Google Security Operations Reviews

I'm working with Google Security Operations. There is a product called Chronicle SecOps, which is a SOC tool and a SIEM tool by Google. It is comparable to QRadar or Splunk.

The valuable parts of Google Security Operations include how easy it is to write parsers or detection rules, and it is well-advanced in the analytical part. The SOAR component is simplified and very good compared to other tools. From a costing perspective, it is good, and it provides easy understanding combined with more advanced features. It helps in many ways, such as writing detections or building SOAR playbooks. I can say it is not a typical robust style, but it is easy to adapt for any compliance perspective.

One improvement I am looking for is silent log source monitoring. If some feed or some host went offline or was not pulling any logs into Google Security Operations, I would want better visibility. Silent host monitoring would make a significant difference because it is very hard to track which host went down, and there are many false positives as a result.

I think there is a lot of room for scalability improvements, particularly in the integration of third-party applications. Currently, I have to write a script and use a cloud run function to pull logs. If there were direct ingestion by simply providing an API key and some sort of client certificate, it would be much easier.

I have been using this solution for almost one year.

I have not observed any stability issues with Google Security Operations, which I would rate at ten.

There are scalability considerations. It is medium, I think. It depends on the ingestion rate, which varies from company to company. If a small-scale company has the lowest ingestion rate, it will not consume much data or much storage.

I can give customer service a rating of six because it is very hard sometimes to keep up with the support. There are many middlemen involved. When I raise a concern, a separate team takes it to Google, they check with the right engineers, and then come back to me.

I am not currently using Qualys because I have shifted to another company.

There are no issues with the solution and it is simple. I give this review a rating of ten.

Google Security Operations is the main tool that my clients use for the security operations of their companies.

In my opinion, the most useful features in Google Security Operations are threat detection and threat hunting. SIEM and SOAR features are also available. Google behavior analytics for threat identification is one of the powerful models that Google offers, and it is definitely working fine.

A potential area of improvement for Google Security Operations could be cost. I think Google has already started developing AI SOC and Agentic SOC, so I do not have any other suggestions for improvement because whatever needs improvement, they are already working on that right now.

I have been working with Google Security Operations for four years.

For stability, I would give Google Security Operations a nine out of ten.

Scalability is also a nine.

My mark for technical support from Google is ten because they are really fast.

Currently, we are not with OpsRamp; we are with Google now.

The initial setup for Google Security Operations is simple.

My company is a partner with Google, not a reseller.

Google Security Operations provides faster response to threats and better insights to fix them.

In my opinion, the main competitors for Google Security Operations currently are Splunk and Azure Sentinel.

Your feedback was really valuable for a vendor. I am totally working with Google solutions and Google Security Operations. Faster response to threats is a main benefit. Google Security Operations helps meet all the important regulatory compliance across all verticals. Google is the best option for me, which is why we partnered with them. I am not involved in the license purchase process as we have a team for that. My overall review rating for Google Security Operations is nine out of ten.

I use Google SecOps for threat detection and hunting. It is primarily used for monitoring threats in real-time, and Google SecOps allows us to manage threats efficiently. When integrated with Mandiant, it enhances real-time threat detection capabilities.

Google SecOps is extremely useful for threat detection and hunting. It provides a detailed pipeline for detection and is beneficial for real-time threat monitoring when integrated with Mandiant. 

The tool's integration capabilities are effective, and it helps in managing alarms for normal threats efficiently. 

Overall, Google SecOps is a very useful service for security operations.

The main improvement could be in the accuracy and detail provided in threat descriptions. Google SecOps reports could be more detailed, similar to the comprehensive descriptions provided by Microsoft Sentinel, which offers professional and detailed threat information.

I have been using Google SecOps for one year.

I have not faced any stability-wise issues with Google SecOps.

Microsoft Sentinel is better than Google SecOps for threat detection and hunting, especially when managing both Azure and GCP environments. However, Microsoft Sentinel does not support GCP.

The initial setup of Google SecOps was not challenging. It has a good detection pipeline, and everything was done efficiently, with no challenges.

I have not conducted a specific ROI calculation or comparison, however, Microsoft Sentinel is considered better for threat detection and hunting.

The pricing for Google SecOps and Microsoft Sentinel is almost the same, with no significant differences.

Microsoft Sentinel is an alternate solution that I evaluated.

I would rate Google SecOps as ten out of ten. 

There are occasional false positives. Still, overall, it is a very useful tool. For my needs, it is better than competitors when working solely in the GCP environment.

Chronicle SOAR (formerly Siemplify) is a core component of our SOC capabilities. 

We leverage the platform for orchestrating alerts and security events from different security tools and sources throughout client environments. 

We use it for automating responses and enrichments, and to improve security for all of our SOC Managed Extended Detection and Response (MxDR) clients based on analysis done for any of our other SOC MDR clients. 

We use it to facilitate workflows for alert triage and investigation. 

Finally, we use it for helping manage reporting and ticketing for our SOC MxDR client environments.

I'm very fortunate to have had the opportunity to work in a lot of different roles in my time in the industry. I've worked as an Electronic Forensics Engineer as an Airman for the Dept. of Defense (DoD), Change Manager and System Administrator for the DoD as a civilian contractor, IT Director in the healthcare industry, and as a Consultant, IR Lead, and SOC Director for my current company. 

One of the coolest things about my experiences is that I've gotten to test out and play with a lot of different tools and platforms in these different roles. Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Chronicle SOAR. Chronicle SOAR and the Chronicle SOAR Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients.

There are so many incredible features in the Chronicle SOAR platform that it's difficult to narrow down the list, however, if I had to choose, I would say that the most valuable features are the playbook builder and the integrations. The playbook builder allows us to establish workflows for the various case types that our analysts encounter within the SOC. These can be as granular or as high level as they need to be depending upon our business objectives and alert priorities. In turn, the tremendous number of integrations in the marketplace and the IDE (to custom-develop new integrations) are what make the playbooks as powerful as they are. Together, the integrations and playbooks make it simple to integrate powerful new capabilities and workflows.

Overall, I've been more than satisfied with Chronicle SOAR, the Chronicle SOAR community, and Chronicle SOAR support. There are, of course, improvements and new features that we'd love to see, however, it's hard to keep an accurate list as Siemplify keeps making tremendous progress. 

For example, I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have road mapped for release soon.

I've been using the solution for 2.5 years.

The platform is stable and has an excellent community of users and official support.

Chronicle SOAR makes scalability possible!

Customer support is prompt, professional, and sensitive to the needs of clients.

Positive

We switched from a competing SOAR platform due to the fact that its integrations capabilities were not as robust or well-supported.

There are many different ways to deploy Chronicle SOAR, either on-prem or in the cloud. They do a great job of clearly explaining how to deploy.

We handled the implementation in-house with excellent vendor support.

It's difficult to compete with the price of their free community version if you're looking to explore the capabilities of the platform, however, we ended up saving money with significantly improved capabilities compared to our existing solution.

We explored other SOAR platforms as well as looked for ways to improve our existing solution.

I'd just like to emphasize again that this is, by far, the best vendor I've ever had the pleasure of working with in my decades of IT and Cybersecurity career.

Siemplify has streamlined various tasks such as configuring playbooks, integrations, and running reports. It helps automate security incident response processes through configuration setup and provides tools for fluid management. Siemplify, now part of Google Clinical SecOps, primarily focuses on security orchestration, automation, and response. It automates specific workflows, integrates with other systems like ITSMs, and facilitates ticket creation or email alerts for security events.

The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements.                 

We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data.

I have used Siemplify for one and a half years. 

As for scalability, it's flexible as a cloud service, but there are some limitations to consider. Maintenance is handled by the vendor since it's a software-as-a-service solution. We have around ten to fifteen users across multiple departments and locations. 

The technical support has been excellent.

Positive

The setup process was straightforward, although there were some complexities related to our system environment. The initial deployment took approximately two to three months.

I don't directly assess ROI. It's typically evaluated by our customers based on their experiences with the tool.

Absolutely, I would recommend it. Staying connected with the community can provide valuable insights into the tool's capabilities and best practices. I would rate it a nine.

We use Siemplify for over 20 use cases.

The most valuable feature of Siemplify is the playbooks that can be created.

Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made.

I have been using Siemplify for less than one year.

I rate the stability of Siemplify an eight out of ten.

The marketplace the vendor has is good but could improve to have more integration connectors and custom settings.

I rate the scalability of Siemplify an eight out of ten.

My advice to others is there are plenty of features that you should know about. Additionally, when it comes to integrations, it's important to know what kind of data is to be retrieved from third-party solutions.

If someone wants to make simple playbooks this solution is good and I would recommend it. However, if more complex playbooks are needed it can be difficult, such as write queries and multiple API connections.

I rate Siemplify a seven out of ten.