonix has helped to prioritize advanced threats for us. We're still working through it, but it has helped. For example, it enables us to customize widgets, risk scores, and dashboards to identify what we want to see and gives us the ability to base the risk score on our business model and what we consider to be a high priority.

While we would have detected the threats that we do without the solution, it helps us have a central point to manage and detect those threats. It would have taken a little bit more work or additional tools to identify them after the fact. For example, it helps us in identifying and detecting fraud in the early stages.

The solution has decreased the time required to investigate alerts and threats because a lot of the data is in one console. We're not having to go to three or four different consoles. It also helps to surface high-risk events that require immediate action, such as identification of penetration testing.

The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case.

The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate.

Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along.

I think they have fixed the encryption piece and they have supposedly fixed training. I haven't seen the new training modules yet. The reporting and metrics will be improved in the next release, from what I understand.

The solution is very stable. We haven't had any issues.

We were able to increase it. It's scalable, but with some work on-prem; we're not cloud. But it is scalable. The issues were mostly from our environment: networking and support.

My team only is the only team that's using it and it's one hundred percent part of our daily functions. We have plans to increase usage, and extensively. We're about 50 percent of the way to where we want it to be.

Technical support is excellent.

We did not have a previous solution.

The setup was complex. The data mapping was complex because of our own structure and environment. From start to finish, it took us about three-and-a-half months before we went to production.

In terms of an implementation strategy, we worked with Securonix to develop a statement of work and we followed that. It included development and identification of data sources, implementing or ingesting those data sources, and applying use cases to those data sources as we fed them in.

Securonix helped us to deploy the solution. Our experience with them was very good; excellent.

So far we have seen ROI. We would like to see even better ROI. 

We pay yearly.

We did a PoC between two solutions and we chose Securonix. The other solution was Exabeam. One of the reasons we went with it is that someone had used Securonix at a different company. The scalability, the interface, and the results that it provided were also factors in our decision to go with it.

The biggest lesson we have learned from using Securonix is to start small. Don't throw everything at it. Start with one single use case and build out. Don't throw all the use cases into it at once. Otherwise, it's too much work, you get flooded with too much data, you can't focus on what's important, and you can't clean it as quickly. You can clean it, but it will take a lot of time.

My advice is to go with the cloud solution and, as I said, start small. Don't try to ingest everything at once. And don't create use cases for everything under the sun.

Because we're on-prem, we've had to both focus on threats and on the engineering of the platform. They provide support, but we still have some engineering overhead on our side.

We have five users using it and they're all investigator-analysts. We deployed with the help of four people who are security engineers, and maintenance is pretty much done by the two Securonix support people we have.

Overall, I would rate Securonix at eight out of ten. We're still going through it, developing, learning, and we find issues.

We have created correlation rules. When the condition matches, we get the alerts. We start analyzing the alerts and then create tickets for it in ServiceNow. We have also created dashboards in Securonix. If any breaches of data or unpredictable work is detected, it will show in the dashboard.

Securonix is a money-sharing tool. Its price range is very low compared to other tools.

The most beneficial feature is the option for a resource group name. We don't have to type the query specifically. We can select the resource group name or functionality directly of which type of security tool logs we want. We don't need to write the query for that; we just have to select.

I face slowness issues sometimes, especially when we write a query to search specific logs from the resource group. Apart from that, there should be GUI changes.

I have been working with the Securonix solution for eight to ten months.

Securonix is stable, yet sometimes there is slowness.

The solution is scalable.

We are not raising any questions with customer service or support.

Positive

I was using Splunk for six months.

The initial setup was straightforward, and I did not face any challenges.

For new users, it is good to use. For experienced users, they need fast query resolution; otherwise, it will be difficult for them to use. It does not require much maintenance.

I'd rate the solution eight out of ten.

My use cases relate to SIEM. 

I like Securonix Next-Gen SIEM's integration with in-house AI. I use its behavior analytics feature and am happy with it. It helps to enhance security. 

The solution's AI features reduce the need for manual analysis and help in decision-making. It displays the report in seconds.  It saves my resources three to four hours of work. 

Securonix Next-Gen SIEM's deployment is complex and you need a team to do it. 

I have been using the product for two years. 

I rate the solution's stability a ten out of ten. 

The tool is scalable since it's on the cloud. There are no limitations. 

I haven't contacted the technical support since we have a strong in-house team. 

We did the deployment in-house. 

The solution's price is double the competitors. 

I would recommend Securonix Next-Gen SIEM to SMBs if they have the money. I rate it a ten out of ten. 

Securonix provides us with a fine-tuned environment. It helps eliminate false positives with certain parameters.

It is a SIEM that works automatically when it comes to behavior and the analysis of certain parameters that we did not have visibility into before. It is very productive for our business. So far, from what we have seen, Securonix is very useful.

Securonix provides "enrichment" of event information thanks to connectors with Third Party Intelligence and that has helped to make us more efficient in our investigations. Threat hunting that used to take two to three hours can now be done in less than one hour because we have certain graphs configured within the platform that allow us to search for more detailed events in a shorter amount of time. The training we have received has been absorbed quickly by our analysts and we have managed to do more in less time.

Another benefit is that, as a SaaS environment, it allows us to free ourselves from support issues. We escalate everything directly with Securonix.

Among the most valuable features are its

• reporting capacity
• graphics 
• UEBA analytics.

The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it.

The autonomous threat sweeper also seems very good to me. It is a very striking and productive tool for our business. It's highly important to implement ATS because it allows us to scan for specific events that may happen.

Also, the ease of searching that the Spotter tool offers us is a welcome feature and the data insights have been very useful for our research work.

It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail.

I have been using Securonix Next-Gen SIEM for six months.

We have not had any major problems with the platform since we started working with it. There has only been one problem that had to do with something that did not load on the platform, but that was it.

We have had no problems ingesting all our log sources.

Being a cloud environment, it gives us unlimited scalability. When we have integrated larger sources we have not experienced any problems.

We have had some slightly delayed response times from technical support, but it is nothing out of the ordinary.

Positive

We use platforms such as RSA enVision, QRadar, and McAfee. We have not eliminated these platforms but we are more inclined toward Securonix because it provides us with UEBA analytics, which is something that we have not been able to exploit as much on other platforms. The solution's UEBA data analysis is what caught our attention.

I was involved in a certain part of the implementation that focused on the RING installation. The implementation was simple. They shared an interactive manual with us and there were no problems. Onboarding the sources was not such a complicated process. We needed three to five employees for the implementation.

They also provided guided training in which a representative from Securonix helped us with the queries we had.

Maintenance is mostly managed by Securonix. We are hardly involved in it.

More than anything, we have seen ROI thanks to the metrics we get from Securonix.

Securonix is very user-friendly and intuitive. In terms of nomenclature, it is very easy to understand where the information you want is located. Compared to other platforms, there are several UI qualities in favor of Securonix. It puts everything at your fingertips and the options tab is very accessible.

In terms of reducing false positives, we have not seen much difference between Securonix and other platforms at the moment.

Information about Securonix is all available within the online documentation and it enables you to get to know the platform independently. It is very beneficial if you're looking for a high-quality SIEM.

The most important thing I have learned by using Securonix is the exploitation of UEBA analytics. I had not seen that in another SIEM and it has been a definite benefit for me.

Foreign Language:(Spanish)

¿Cómo ha ayudado a mi organización?

Securonix nos proporciona un entorno optimizado. Ayuda a eliminar falsos positivos con ciertos parámetros.

Es un SIEM que funciona de forma automática en respecto a comportamientos y análisis de ciertos parámetros que no eran visibles antes. Es muy productivo para nuestro negocio. Hasta ahora, por lo que hemos visto, Securonix es muy útil.

Securonix proporciona un "enriquecimiento" de la información de eventos gracias a conexiones con Third Party Intelligence, esto nos ha ayudado a ser más eficientes en nuestras investigaciones. La búsqueda de amenazas que antes tomaba de dos a tres horas ahora se puede hacer en menos de una hora porque tenemos ciertos gráficos configurados dentro de la plataforma que nos permiten buscar eventos más detallados en menos tiempo. La formación que hemos recibido ha sido absorbida rápidamente por nuestros analistas y hemos conseguido hacer más en menos tiempo.

Otro beneficio que tiene es que, como se trata de un entorno SaaS, nos permite liberarnos de los problemas de soporte. Escalamos todo directamente con Securonix.

¿Qué es lo más valioso?

Entre las características más valiosas se encuentran..

• capacidad de reporte
• gráficos
• analíticas UEBA.

La funcionalidad de UEBA indica mucho sobre comportamientos que no se encuentran a través de un SIEM tradicional. Eso lo hemos explotado más que nada desde que empezamos a usarlo.

El barredor de amenazas autónomo también me parece muy bueno. Es una herramienta muy llamativa y productiva para nuestro negocio. Es muy importante implementar ATS porque nos permite buscar eventos específicos que puedan ocurrir.

Además, la facilidad de búsqueda que nos ofrece la herramienta Spotter es una característica beneficiosa y la información de los datos ha sido muy útil para nuestro trabajo de investigación.

¿Qué necesita mejorar?

Me parece que dentro de Securonix no hay opción de visualizar completamente los tipos de fuentes ni tampoco si hay alguna pérdida de logs. Escuché que tienen un módulo adicional para validar ese tipo de casos, pero en términos de la plataforma en sí, solo puedo ver la frecuencia con la que envía datos, pero ningún detalle específico

¿Por cuánto tiempo he usado la solución?

He estado usando Securonix Next-Gen SIEM durante seis meses.

¿Qué pienso sobre la estabilidad de la solución?

No hemos tenido mayores problemas con la plataforma desde que empezamos a trabajar con ella. Solo ha habido un problema que tenía que ver con algo que no cargaba en la plataforma, pero eso fue todo.

No hemos tenido problemas para ingerir todas nuestras fuentes de registro.

¿Qué opino de la escalabilidad de la solución?

Al ser un entorno en la nube, nos brinda una escalabilidad ilimitada. Cuando hemos integrado fuentes más grandes no hemos experimentado ningún problema.

¿Y el servicio de atención al cliente y el soporte?

Hemos tenido algunos tiempos de respuesta ligeramente retrasados por parte del soporte técnico, pero no es nada fuera de lo común.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Qué solución usé anteriormente y por qué cambié?

Utilizamos plataformas como RSA enVision, QRadar y McAfee. No hemos eliminado estas plataformas, pero nos inclinamos más por Securonix porque nos brinda análisis UEBA, que es algo que no hemos podido explotar tanto en otras plataformas. El análisis de datos UEBA de la solución es lo que llamó nuestra atención.

¿Cómo fue la configuración inicial?

Estuve involucrado en cierta parte de la implementación que se centró en la instalación de RING. La implementación fue sencilla. Compartieron un manual interactivo con nosotros y no hubo problemas. Incorporar las fuentes no fue un proceso tan complicado. Necesitábamos de tres a cinco empleados para la implementación.

También brindaron capacitación guiada en la que un representante de Securonix nos ayudó con las consultas que teníamos.

El mantenimiento es administrado principalmente por Securonix. Apenas estamos involucrados en eso.

¿Cuál fue nuestro Retorno de Inversión?

Más que nada, hemos visto el Retorno de Inversión gracias a las métricas que obtenemos de Securonix.

¿Qué otras soluciones evalué?

Securonix es muy fácil de usar e intuitivo. En cuanto a la nomenclatura, es muy fácil entender dónde se encuentra la información que buscas. En comparación con otras plataformas, hay varias cualidades de interfaz de usuario a favor de Securonix. Pone todo al alcance de tu mano y la pestaña de opciones es muy accesible.

En términos de reducción de falsos positivos, no hemos visto mucha diferencia entre Securonix y otras plataformas por el momento.

¿Qué otro consejo tengo?

Toda la información sobre Securonix está disponible en la documentación en línea y te permite conocer la plataforma de forma independiente. Es muy beneficioso si estás buscando un SIEM de alta calidad.

Lo más importante que he aprendido usando Securonix es la explotación de análisis UEBA. Eso no lo había visto en otro SIEM y definitivamente ha sido un beneficio para mí.

We use it for information security.

It's helped identify risky and/or malicious behavior that otherwise would probably have been overlooked. An example would be flight-risk behavior, meaning employees who are planning to leave the firm and/or who are possibly exfiltrating data. It has identified alerts or threats that would not have originally been identified.

While I wouldn't necessarily say it has surfaced high-risk events that require immediate action, but it has surfaced events that require action.

The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."

Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.

There is room for improvement in the product's integration with ServiceNow and in the reporting features.

The solution's stability has improved over time. Early on, we had issues with stability, but over the last three to six months, it's been relatively rock-solid.

My understanding is that it's scalable, but I don't get into that piece.

Technical support is fairly good. I meet with them on a weekly basis. I give them any concerns, issues, use-case changes, etc. Usually, the following week, they have fixed whatever needed to be fixed or enhanced things according to my requests. It's an acceptable turnaround time, for the most part.

We did not have a previous solution.

I believe it was Securonix themselves who did the deployment.

We're probably approaching the break-even point.

The only other solution that I believe we looked at was Splunk's UBA. It wasn't Splunk at the time and it wasn't mature enough at the time.

I'm not an engineer, I'm a consumer of the tool. It's doing what it's been asked to do. It's really all about use cases and having the data. You have to have your use cases well-defined and make sure you can feed Securonix the data. You should definitely do a PoC. Never buy anything without checking it out first.

I wouldn't say the solution's behavior analytics has helped to prioritize advanced threats.

Regarding the Hadoop piece, I would compare it to the way I drive a car. I put gas in it and I don't care what kind of engine is in there, how the engine works. I just turn the key and the car starts.

The users are our security operations team, which has about a dozen people. We use it on a day-to-day basis. We'll increase the use cases.

I work for Avalara. It's a tax technology company based in Seattle with offices all across the world: North Durham, California, Sao Paulo Brazil, Brighton UK, Pune India, and we are expanding right now.

We have a list of use cases, like brute force attacks. Our top executive team wanted to see — whenever we are under a serious attack — on their dashboard that the attack is happening, so that the corrective measures can be taken. That is the primary use case: to have that transparency for a number of security use cases like brute force, phishing, and others, and for our executives and our team to see that attack is happening so that we can counter-measure it and save our company from any data exposure or any security incident.

I see Securonix as a full-featured SIEM. I was looking for a SIEM tool that has traditional SIEM as well as UEBA, and found Securonix to be a good fit for our company, Avalara.

Another good thing is that I was looking to move away from tool management. I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available.

There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process. We would like to partner with different teams that can implement and deploy it faster, whose only job is just to go to the client's site and deploy. Just do it. That's one improvement, based on my experience, that would definitely help them go a long way. Because the way they are expanding they need to focus, because the first impression is the last impression. During the initial one to two months of deployment, that momentum and that support you provide a client is very important. That first two months after a client buys it, how the deployment goes, leaves a long-lasting impression on the client and the team.

In the initial setup itself we needed to dive deep into this. We had some deep technical questions and we were lucky that Securonix provided us with another technical resource. He really seemed knowledgeable.

And myself, I'm personally in touch with some of the technical people. We are getting that good support from them.

For the initial setup a team was assigned and a command was set up, so it was pretty straightforward. We had already gone through a PoC. Coming from a SIEM background, I understand the whole architecture and the process that takes place. We were looking at reducing the timelines and, as we go through it, we are seeing that. The log integrations are pretty fast and, as I said, tool management is done at the backend. So, the initial setup is pretty good. We got logins the day we wanted them. They were assigned, and we are proceeding ahead with the deployment, and we're pretty close to it.

The strategy was to shorten the timeline. My COO and our company didn't want to waste time in long processes. So the strategy was to first have a list of log sources, prioritize them, and integrate the important ones, and the ones that could be integrated fast, immediately into the system. The second step was to streamline the rules, to baseline the rules initially. We already had our team to work on the alerts. The strategy was to get it up and running as fast as possible. We're doing it in phases. We have already done the first phase and with the second phase we are almost there. Within the first two months, we'll have most of the SIEM organization done as well as baselining of the rules done.

I would rate the product at eight out of 10 right now, because there are scopes for improvement, operationally as well as technically. But they have definitely come a long way in a very short time, so I really give them eight-plus. There's definitely some scope for improvement operationally, and there are some technical features which need to be added.

It was supposed to be good for security to provide as a SOC-as-a-Service, however, it failed.

The solution did not improve our customer's organizations at all. The implementation attempts were a complete failure. We had to move them to another product.

There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

We thought they were going to be a great product, however, they're actually not great at all as an MSP.

The integration is very bad.

The initial setup failed in both use cases.

The technical support is terrible and completely unhelpful.

The product itself needs a lot of work; it's very immature.

The stability isn't great.

We never really properly used the solution. We tried, however, on the two clients we attempted to have to use the solution, it completely fell flat.

The stability of the solution is not good. 

Technical support is terrible. they are very bad. They are not helpful or responsive, and we were quite disappointed with the level of service on offer. 

We ended up moving out clients over to QRadar as this solution did not end up working for either of them.

The initial setup failed. We had to move to a different solution completely. The installation process was terrible. It was not straightforward. 

The implementation was done with the vendor, and the vendor failed on a number of areas to implement it.

We did not pay a licensing fee. We moved away from the solution.

We tried to implement it and we've taken it out. We've tried it with two clients, it failed, and therefore we moved them now to QRadar. It was terrible. It offered bad support and was a bad product, and everything that was promised wasn't able to be delivered.  

We canceled our partnership with them, and we've actually reverted the two clients that were supposed to go onto the Securonix, on to QRadar now.

We were trying to onboard two customers, and we ended up implementing this solution with neither of them.

I'd rate the solution at a five out of ten.

We are a services company, so we provide services for our clients' companies.

We would like to see better integration with other products. 

We have been using Securonix Security Analytics for around six months.

The solution is stable. 

The solution is scalable.

The technical support is okay. 

We work with different SIEM solutions, including IBM QRadar and LogRythm. Although I prefer IBM QRadar to Securonix Security Analytics, there are no features of this product that I wish to see included in it, as these two platforms are disparate. 

The reason I prefer IBM QRadar is because we already utilize this solution with our customers, whereas with Securonix Security Analytics we are talking about a process which we have yet to complete. 

The initial setup was relatively uncomplicated. It basically involved operations, with which we had some issues. 

I cannot comment on pricing as this is not within my purview. 

Our clientele includes small and medium sized companies, not enterprise.

I rate Securonix Security Analytics as an eight out of ten.