Flexible with good incident response and helps with eliminating false positivesA SEIM is an SIEM. They all do the same thing. What's valuable about the Netsurion Managed XDR product is the analysis that it brings to the table. They do a really good job of filtering out; it generates a tremendous amount of data. They filter out what's needed and give me what I need to pay attention to. That's hard to do in a lot of the other products. The product provides us with a flexible solution that helps protect our entire IT environment. I only take advantage of it on the server side. I don't need it for my desktops, however, certainly, they offer that. Overall, it is quite flexible as evidenced by the fact that when it's first tuned, you get a large amount of data, and they're able to fine-tune that over time. To me, that's really important. We operate with their SOC. They are really nice guys. Great to work with. In terms of the SOC when it comes to alert monitoring and threat hunting, they do a great job. The fact that they're able to tune it for me over time and build a relationship is helpful. Some of those guys have been there for ten years. Is really important to us. They know what's valuable to us and what we want to see. We have the SOC provide a regular meeting. It's quarterly. We all get together, and I let my engineers do it over the phone. They'll let us know: "We're seeing this. This isn't important." They voluntarily call things to our attention and so on. It's a real value add working with them. The SOC is helpful for eliminating false positives. It filters out unneeded and unnecessary alerts and calls my attention to what's really important and what I need to pay attention to. Expediting incident response is really great. What's really nice is I haven't had to use it. So I don't have any examples. That said, they're really quick to respond. Again, that comes back to the SOC. They're there all the time. So they are looking at our stuff 24/7. We pay for that, yet it's a really valuable aspect of the service. Using the SOC affected our ability to focus on, for example, any other tasks. They've taken a whole bunch of work off my team and made it easier for them to do other important aspects of what we do every day in our bank. Monitoring helped to boost your SecOps productivity. It's decreasing the tedious SecOps management tasks. The time it's saved us per week is an FTE equivalent or more. That's easily 40 to 60 hours a week. It's saving my team. There's no doubt in my mind. It's probably more than that, however, I could confidently say it's 40 to 60 hours a week. The product has reduced the time to detection in my estimation. I haven't had any, however, it's clear to me that they would help. When we have had something that's been sort of fishy, they definitely chime in, and we get a notification from them almost immediately.
