Corporate Vice President | Deputy Chief Information Security Officer at NCR Voyix
Real User
Top 20
2024-07-01T11:42:00Z
Jul 1, 2024
Sometimes, something may not install right; however, whenever we have challenges, they are very solution-oriented and ready to figure things out. While my understanding is that they're working on this, I would like to see some more of the quantification or reporting. They're working on better detecting the impact they're having and what they're working on. That's an area they should continue to focus on. Having those metrics will be valuable. They just need to continue to be focused on Open MDR, and on being open to many tools and being broadly compatible across tool sets if possible. That's unique, and it is a differentiator in the marketplace.
Head of Cybersecurity at a sports company with 501-1,000 employees
Real User
Top 20
2023-05-16T18:39:00Z
May 16, 2023
It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test. If that entire account team was managed together, that might make it a little bit easier. It's because they are two separate companies that there's any difficulty whatsoever.
IT VP at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
2023-05-12T12:48:00Z
May 12, 2023
We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement.
Senior Manager, Cybersecurity at a energy/utilities company with 501-1,000 employees
Real User
Top 20
2023-04-28T19:05:00Z
Apr 28, 2023
Historically, Binary Defense MDR did not have a strong ability to integrate with other applications or solutions. However, they are currently undergoing a transformation driven by previous issues, where there was a need for capabilities to streamline operations. As a result, they are in the process of implementing additional solutions that will enable integrations with other platforms and applications. The current reporting system could benefit from improvement. It would be helpful to have regular reports that provide value and clearly demonstrate the team's accomplishments over the past month. This should include information on resolved issues, metrics, and any additional details that highlight the team's contributions.
AVP, IT Security Compliance and Audit/Information Security Officer at Western Reserve Group
Real User
Top 10
2023-04-24T19:49:00Z
Apr 24, 2023
This is my third SOC. I have never had anybody react as well. So, it's hard for me to provide something that they could do better because I'm really happy with them. I just signed another three-year contract with them. I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine. Consistent staffing is the only challenge they have because when you're hiring level-one analysts, you go through them pretty quickly. You'll probably hire them at 50K or 55K, and after they do it for a year, they find out they can make 85K somewhere else, and they bounce. So, their turnover is a little high, but that's it.
IT Security Manager at a wholesaler/distributor with 1,001-5,000 employees
Real User
Top 20
2023-03-21T16:16:00Z
Mar 21, 2023
Their integration with other applications and tools is not something I would call a complaint, but it is something they need to work on. In my experience, a lot of our integrations are done through APIs. A lot of what I've seen so far from Binary Defense—not all of it—seems to be beta integrations. For example, their Duo and Proofpoint integrations aren't really what I would call ready for production. They have probably been working with those vendors to work out the kinks, but they're really not 100 percent production ready. And while there isn't really anything valuable we would get from Duo from a reporting standpoint, sometimes Proofpoint's SIEM tool or SOC can see something that might be valuable. We already get alerts from Proofpoint, so it's not a "make or break", but I have given this feedback to Binary Defense: This is something that should go the API route. Their Microsoft integrations are top-notch and they do some third-party stuff really well for log ingestion, but I would like to see Binary Defense's development team change over to an API connection, versus how they do it today. Also, if I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today. We offset that with another product, but that should be part of their product offering. I've given this feedback to our account manager too. Another point is that maybe they should have their own SIEM offering. Today, they offer AT&T's AlienVault, which is a good product in its own right, but it's not something that they offer directly from themselves. It's the same thing with Azure Sentinel. They just started offering that as a product you can buy as part of their service, but it's not their own SIEM. I would be interested in seeing them build out their own SIEM and offering that as a product you could buy. That would be very valuable to their customers because they would not have to rely on their folks learning another system.
Senior Information Security Analyst at a manufacturing company with 10,001+ employees
Real User
Top 10
2023-02-22T19:10:00Z
Feb 22, 2023
The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English.
Binary Defense provides a Managed Detection and Response service using an Open XDR strategy that detects and isolates threats early in the attack lifecycle. Expert security analysts in the Binary Defense Security Operations Center leverage an attacker’s mindset, monitoring your environments for security events 24x7x365 and acting as an extension of your security teams. When a security event occurs, Binary Defense analysts triage, disposition, and prioritize the event. Analysts conduct...
Sometimes, something may not install right; however, whenever we have challenges, they are very solution-oriented and ready to figure things out. While my understanding is that they're working on this, I would like to see some more of the quantification or reporting. They're working on better detecting the impact they're having and what they're working on. That's an area they should continue to focus on. Having those metrics will be valuable. They just need to continue to be focused on Open MDR, and on being open to many tools and being broadly compatible across tool sets if possible. That's unique, and it is a differentiator in the marketplace.
The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements.
In terms of improvement, Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine.
It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR.
It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test. If that entire account team was managed together, that might make it a little bit easier. It's because they are two separate companies that there's any difficulty whatsoever.
We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement.
Historically, Binary Defense MDR did not have a strong ability to integrate with other applications or solutions. However, they are currently undergoing a transformation driven by previous issues, where there was a need for capabilities to streamline operations. As a result, they are in the process of implementing additional solutions that will enable integrations with other platforms and applications. The current reporting system could benefit from improvement. It would be helpful to have regular reports that provide value and clearly demonstrate the team's accomplishments over the past month. This should include information on resolved issues, metrics, and any additional details that highlight the team's contributions.
This is my third SOC. I have never had anybody react as well. So, it's hard for me to provide something that they could do better because I'm really happy with them. I just signed another three-year contract with them. I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine. Consistent staffing is the only challenge they have because when you're hiring level-one analysts, you go through them pretty quickly. You'll probably hire them at 50K or 55K, and after they do it for a year, they find out they can make 85K somewhere else, and they bounce. So, their turnover is a little high, but that's it.
Their integration with other applications and tools is not something I would call a complaint, but it is something they need to work on. In my experience, a lot of our integrations are done through APIs. A lot of what I've seen so far from Binary Defense—not all of it—seems to be beta integrations. For example, their Duo and Proofpoint integrations aren't really what I would call ready for production. They have probably been working with those vendors to work out the kinks, but they're really not 100 percent production ready. And while there isn't really anything valuable we would get from Duo from a reporting standpoint, sometimes Proofpoint's SIEM tool or SOC can see something that might be valuable. We already get alerts from Proofpoint, so it's not a "make or break", but I have given this feedback to Binary Defense: This is something that should go the API route. Their Microsoft integrations are top-notch and they do some third-party stuff really well for log ingestion, but I would like to see Binary Defense's development team change over to an API connection, versus how they do it today. Also, if I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today. We offset that with another product, but that should be part of their product offering. I've given this feedback to our account manager too. Another point is that maybe they should have their own SIEM offering. Today, they offer AT&T's AlienVault, which is a good product in its own right, but it's not something that they offer directly from themselves. It's the same thing with Azure Sentinel. They just started offering that as a product you can buy as part of their service, but it's not their own SIEM. I would be interested in seeing them build out their own SIEM and offering that as a product you could buy. That would be very valuable to their customers because they would not have to rely on their folks learning another system.
The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English.