The integration would look better with other products, with other EDRs, with other firewalls, with other older versions of firewalls, and the versions of software and hardware. Then, basically, it's compatibility. For example, having an old infrastructure and deploying SecureWorks can sometimes be a hassle. So, that's an area of improvement.
IT Manager at a comms service provider with 201-500 employees
Real User
Top 10
2023-09-08T13:38:10Z
Sep 8, 2023
The deployment could definitely be improved. We still have some of the RedCloak agents. They don't have a remote-controlled uninstall. You have to manually connect to every machine to remove it. Taegis, that's not an issue with Taegis. Taegis actually does work that way. You can remove it. We push it out from Intune. But the RedCloak has tied it even after supposedly running the uninstall; it's still there. In future releases, if Taegis could come with bundled AV. It would be a great feature, which was actually one of the reasons why we moved to CrowdStrike because of the bundled solution.
Account Manager at a computer software company with 51-200 employees
MSP
Top 5
2023-06-21T16:25:15Z
Jun 21, 2023
With SecureWorks, we have an incident retainer. So if there's an event, they bring in people to handle a formal incident, and we have a certain amount of hours we can use. Sometimes, it feels like they're milking the retainer a little bit. They tend to involve people who don't necessarily need to be part of the incident or call it for false positives now and then. It hasn't cost us anything, so it's just a minor issue. We've never exceeded our retainer amount. But, it seems a little bit inefficient sometimes. Secureworks's support integration is really nice. Secureworks's integrations are quite good. So, in future releases, reporting could be a little bit better in terms of what has happened, but we're able to get what we need out of it. It's just that it's not as far along as it could be.
Systems Administrator at a tech services company with 501-1,000 employees
MSP
Top 5
2023-03-09T22:03:29Z
Mar 9, 2023
The integration with the Carbon Black sensor could be better. ManagedXDR doesn't seem to know how to extract the forensic data from an endpoint that was quarantined by Carbon Black.
Solutions Architect at a computer software company with 51-200 employees
MSP
2021-08-13T21:43:00Z
Aug 13, 2021
In terms of what could be improved, I really don't have anything to add to that. The client probably has a perspective on that but I don't. I didn't deal with all aspects, just the set up, implementation and the tuning. But when it gets into what the licensing was and the cost, I wasn't involved, so I don't have any feedback on that.
Learn what your peers think about Secureworks Taegis Managed XDR / MDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured.
Security Consultant at a consultancy with 51-200 employees
Consultant
2020-12-06T14:02:51Z
Dec 6, 2020
The solution could work on its simplicity. Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions. They do provide an engineer for the first few weeks to help you get things implemented, however, there's a lot of bells and whistles with Dell Secureworks. That's a disadvantage for smaller customers. With a lot of the other easier solutions available to smaller customers, you just stick a box in there and set it and forget. With Dell Secureworks it's more hands-on.
Secureworks Taegis Managed XDR is a managed detection and response (MDR) tool that combines security analytics software, 24x7 support, threat hunting, and incident response into a standalone product. In a single dashboard, users can see the whole story of their endpoint, network, and cloud activity, making event correlation simple. XDR operationalizes threat intelligence by automatically connecting our threat landscape knowledge with your security telemetry and regularly updated threat...
The integration would look better with other products, with other EDRs, with other firewalls, with other older versions of firewalls, and the versions of software and hardware. Then, basically, it's compatibility. For example, having an old infrastructure and deploying SecureWorks can sometimes be a hassle. So, that's an area of improvement.
The deployment could definitely be improved. We still have some of the RedCloak agents. They don't have a remote-controlled uninstall. You have to manually connect to every machine to remove it. Taegis, that's not an issue with Taegis. Taegis actually does work that way. You can remove it. We push it out from Intune. But the RedCloak has tied it even after supposedly running the uninstall; it's still there. In future releases, if Taegis could come with bundled AV. It would be a great feature, which was actually one of the reasons why we moved to CrowdStrike because of the bundled solution.
Secureworks Taegis ManagedXDR's query language and stability need improvement. Additionally, its price could be better as well.
With SecureWorks, we have an incident retainer. So if there's an event, they bring in people to handle a formal incident, and we have a certain amount of hours we can use. Sometimes, it feels like they're milking the retainer a little bit. They tend to involve people who don't necessarily need to be part of the incident or call it for false positives now and then. It hasn't cost us anything, so it's just a minor issue. We've never exceeded our retainer amount. But, it seems a little bit inefficient sometimes. Secureworks's support integration is really nice. Secureworks's integrations are quite good. So, in future releases, reporting could be a little bit better in terms of what has happened, but we're able to get what we need out of it. It's just that it's not as far along as it could be.
The integration with the Carbon Black sensor could be better. ManagedXDR doesn't seem to know how to extract the forensic data from an endpoint that was quarantined by Carbon Black.
In terms of what could be improved, I really don't have anything to add to that. The client probably has a perspective on that but I don't. I didn't deal with all aspects, just the set up, implementation and the tuning. But when it gets into what the licensing was and the cost, I wasn't involved, so I don't have any feedback on that.
Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured.
The solution could work on its simplicity. Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions. They do provide an engineer for the first few weeks to help you get things implemented, however, there's a lot of bells and whistles with Dell Secureworks. That's a disadvantage for smaller customers. With a lot of the other easier solutions available to smaller customers, you just stick a box in there and set it and forget. With Dell Secureworks it's more hands-on.