We have created correlation rules. When the condition matches, we get the alerts. We start analyzing the alerts and then create tickets for it in ServiceNow. We have also created dashboards in Securonix. If any breaches of data or unpredictable work is detected, it will show in the dashboard.
We use Securonix Next-Gen SIEM primarily for managed SOC, focusing on threat detection, baselining, and ensuring the maturity of our SOC security operations. It is integrated with threat intelligence and utilizes frameworks like MITRE ATT&CK and the Cyber Kill Chain. The solution helps in threat detection, especially with use cases like brute force attacks, port scans (both horizontal and vertical), other insider threat activities, Privileged access abuse, Ransomware detection and Data exfiltration prevention. We also customize and fine-tune these use cases based on our requirements.
We use Securonix Next-Gen SIEM to provide managed security services. We have an MSSP delivery model using the Securonix asset platform tool that delivers the solution to multiple customers using their multi-tenant approach. It is a shared service delivery model, and we have close to five customers using the tool in our MSSP model.
Sr.Vice President & Head - Global Cybersecurity Business at Tech Mahindra Limited
Real User
Top 10
2023-07-11T13:45:41Z
Jul 11, 2023
We use it for user behavior analytics in a hospital. Consider patient health information. We use the product to understand where the information is, who's using it, who's accessing it, whether the access is authorized or unauthorized, and whether there is a possible risk of someone stealing that data. There are many such use cases. Additionally, we can find who's accessing the data at a particular time in the hospital network. It is flagged as a potential risk if it is an unlikely behavior. When unauthorized access is made, an investigation is launched. There are similar use cases of Securonix that we built in hospitals in the US over the last six or seven years.
Head of Cybersecurity at a tech services company with 11-50 employees
Real User
2022-09-29T06:58:00Z
Sep 29, 2022
We have customized the uses of the platform for our benefit. In general, we use it for failed access attempts, network issues, and allowed/blocked, and we have use cases for platforms such as Windows Server. We are a service company and partners of various vendors. We provide support to customers. Our strategy is that each piece of equipment sold to customers comes with value-added service, and Securonix protects our customers.
Senior Security Consultant at LTI - Larsen & Toubro Infotech
Consultant
2022-09-04T07:48:00Z
Sep 4, 2022
Securonix or SNYPR is a UEBA tool. It has all the features. It can work as a traditional SIEM as well as do behavior-based analysis. In terms of deployment, it is on the cloud. It is hosted with Securonix. We are using it as a service, however i have worked on premise deployements as well.
Cyber Security Consultant at LTI - Larsen & Toubro Infotech
Consultant
2022-08-28T01:21:00Z
Aug 28, 2022
We mainly use Securonix for SIEM software architecture and for logs. We generate all the logs from different APIs and firewalls. We also have created other policies. Securonix is the primary tool we use to get everything done for our projects and architecture. We even use it for other solutions like AD. Primarily, I work on violations and policies, not the backend. As an analyst, I work on SIEM. The solution is deployed on a private cloud. It is deployed with Microsoft Azure. Everyone has access to SIEM, but they don't have admin access. We mainly have three people and a team lead on the Azure Securonix team. I am the backup and work on the operational side of that team. Everyone has read-only access except the three team members.
Cyber Security Analyst at a retailer with 10,001+ employees
Real User
2022-07-25T12:13:00Z
Jul 25, 2022
We were using it for data loss prevention and data acceleration. We wanted a platform with a proper ticketing facility, and as and when we reviewed a user, we also needed a proper documentation setup. Securonix provided that. We were able to integrate playbooks and a lot of other modules so that we not only looked at a particular problem area but also at other factors. We didn't only want to look at exfiltration but also at any lateral movement inside the company by a user. We wanted to look at the outliers in a better way, not only in terms of a user's activity but also in relation to the peer activity to show that it is not a team; it is just a team member doing something wrong. We most probably were using version 6.0.
Lead Security Engineer at a tech services company with 1-10 employees
Reseller
2021-10-12T17:10:00Z
Oct 12, 2021
We are using it for Azure logins outside of US and Azure brute force use cases. We have use cases for our firewalls, like Palo Alto. These are use cases that we created ourselves. These are not the use cases out-of-the-box that Securonix provided us.
I work for Avalara. It's a tax technology company based in Seattle with offices all across the world: North Durham, California, Sao Paulo Brazil, Brighton UK, Pune India, and we are expanding right now. We have a list of use cases, like brute force attacks. Our top executive team wanted to see — whenever we are under a serious attack — on their dashboard that the attack is happening, so that the corrective measures can be taken. That is the primary use case: to have that transparency for a number of security use cases like brute force, phishing, and others, and for our executives and our team to see that attack is happening so that we can counter-measure it and save our company from any data exposure or any security incident.
VP Engineering at a financial services firm with 501-1,000 employees
Real User
2020-03-18T08:00:00Z
Mar 18, 2020
Securonix is a SIEM solution for us. In our deployment, it's a software as a service model, so it's a hosted solution. We are feeding several log sources to it and correlating logs, searching, building alerts. It's our primary tool for analyzing logs and alerts for our entire environment.
In our organization, we handle cybersecurity. As an IT services company, we are limited to setting up the security operations center in different forms for our customers' requirements. We are in the business of setting up the security operation center for the customers and we also provide other stock services for many of the customers. We do have a lot of service offerings on our stock management platform. We do MDR via cloud security and its monitoring services, so we are very familiar with the leading platforms in the market today like QRadar and Splunk. We use them in our environment today. I have been searching out the next-gen SIEM. Then I brought Securonix to my board. I came to learn that Securonix is leading in the innovative ideas and innovations on the SIEM platform side. Particularly because my role is a security practice in Veeam SM. If you evaluate the market trends you understand the products released into the market and how best to leverage that integration and make sure that there is no bounce back to the customer in these situations. That's why I started evaluating the Securonix in a typical lead evaluation. We are not partnered, we have just done a couple of initial discussions with some of the folks here in India. We are still in the stage of evaluating these products, including Securonix. I noticed that this is more on the open data platform when it comes to managing the locks from a different angle and for different assets. That's one area which is more interesting for us. Compared to other competitors in the market, what I have seen is that their module is the UEBA, User and Entity Behavior Analytics, module. That is something different which they are offering today. These are some of the differences I see. Additionally, is the pricing issue. They are moving from DB pricing to the identity-based pricing. But I'm still confused about that identity pricing. I still have to get more clarification from the products.
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
Real User
2019-08-05T06:24:00Z
Aug 5, 2019
Our primary use case is privileged-account monitoring. We wanted the ability to monitor what privileged accounts do, what time of day they typically log in, what machines they log in from, what type of configuration changes they make, etc. We're using the SNYPR Cloud UEBA.
Leader - Investigations, Insider Threat at a tech services company with 5,001-10,000 employees
Real User
2019-05-26T06:53:00Z
May 26, 2019
Data loss protection and account misuse are our primary use cases. We're utilizing it to help identify and correlate user behavior to identify potential data loss as well as to detect certain types of fraud.
Our primary goal is insider trespass. We have also been using the product for account privilege misuse as well as intellectual property and data theft. Going into the cloud, we have expanded our scope to cloud applications. We never supported the cloud but now that we are using SaaS we've been able to cover cloud applications and cloud infrastructure. That use case is picking up a lot of speed. But, traditionally, it's been used for insider threat and account misuse.
IT Project Manager at a manufacturing company with 10,001+ employees
Real User
2019-05-15T05:16:00Z
May 15, 2019
We use the solution for protection of engineering intellectual property. We currently look at engineering data in two systems, one a commercial system and one which is a homegrown system.
Securonix Next-Gen SIEM is a security information and event management solution designed to provide advanced threat detection, response, and compliance capabilities. It leverages machine learning and big data analytics to offer a comprehensive security platform for modern enterprises.
Securonix Next-Gen SIEM utilizes advanced analytics and machine learning to detect complex threats that traditional SIEM solutions might miss. Its architecture is built on Hadoop, enabling scalability and the...
We use Securonix Next-Gen SIEM as a SIEM, security incident and event management solution in our organization.
We have created correlation rules. When the condition matches, we get the alerts. We start analyzing the alerts and then create tickets for it in ServiceNow. We have also created dashboards in Securonix. If any breaches of data or unpredictable work is detected, it will show in the dashboard.
We use Securonix Next-Gen SIEM primarily for managed SOC, focusing on threat detection, baselining, and ensuring the maturity of our SOC security operations. It is integrated with threat intelligence and utilizes frameworks like MITRE ATT&CK and the Cyber Kill Chain. The solution helps in threat detection, especially with use cases like brute force attacks, port scans (both horizontal and vertical), other insider threat activities, Privileged access abuse, Ransomware detection and Data exfiltration prevention. We also customize and fine-tune these use cases based on our requirements.
My use cases relate to SIEM.
We use Securonix Next-Gen SIEM to provide managed security services. We have an MSSP delivery model using the Securonix asset platform tool that delivers the solution to multiple customers using their multi-tenant approach. It is a shared service delivery model, and we have close to five customers using the tool in our MSSP model.
Our company does manage a stock of solutions for our customers. We use some tools like Splunk SIEM and some other technologies as well.
We use it for user behavior analytics in a hospital. Consider patient health information. We use the product to understand where the information is, who's using it, who's accessing it, whether the access is authorized or unauthorized, and whether there is a possible risk of someone stealing that data. There are many such use cases. Additionally, we can find who's accessing the data at a particular time in the hospital network. It is flagged as a potential risk if it is an unlikely behavior. When unauthorized access is made, an investigation is launched. There are similar use cases of Securonix that we built in hospitals in the US over the last six or seven years.
We have customized the uses of the platform for our benefit. In general, we use it for failed access attempts, network issues, and allowed/blocked, and we have use cases for platforms such as Windows Server. We are a service company and partners of various vendors. We provide support to customers. Our strategy is that each piece of equipment sold to customers comes with value-added service, and Securonix protects our customers.
It is a good tool. My company uses it for all our SIEM projects.
Securonix or SNYPR is a UEBA tool. It has all the features. It can work as a traditional SIEM as well as do behavior-based analysis. In terms of deployment, it is on the cloud. It is hosted with Securonix. We are using it as a service, however i have worked on premise deployements as well.
We mainly use Securonix for SIEM software architecture and for logs. We generate all the logs from different APIs and firewalls. We also have created other policies. Securonix is the primary tool we use to get everything done for our projects and architecture. We even use it for other solutions like AD. Primarily, I work on violations and policies, not the backend. As an analyst, I work on SIEM. The solution is deployed on a private cloud. It is deployed with Microsoft Azure. Everyone has access to SIEM, but they don't have admin access. We mainly have three people and a team lead on the Azure Securonix team. I am the backup and work on the operational side of that team. Everyone has read-only access except the three team members.
We were using it for data loss prevention and data acceleration. We wanted a platform with a proper ticketing facility, and as and when we reviewed a user, we also needed a proper documentation setup. Securonix provided that. We were able to integrate playbooks and a lot of other modules so that we not only looked at a particular problem area but also at other factors. We didn't only want to look at exfiltration but also at any lateral movement inside the company by a user. We wanted to look at the outliers in a better way, not only in terms of a user's activity but also in relation to the peer activity to show that it is not a team; it is just a team member doing something wrong. We most probably were using version 6.0.
We are using it for Azure logins outside of US and Azure brute force use cases. We have use cases for our firewalls, like Palo Alto. These are use cases that we created ourselves. These are not the use cases out-of-the-box that Securonix provided us.
We are a services company, so we provide services for our clients' companies.
It was supposed to be good for security to provide as a SOC-as-a-Service, however, it failed.
I work for Avalara. It's a tax technology company based in Seattle with offices all across the world: North Durham, California, Sao Paulo Brazil, Brighton UK, Pune India, and we are expanding right now. We have a list of use cases, like brute force attacks. Our top executive team wanted to see — whenever we are under a serious attack — on their dashboard that the attack is happening, so that the corrective measures can be taken. That is the primary use case: to have that transparency for a number of security use cases like brute force, phishing, and others, and for our executives and our team to see that attack is happening so that we can counter-measure it and save our company from any data exposure or any security incident.
Securonix is a SIEM solution for us. In our deployment, it's a software as a service model, so it's a hosted solution. We are feeding several log sources to it and correlating logs, searching, building alerts. It's our primary tool for analyzing logs and alerts for our entire environment.
In our organization, we handle cybersecurity. As an IT services company, we are limited to setting up the security operations center in different forms for our customers' requirements. We are in the business of setting up the security operation center for the customers and we also provide other stock services for many of the customers. We do have a lot of service offerings on our stock management platform. We do MDR via cloud security and its monitoring services, so we are very familiar with the leading platforms in the market today like QRadar and Splunk. We use them in our environment today. I have been searching out the next-gen SIEM. Then I brought Securonix to my board. I came to learn that Securonix is leading in the innovative ideas and innovations on the SIEM platform side. Particularly because my role is a security practice in Veeam SM. If you evaluate the market trends you understand the products released into the market and how best to leverage that integration and make sure that there is no bounce back to the customer in these situations. That's why I started evaluating the Securonix in a typical lead evaluation. We are not partnered, we have just done a couple of initial discussions with some of the folks here in India. We are still in the stage of evaluating these products, including Securonix. I noticed that this is more on the open data platform when it comes to managing the locks from a different angle and for different assets. That's one area which is more interesting for us. Compared to other competitors in the market, what I have seen is that their module is the UEBA, User and Entity Behavior Analytics, module. That is something different which they are offering today. These are some of the differences I see. Additionally, is the pricing issue. They are moving from DB pricing to the identity-based pricing. But I'm still confused about that identity pricing. I still have to get more clarification from the products.
We use it for information security.
Our primary use case is privileged-account monitoring. We wanted the ability to monitor what privileged accounts do, what time of day they typically log in, what machines they log in from, what type of configuration changes they make, etc. We're using the SNYPR Cloud UEBA.
Our primary use case is monitoring attacks on our cloud environment.
Data loss protection and account misuse are our primary use cases. We're utilizing it to help identify and correlate user behavior to identify potential data loss as well as to detect certain types of fraud.
I run the intellectual property protection shop for the company and our primary use case is to monitor for DLP.
Our primary goal is insider trespass. We have also been using the product for account privilege misuse as well as intellectual property and data theft. Going into the cloud, we have expanded our scope to cloud applications. We never supported the cloud but now that we are using SaaS we've been able to cover cloud applications and cloud infrastructure. That use case is picking up a lot of speed. But, traditionally, it's been used for insider threat and account misuse.
We use the solution for protection of engineering intellectual property. We currently look at engineering data in two systems, one a commercial system and one which is a homegrown system.