Netsurion Reviews

We use Netsurion as our security operation center and also as an SIEM to put together all of our telemetry from various systems and to notify us when we have security events.

Netsurion's additional data source integration provides a unified view of our security posture. This makes it easy to track and see what's happening at a glance. We can also see our security status in real-time, without having to find an all-in-one security platform. Instead, we were able to choose the data sources that we wanted and integrate them into a single platform.

Integrating with our existing security tools was easy. Netsurion did all the work making it so easy for us.

The integration of Netsurion and our security tools gives us a unified view of our threat landscape.

The integrations that extend our detection and response capabilities are now easier to use. I no longer need to flip through the Azure or Office 365 admin centers to view our security alerts, and I don't need to go into Xcitium to see the security issues there. I can simply go to Netsurion's dashboard to see everything in real-time.

Netsurion's SOC does a good job of alert monitoring and threat hunting.

Netsurion's SOC has helped to eliminate recurring false positives. When they occur, we discuss them. If the investigation shows that it is a false positive, we will discuss how to prevent or suppress those types of false positives in the future.

Netsurion's SOC is effective at expediting incident response. I have worked with them on a few real incidents, and they have been outstanding. They handle a lot of the documentation for us, which is helpful. This way, we can refer back to it and what they were able to show us about our problem.

Netsurion takes care of platform management, which makes my job much easier. As a one-person IT department, I don't have the resources or budget to hire more staff to monitor cybersecurity incidents. Netsurion is like having a team of security experts on my side, at a much more reasonable price than hiring even one more person.

Netsurion allows me to focus on other tasks. In previous positions, I did not have this level of automation. I would spend two hours every morning going over logs, or X amount of time every hour checking things to make sure there were no problems. Now, I can focus on all of my other duties because I know that Netsurion will alert me if anything pops up.

Netsurion helped us boost our security operations productivity by decreasing the tedious security operations management tasks.

Netsurion has helped reduce our time to detection.

Netsurion has helped us improve our ability to remediate security incidents. In the past, we had to manually collect logs and analyze them to identify the source of an incident. Netsurion has simplified this process by providing us with pre-analyzed logs and after-reports that help us track down and remediate incidents more quickly.

Netsurion takes a holistic and proactive approach to security. They are proactive in that they give us advance notice of potential threats, such as when they have patches available. They recommend that we apply these patches immediately, rather than waiting for our regular patch day. They also notify us of other security-related matters. Additionally, they take a holistic approach by helping us with all of our systems.

We are a small company located in Bermuda with a team of 42 people. Specializing in reinsurance, we offer a range of reinsurance products from around the world. During a recent cybersecurity gap analysis, it became apparent that we needed to enhance our network and security monitoring capabilities beyond the capacity of our current 42-person team. Within the company, only three individuals work in the IT department, making it impractical to assign someone to security log monitoring around the clock.

To address this challenge, we have implemented Netsurion Managed XDR. This product, previously familiar to me from past professional experience, aggregates logs from our various devices including workstations, servers, switches, routers, and firewalls. These logs are then centralized on our on-premise servers, which are linked to Netsurion Managed XDR's security operations center. This center is staffed with experts who analyze the collected data, providing us with valuable insights. They promptly alert us through email, phone, and text if any unusual or critical activities are detected. These activities could range from unauthorized access attempts to anomalous Internet or firewall activities.

The system also offers weekly observation reports, categorizing activities using color codes ranging from red to green. This report covers a spectrum of information such as account lockouts and Internet activity. I have also specifically requested alerts for any usage of administrative passwords. Additionally, we engage in monthly review meetings where we assess the previous month's data, including a Power BI report that delves into trends and various monitoring aspects.

Another key service we utilize from Netsurion is their vulnerability assessment scanner. This monthly assessment involves scanning all our systems within the network to identify security vulnerabilities and needed updates. It's comparable to having a simulated penetration test, ensuring our systems are robust against potential threats. The resulting report provides valuable insights into our security posture.

In essence, Netsurion Managed XDR fills the crucial role of network and security monitoring that our internal team cannot handle alone. It's akin to having a dedicated 24/7 security team constantly scrutinizing our network for threats. The system not only detects immediate issues but also assists us in enhancing our security measures for the long term. For instance, based on their recommendations, we have successfully blocked requests originating from certain countries, such as the Russian Federation, China, North Korea, and Iraq. This proactive measure has significantly reduced the unnecessary traffic targeting our network.

Our experience with Netsurion's services has been exceptional. Their expertise and support are of the highest quality. As I had worked with them at a previous company, I sought them out again for our current needs. Particularly for a smaller company lacking a dedicated security team, this solution has proven to be one of the most effective ways to bolster our cybersecurity defenses. Their capabilities align perfectly with our requirements, and their professionalism makes them an ideal partner in safeguarding our digital environment.

One of the primary benefits of using Netsurion for our organization is that, due to a mandate from our regulator, we are required to have robust monitoring platforms in place. We now possess our own monitoring platforms, which allow me to oversee various aspects. Moreover, we have implemented a 24/7 monitoring platform, ensuring complete compliance with regulatory standards.

Netsurion offers a flexible solution that assists us in safeguarding our entire IT environment. This has significantly enhanced its robustness over time because they have been able to identify trends. Subsequently, we can adjust settings. Initially, when we implemented the product, we noticed more issues that, with time, would turn red or become more critical. These included instances where certain activities were not being blocked or when excessive permissions were granted to users in terms of access rights and similar matters. By analyzing trends over time, we have been able to refine the network, thereby achieving a higher level of overall security based on the insights provided by their monitoring.

The way the SOC service operates is by providing us with a dedicated team. This team usually consists of around four to five individuals participating in monthly calls. Essentially, this team, which is assigned to various companies, including ours, remains consistent. The individuals we interact with are familiar with our environment, and over time, we establish a rapport with them. Their contributions are highly valuable. It's akin to having a specialized team solely dedicated to handling our security concerns. Unlike a situation where we would interact with random support personnel for each inquiry or ticket, these individuals possess a deep understanding of our company as they consistently work with us. This arrangement eliminates the need to repeatedly transfer knowledge. They are well-versed in our history, the current state of our environment, and the specifics of our network. This setup operates 24/7, ensuring that meetings and communications align with my schedule. Furthermore, we receive updates even outside of regular working hours. This SOC service is available to us, and in my opinion, it's an excellent setup. The continuity of interacting with the same group of professionals allows us to establish relationships, not only with the individuals themselves but also with the company as a whole. This dynamic significantly enhances the trust we place in their services.

The SOC handles alert monitoring and threat hunting extremely well.

Reducing false positives is a crucial aspect of the tuning process we engage in. At the outset, we receive alerts for all activities, treating everything as a potential issue. However, we gradually refine this approach. For instance, we develop custom applications for our company. In collaboration with Netsurion, we've integrated their system to whitelist specific processes associated with our proprietary applications. To Netsurion, some of these processes might seem suspicious, such as activities involving the SQL database, potentially appearing as hacker activity. Nevertheless, this is not the case, and these actions should be permitted since they originate from our authorized service. It's highly beneficial to maintain this collaborative relationship. This allows us to fine-tune our system, minimizing the occurrence of false positives.

The SOC plays a crucial role in incident response. When issues arise, they are promptly prioritized. We have a specific prioritization process that feeds directly into our service desk. This enables us to initiate our incident response testing promptly. Additionally, the SOC identifies other potential concerns. For instance, we are currently investigating a situation involving suspicious DNS queries originating from specific IP addresses. Presently, we are actively examining this issue. While it appears suspicious at the moment, it has not been confirmed as an exploit or an actual event. Our standard procedure involves thoroughly investigating the matter and documenting all actions taken. Any actions we take become part of our response protocol. If the situation warrants, it might be escalated to the IT committee. Regardless, all actions and findings are meticulously logged in our service desk for future reference.

I appreciate that the SOC handles platform management. It's pleasant not to be directly involved with managing the tools themselves. Essentially, what we do is utilize an agent. This involves configuring an agent that is deployed universally. Additionally, they handle the configuration of SysLog services and similar tasks. Apart from these aspects, they take care of everything else. They provide the server and are responsible for updates, including those related to the internet. When it comes to integrations, they've established connections with our firewalls, antivirus, and email security gateway. This facilitates the retrieval of logs and security details, which they collaborate with us on. I'm relieved that I don't have to concern myself with updating their software. In our monthly meetings, they discuss new exploits they've come across, often with amusing names like "monkey dine," and their efforts to identify telltale traces of potential threats within systems. This proactive approach is commendable. Their management of these aspects allows us to concentrate on using the platform. For me, it's comparable to owning a car. When I buy a car, I can operate it, but I don't need to understand its engine intricacies. In the same manner,  Netsurion Managed XDR has been a boon for us. It has consistently proven beneficial across the various companies I've worked with. Unlike setting up our own monitoring systems, which can be time-consuming, Netsurion Managed XDR's implementation is relatively swift. While there's an initial learning curve, within a few months, the value becomes evident. The insights provided are exceptional. Certain reports are even presented to the IT committee I report to, serving oversight purposes. These reports are also instrumental for compliance and audits.  Netsurion Managed XDR is a third-party solution, impartial in its reporting. They provide compliance reports alongside their software tools. From my perspective, it's one of the essential tools. Over the course of my professional experience, there are a handful of products and services that I've found indispensable, and Netsurion Managed XDR is one of them. I used to use the Netsurion Managed XDR in my previous company, which was a relatively larger company.

The SOC has enabled us to fully concentrate on everything else that we need to do. Knowing that the segment, the monitoring, the event tracking, and the alerting are taken care of by someone else gives us the confidence that if something happens, we will be notified. This allows us to focus on tasks that are more aligned with our experience and the size of our IT departments. If an issue arises and it's critical, I will receive prompt notification. If it's not critical, I will receive an email from them the following day, or it will be included in an observation report. It will definitely be discussed in the monthly review meeting.

If we didn't have Netsurion Managed XDR, I would be looking at logs, and we'd be relying on antivirus and our own monitoring to see if something was untoward. We just wouldn't have the insight and visibility we have now. And I didn't have it before. We had monitoring, but nothing as in-depth as we have with Netsurion. So has it decreased the amount of time we spend on it? I would say it would have if we'd been able to do some of the stuff that they do, but we really couldn't do it. We didn't have the time. We didn't have the tools to do it. For us, it's been a total value add in terms of the capability, rather than the time saved because we were unable to do the tasks before.

Our IT department has limited time and resources. We are unable to create our own SOC, therefore Netsurion has helped us accomplish more security initiatives and monitors our environment.

Netsurion provides us with information that we never saw before. The solution helps us see it, capture it, bring it together, report on it, and derive analytics from it. They've provided visibility that we've always wanted but never had. When I'm speaking to the board information from Netsurion helps me provide them and senior leadership pertinent security information from within our environment. We provide a visual map of where potential bad actors are trying to connect from. We can see which applications attackers are trying to exploit. It drives dialogue that helps increase security awareness. It also enables us to justify our security budget.

Extending our detection and response through integration is something we're exploring. We have various products that we currently integrate into Netsurion. Our organization typically takes a best-of-breed approach for software selection. We will explore more integrations to see if there are efficiencies to be gained or if we can achieve quicker reporting and remediation.

Netsurion offers a flexible solution that covers our entire IT environment. They're another resource for us and act as an extension to our existing security resources. Netsurion isn't just monitoring our environment, reporting on it, and letting us take care of it. We bounce questions off them, and they help us dig deeper into incidents as they happen. 

They provide us with the necessary information to make business decisions based on some of these events. Netsurion is more than just a vendor to us—they are truly a partner that has changed how we approach security.

Their SOC is going above and beyond. They're our first MDR. Netsurion prefers to label itself as an XDR, but we've never had a managed response at that level. We had someone watching our perimeter firewall before, and we would run unannounced penetration tests against our environment. That organization was not able to detect the anomalous activity.

When we ran tests with Netsurion, their SOC investigated things and pinpointed exactly what was going on within two minutes. We've been able to verify the work they're doing. It's nice to have an organization watching my back while I'm trying to do what I need to do.

We like to investigate and find any anomalies. Whether we or Netsurion see activity taking place, they have the resources to monitor logs and do the investigations that we are too strained to perform. They can identify the activity causing the incident. By seeing the whole picture, it has helped us make decisions that reduce our false positives.

As an example, we requested specific logs from our web filter, and the response of Netsurion's SOC was above and beyond what the contract specified. Not only did they provide the data requested, but they also modified the visual presentation to our specifications.

Using Netsurion's SOC has freed me up to focus on other tasks. Initially, my role was purely focused on day-to-day security. My role has transitioned into
managing half of our IT department. I have less time to focus on day-to-day tasks. Most of that work has been transferred to the SOC. We have utilized them far more than we ever expected.

When we signed an initial contract three years ago, we wanted to see what we could get from the service. As we get ready to renew the contract this year, we're looking for more ways to utilize their services because budgets are getting tighter. We are exploring ways to take advantage of the SecOps management features.

Our time-to-detection has decreased exponentially, but I don't know how to quantify it because we weren't seeing the things that they're reporting. We knew they were there, but that level of visibility wasn't there. They notify us in under five minutes about issues we never would have known about before.

The remediation time has also improved exponentially. We can't remediate an issue unless it's known. As soon as an incident is detected, they notify us within a few minutes. We've remediated most issues in under five minutes.

I use it for security events and incident management. It's a fantastic product. Netsurion Managed XDR is a really good product. It is hosted, and they do a lot of the analysis. They get great reporting. It covers all my highly valuable assets and offers a really low impact on my systems. I check a regulatory box as well as a cybersecurity box, so it covers a lot of bases for us.

The great upside is compliance and regulatory satisfaction. If we say we're using this product and someone wants to report, that's it. There's no question about the legitimacy of the product. They're large enough in the marketplace. Our regulatory bodies know about them and understand what the product is like. That's the number one pro for me. 

It gives me a really good piece of mind. I have a couple of products. This one is not cheap. However, it doesn't have to be. I pay a premium and they give me peace of mind that I don't get with any others.

We use Netsurion as a managed SOC provider for them to be able to do visibility scanning on all of the devices within our network and to look through the log events that we have coming out of the devices and SaaS products that we have. They are looking at the logins through Microsoft Azure and Google Workspace, aggregating all that, and doing some investigative work to see if there are any incidents where there might be a possible malicious activity or any possible intrusions into the network. If there are any problems or issues that may occur and if they do find things, they are able to notify our team of those things or those findings that may be a problem for us. They send us an email to let us know what to look into and how to remediate things. That is how we have been using them.

We do not have a security team. By implementing Netsurion, we could utilize an external team to be able to investigate those things where we do not have the expertise or people to do that. That was the number one reason why we went to them and asked for help from them. We purchased their services to monitor all those things.

The integration of Netsurion with our security tools gives a unified view of our threat landscape. It brings everything into one single pane of glass type of view. We can see everything going on in our infrastructure. It is pretty important for us to be able to see everything in a single report rather than going through ten different tools, which can be a bit annoying. Having Netsurion describe everything in detail in one report has been pretty valuable.

Netsurion has been a pretty flexible solution for helping us protect our entire IT environment. For everything that I have asked from them in terms of adding certain SaaS products, devices, or anything like that, they usually had a solution to get them integrated into their product. It might not be the best integration, but they have figured out a way to get our security stuff into Netsurion.

There have been some incidents in the past where we had a scare of a possible virus infecting one of our machines or of possible intrusion. We pushed it up to their SOC team. They did investigative work and came back and told us their findings, such as things being fine on those devices and so on and so forth. Their SOC team has been pretty good in the sense of being able to jump on things and be able to work with us on possible issues that crop up.

Netsurion's SOC is pretty good for eliminating false positives. They have done a pretty good job of going through a lot of the log data that we have. They go through hundreds of tickets in a month, but we only see the reports. They only come up with critical or warning items. We get a handful of those compared to all the tickets that they create on their side that may look like suspicious things on their end. They do a pretty good job of looking and working out a lot of false positives on their end.

Netsurion has helped to boost our SecOps productivity by decreasing tedious SecOps management tasks. They have been able to provide a way of monitoring things so that we do not have to do that. They have been watching the environment and only bringing things to our attention when we really need to. That is something that we did not have in the past. We never had a security team, and we needed someone to watch everything. They are able to watch everything and look through everything that we have on our infrastructure, such as SaaS products and other products. They have shown value by only bringing up the cases that truly need interaction from our side. My team is able to go into a system or one of the SaaS products that we use and take action on certain things. They do the investigative work, and they do the penetration scanning and things like that and notice things. They bring anything they find to our attention. They have steps or procedures to take action on those things. Once we get all that information, our team goes into those devices or services to make changes based on their recommendations for the issues they found. In the case of a security incident, Netsurion has improved our ability to remediate.

I manage 13 companies that have 300 to 400 companies underneath them altogether. We're a private equity company, so we manage one company, and they control 10 to 20 companies themselves. Our operations are decentralized, so there aren't many existing products suitable for our use cases. 

When we initially deployed, Netsurion didn't seem like a particularly robust solution. We had the reporting, and if I told them to look for something specific, they could look for it and report on it. We haven't given them anything outside of the box to look at. It tells us everything that you see. We haven't whittled it down to specific events yet.

Netsurion is on the endpoints. You install it, and it speaks to a web server. We have it on workstations and servers on AWS, Google Cloud Platform, Azure, and everything else. We're using it as a decentralized SIEM product, and it's one of the only ones out there. We use Netsurion for things like log forwarding, and we deploy it on every workstation. It's a manual process. There is an installed agent, and as long as it has internet connectivity, it goes and talks to the centralized server, and Netsurion's SOC monitors the logs for all those devices.

Because we don't have a centralized enterprise network, there are a lot of different companies involved, and they could be anywhere. They could be working from home, or there could be several employees in a coworking space. The Netsurion agent has to be installed on every endpoint and allowed to communicate directly to the internet.

We don't have the security staff needed to monitor log data constantly. It's too much data. You have to send it to a third party like Netsurion that specializes in that, and they have a 24/7 security operation center. We don't have the in-house staffing or the time, so we offloaded the task to a third party, and they only report on critical incidents. Then they have reporting criteria, so if it's urgent, they call us. If it's not so critical, then they email us. We don't have the capacity to do that ourselves.

Netsurion has allowed us to consolidate cybersecurity technology, including SIEM and network traffic analysis. It's not a decisive factor, but it's important. Having multiple tools keeps it centralized.

Our main concern is IT security. We are looking at it from a point of view of making sure that we are fully PCI compliant. PCI is the compliance driver for us above all others. The log management, event management, and managed services are all fairly pricey services for a small business like us, but we felt the need to be able to take all the logging traffic that we are storing, then make some sense out of it. We needed someone with that expertise because we don't have a dedicated, trained security professional in our organization or in our small group. We turned to Netsurion for that service and have been happy with it.

It takes the load off of our systems administrator from having to manage, vet, and analyze logs. Even though they come out in a good format and we have reports from them, there is still an incredible amount of data moving through that system. 

When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with.

The solution provides 24/7 monitoring and alerting. When we have third-party security assessors come in and do our annual pentest and security review, they have ranked us as being a very mature small business compared to others that they deal with. So, we rank fairly high in terms of cybersecurity maturity compared to other small businesses with 75 employees, such as ourselves.

We don't do a lot of network analysis, but it certainly meets all of the correlation requirements that we have so we can be able to spot logins at unusual times. Or, I just got a report, not 30 minutes ago, and called one of my guys, saying, "Hey, go check on this PC because it is showing 15,000 incorrect password attempts to get to the file server. What is going on?" Obviously, it's not necessarily an indication of a breach of any kind. It is an indication of some kind of software malfunction. So, we were able to look at that and get those reports, and say, "Hey, we have something that needs our attention. I have one user account hitting a file server from one PC, and we know that a password was changed on the day that started, but we also know that the password is not locked out. This helps us analyze what the real problem is, then we are able to eliminate that it is not an Active Directory problem nor a Windows problem. We know what caused it, and it's not an intrusion attempt. However, this narrows down all those issues so we can focus on where the problem might really be.

Having a managed SOC reach out and contact us when something pops up is useful, since we're not, as IT staff, able to have eyeballs watching for things. We are dealing with staff, devices, services, etc. all the time, so we are not able to watch for things. There is also not the expertise available all the time for all our escalations of threat management. Having someone who can notify us, "This is urgent. I will call (or email) them based on the runbook that we have," and, "I need to follow up in however many days," depending on the urgency of the issue, has been really helpful.

Given that the solution is passive, it hasn't had much impact other than occupying space on our server infrastructure.

They offer 24/7 monitoring and alerting with the understanding that our boots-on-the-ground staff are not 24/7. Being that it is passive, if they are calling us to do something, then depending on the time of day or even the day, our staff aren't working. We don't have a 24/7 rotation, given that there are only two IT staff positions for the entire organization.

Netsurion gathers the logs from our Sophos cloud provider, amalgamating it all into our on-premise SIEM. Then, the SOC is performing all the analysis, reporting, and alerting for us. This is pretty important given that we have very limited staffing, so we need to be able to have that handled for us.

There haven't been a lot of incidents in the last six months, which has been nice. Most of the incidents that we have reported have been false positives in the last few months. It has been quiet since August.

Its threat detection and response is pretty good.

We had a staff member who downloaded something, and I can't remember if they had had the authority to install it in this scenario. Anyhow, they downloaded something and were running something that was connecting to services in Europe which had a bad public reputation. The database or listing that they had referenced was either malware class or spyware. The visibility of seeing somebody had downloaded something that they weren't supposed to, and they weren't following organizational procedures for software procurement, was very helpful and useful.