What advice do you have for others considering Netsurion Managed Threat Protection?

At this time, I do not use the additional data source integrations offered to help protect our environment. I'd rate the solution eight out of ten. It's one of my favorite products. They should be well-known. I've had zero issues with them. It's expensive, yet you get what you pay for. New users need to understand that it is kind of hands-off. You aren't going to have to put much into it once it is up and running. The time savings and the peace of mind make it worth it at the end of the day.

I would rate Netsurion a ten out of ten. I have been managing networks and IT departments for 25 years, and there are a few services that I find both wonderful and absolutely essential. Among these, Netsurion Managed XDR holds the highest importance for me. Without it, I wouldn't be able to gain the insights into our network that I currently can. There's no economically or technically viable way to achieve this. Despite being a relatively small company with a workforce of 42 individuals, I essentially possess my own security team consisting of five or six people and the array of tools they have at their disposal. Outsourcing this function or hiring personnel for it isn't feasible. While I am a security professional myself, the value brought by this service is unmatched even if I were to engage a consultant. The level of value it provides is truly remarkable. For example, we allocate approximately $65,000 dollars annually for this service, and I firmly believe that the investment is completely justified for us. We make use of Netsurion SIEM services to collate logs from all our devices. These logs are forwarded and integrated into a local system. Netsurion also offers managed security services, including protection against malware. Although they do provide such services, I personally do not utilize them. My usage of Netsurion focuses on their SIEM package, specifically Netsurion Managed XDR. I also use their vulnerability assessment service. On the flip side, we've worked with Netsurion to meet compliance requirements. Given our small team of only three people, adhering to strict duty segregation, as larger companies might, is challenging. To address this, we've established a practice where I request logs. For instance, when my team handles administrative tasks like unlocking users or managing access permissions, these activities are logged by a third-party system called Netsurion Managed XDR. I receive daily and weekly reports summarizing these activities. Netsurion has demonstrated impressive flexibility in accommodating our needs. They are open to tailoring their services based on our unique requirements. In cases where certain actions are less critical, they consolidate alerts into monthly or weekly reports instead of inundating us with numerous daily emails. This practical approach is highly valued. Our experience with Netsurion is unlike other monitoring software we've used, even after my extensive career, including the use of SolarWinds. At present, we are self-monitoring. The complexity of configuring these tools is significant. However, working with Netsurion feels like an extension of our team. It's far more efficient than purchasing software and struggling to configure it. Interacting with them is seamless. I can simply request tasks, like generating administrator activity reports. After a few questions and adjustments, they delivered the final report. This approach is in stark contrast to grappling with software configurations, where flexibility is often lacking. We've successfully fine-tuned Netsurion's services to suit our needs. I recently scheduled a monthly review meeting, which previously took an hour or more. Now, with Netsurion's support, the meeting takes about twenty minutes. They present data through Power BI, allowing for detailed analysis. They provide this along with supplementary Excel documentation. With their expertise, we've transitioned from red or orange indicators to green, or in some cases, even removed certain issues entirely. I am genuinely pleased with their assistance. I've worked with Netsurion in previous roles and introduced them to our current network. I secured budgets for their services upon joining this company due to the significant value they add. Considering our circumstances, I can't envision an alternative approach that would be as effective. Even hiring additional security personnel wouldn't provide the same economies of scale and expertise as Netsurion does. Netsurion Managed XDR now offers an expanded range of services. Among these is a vulnerability assessment service that is now available. The quality of their recording has significantly improved, becoming more standardized and polished. It seems that their scope of reporting has also broadened. This expansion is facilitated by the advantages of being part of a larger company like Netsurion, which provides access to a greater array of tools. These tools can be integrated into their products and subsequently shared with customers. In terms of the core services, such as daily reporting, alerting, weekly observation reports, and monthly meetings, there hasn't been a substantial change; these aspects remain largely similar to what they were. The notable addition is the availability of the vulnerability assessment service, which was not part of the service package previously. One aspect of Netsurion Managed XDR that I appreciate is the tenacity of its people. This becomes evident because, at times, my team serves as the bottleneck in accomplishing tasks. For example, concerning the integration, we've been attempting to integrate with our email system. The individuals from Netsurion Managed XDR persistently inquire about the progress of this integration. However, due to the substantial workload we have, we continuously postpone it. Consequently, it is difficult for me to think of an area of improvement. This sentiment holds particularly true following the acquisition of the vulnerability assessment service, which has proven to be highly beneficial for us. In a former organization, we attempted a task akin to what Netsurion does using Syslogs and SolarWinds, but the results were incomparable to what we achieve with Netsurion.

If you are not going to go for their managed service, then you will need to hire a SOC team, and if you are not going to hire a SOC team, then you are messing up. I am sure that other companies have their own SOC teams instead of having a SOC-managed service, but this solution makes it cost effective for us. I would rate it as a six out of 10.

It doesn't matter whether a solution is outside or inside the US. When we look at our firewall logs, most of our spam and ransomware attacks are coming from inside the US. That is where the majority of that traffic is coming from. We shut down everything from the outside that shouldn't have access. We determine who gets on our server and when they get on it. We control it as well from the outside as we would from inside the country. There doesn't seem to be any national barriers that seem to have anything to do with whether you are really secure or not anymore. Certainly, there is a lot of risk from certain rogue countries, but vendors are vendors, you just have to vet the vendor as well. Everything in life is a risk. You need to determine what your risk tolerance is. In our case, we take the risk of not logging every single device on our network. We don't log the laptops of the guys who work in the field all day, then come in just to do payroll. We don't care what goes on their PCs, but we do care once it touches another server somewhere. Therefore, we log those servers. It is all about risk tolerance. At the end of the day, you need to balance your budget one way or another.

I'd rate Netsurion six out of 10. I'm only going above the five because there aren't a lot of other products in that niche for a decentralized SIEM product. To anyone skeptical about the need for managed security services, I would say that they need to look at whether they have the resources to provide the service themselves. I think most don't, and I believe that the cost of hiring even temporary personnel to provide that function doesn't make business sense compared to bringing in a third party like Netsurion. Cost savings, management, and 24/7 monitoring — you can't get all that for the same price.

If you're concerned about Netsurion's SOC being located outside of the US, I would say that location of the SOC is irrelevant. Rather, you should evaluate the skills of the SOC and the SOC management. And if someone at another company said they are not sure that they need managed services, I would say to them that they had better make sure they have enough money to have their own internal team. My other advice would be to make sure that Netsurion gives you a good deal compared to the other vendors.