The dashboards in Securonix Next-Gen SIEM need more customization and informational capabilities. The reporting features also require improvements. Additionally, the multi-tenancy functionality should be enhanced to allow individual consoles for different customers, which is currently a limitation. This feedback has been given to Securonix for future improvements.
Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities. Other products have machine learning and AI algorithms that can trigger alerts automatically. This is a key feature that Securonix Next-Gen SIEM needs to be improved.
Customers may plan their next year's budget. If customers find that they haven't derived value from the solution, they might think about the prices, and then they would reevaluate the solution, after which they choose another solution. The technical support of the solution is an area with shortcomings and needs improvement. My customers didn't face any issues regarding support from the solution's vendor, but it could be from the partner or from those providing support for the solution. Support could be more flexible, and they can delegate the support part of their operations to partners.
Sr.Vice President & Head - Global Cybersecurity Business at Tech Mahindra Limited
Real User
Top 10
2023-07-11T13:45:41Z
Jul 11, 2023
The solution could provide more automation. There should be proactive creation of use cases specific to particular hospitals. What we get out of the box is not necessarily good enough. We have to build the use cases as a service provider. There's room to improve the use cases provided by Securonix.
Security Developer at a tech consulting company with 201-500 employees
Real User
Top 20
2022-12-13T11:49:00Z
Dec 13, 2022
It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail.
Cyber Intelligence Supervisor at a tech services company with 201-500 employees
Real User
2022-09-29T10:15:00Z
Sep 29, 2022
The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static. Also, the Autonomous Threat Sweeper is very enriching but, that being said, the threat detection report lacks a little context. The feature to sweep autonomously is good. The way they could improve the ATS would be to use more awareness and communication with the user. They don't give us much detail in the threat detection report. It would be very helpful if they explained the impact to us.
We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform.
Head of Cybersecurity at a tech services company with 11-50 employees
Real User
2022-09-29T06:58:00Z
Sep 29, 2022
Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence databases that they use. The idea is that they share what threats they are detecting.
Sometimes, the injectors lag and are not loading. It would be nice if that could be improved. Securonix Next-Gen SIEM is good for helping us ingest all our log sources when investigating threats. However, there is a glitch where we can't get it up and running. They are working on this issue, which is good.
Senior Security Consultant at LTI - Larsen & Toubro Infotech
Consultant
2022-09-04T07:48:00Z
Sep 4, 2022
Sometimes, there is instability in the data in terms of the customization of the time. They should work on stability on tool. However 6.4 jupiter version is much more stable.
Cyber Security - Consultant at LTI - Larsen & Toubro Infotech
Consultant
2022-08-30T10:51:00Z
Aug 30, 2022
It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process.
Cyber Security Consultant at LTI - Larsen & Toubro Infotech
Consultant
2022-08-28T01:21:00Z
Aug 28, 2022
Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source. That should be updated on a regular basis. In some of the policies, the geographical location for a single IP is from a specific country, but the IP doesn't match. For instance, if the log is from China, the actual location of that IP will be from somewhere else, not China.
SOC Leader at a tech consulting company with 51-200 employees
Real User
2022-07-31T01:52:00Z
Jul 31, 2022
The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.
It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud.
Cyber Security Analyst at a retailer with 10,001+ employees
Real User
2022-07-25T12:13:00Z
Jul 25, 2022
When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated.
Lead Security Engineer at a tech services company with 1-10 employees
Reseller
2021-10-12T17:10:00Z
Oct 12, 2021
The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product. I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time. It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
2021-04-16T10:28:32Z
Apr 16, 2021
We thought they were going to be a great product, however, they're actually not great at all as an MSP. The integration is very bad. The initial setup failed in both use cases. The technical support is terrible and completely unhelpful. The product itself needs a lot of work; it's very immature. The stability isn't great.
Securonix Next-Gen SIEM is a security information and event management solution designed to provide advanced threat detection, response, and compliance capabilities. It leverages machine learning and big data analytics to offer a comprehensive security platform for modern enterprises.
Securonix Next-Gen SIEM utilizes advanced analytics and machine learning to detect complex threats that traditional SIEM solutions might miss. Its architecture is built on Hadoop, enabling scalability and the...
The dashboards in Securonix Next-Gen SIEM need more customization and informational capabilities. The reporting features also require improvements. Additionally, the multi-tenancy functionality should be enhanced to allow individual consoles for different customers, which is currently a limitation. This feedback has been given to Securonix for future improvements.
Securonix Next-Gen SIEM's deployment is complex and you need a team to do it.
Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities. Other products have machine learning and AI algorithms that can trigger alerts automatically. This is a key feature that Securonix Next-Gen SIEM needs to be improved.
Customers may plan their next year's budget. If customers find that they haven't derived value from the solution, they might think about the prices, and then they would reevaluate the solution, after which they choose another solution. The technical support of the solution is an area with shortcomings and needs improvement. My customers didn't face any issues regarding support from the solution's vendor, but it could be from the partner or from those providing support for the solution. Support could be more flexible, and they can delegate the support part of their operations to partners.
The solution could provide more automation. There should be proactive creation of use cases specific to particular hospitals. What we get out of the box is not necessarily good enough. We have to build the use cases as a service provider. There's room to improve the use cases provided by Securonix.
It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail.
The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static. Also, the Autonomous Threat Sweeper is very enriching but, that being said, the threat detection report lacks a little context. The feature to sweep autonomously is good. The way they could improve the ATS would be to use more awareness and communication with the user. They don't give us much detail in the threat detection report. It would be very helpful if they explained the impact to us.
We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform.
Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence databases that they use. The idea is that they share what threats they are detecting.
Sometimes, the injectors lag and are not loading. It would be nice if that could be improved. Securonix Next-Gen SIEM is good for helping us ingest all our log sources when investigating threats. However, there is a glitch where we can't get it up and running. They are working on this issue, which is good.
Sometimes, there is instability in the data in terms of the customization of the time. They should work on stability on tool. However 6.4 jupiter version is much more stable.
It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process.
Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source. That should be updated on a regular basis. In some of the policies, the geographical location for a single IP is from a specific country, but the IP doesn't match. For instance, if the log is from China, the actual location of that IP will be from somewhere else, not China.
The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.
It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud.
When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated.
The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product. I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time. It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.
We would like to see better integration with other products.
We thought they were going to be a great product, however, they're actually not great at all as an MSP. The integration is very bad. The initial setup failed in both use cases. The technical support is terrible and completely unhelpful. The product itself needs a lot of work; it's very immature. The stability isn't great.