The most valuable features of Netsurion include:
- its threat detection and response capabilities
- visibility into unauthorized downloads and software procurement procedures
- managed vulnerability management and IOC reviews
- actionable threat intelligence
- consolidation of cybersecurity technology
- 24/7 analysis and alerting by the SOC team
- analysis of non-obvious threats
- noise reduction in SIEM
- EDR component for analysis
- remediation for endpoints
- exposure of vulnerabilities and guidance for PCI compliance
- industry-standard MITRE ATT&CK framework for threat identification and understanding
- "They have a number of integrations with different products. Google Workspace is one of them, and Microsoft Azure is another one. They integrate with a number of other things, such as Duo for multi-factor authentication. They can pull the logs from Duo to see if users are coming from bad repeatable IPs or if there are malicious known IPs that may be popping up in the logs. They are able to see that, and they can identify that. Some of the other integrations they do are from inside your network. For firewalls, they can integrate with SonicWall, Cisco, Fortinet, etc. They have a pretty wide variety of things to integrate with and be able to pull the logins from those devices."
- "Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
- "What I like most about Netsurion is the level of visibility and reporting."
Some areas for improvement on Netsurion are:
1. Lack of feedback on options for taking action in response to threats. Users would like to know if it is possible to take specific actions through the SIEM service or agent.
2. Slow response time in notifying users about identified threats. Users would prefer to be informed promptly rather than hours later.
3. Insufficient understanding of users' networks by the SOC team, which negatively impacts security posture. Users suggest having a dedicated server for Netsurion to avoid resource contention with other servers.
4. Improved communication with the SOC team. Users would like more interaction and assistance in going through generated reports.
5. Need for a web portal instead of receiving data in an Excel spreadsheet. Users would prefer a portal that aggregates data and highlights hotspots, similar to Arctic Wolf.
6. Development of the product to utilize internet options inherent in the operating system for better communication and security. Users suggest redeveloping the application to be more compatible with current technology.
7. Faster response time for operational events, such as lockouts, to enable timely action. Users want quicker updates on non-high security events to optimize network traffic.
8. Improvement in weekly reporting, including timely incorporation of landscape document details.
- "They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
- "Netsurion's SOC can be a bit too aggressive at times."
- "There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
