Securonix Next-Gen SIEM is a security information and event management solution designed to provide advanced threat detection, response, and compliance capabilities. It leverages machine learning and big data analytics to offer a comprehensive security platform for modern enterprises.
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jun 14, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Jun 14, 2025 | Download |
| Comparison | Securonix Next-Gen SIEM vs Splunk Enterprise Security | Jun 14, 2025 | Download |
| Comparison | Securonix Next-Gen SIEM vs Wazuh | Jun 14, 2025 | Download |
| Comparison | Securonix Next-Gen SIEM vs Microsoft Sentinel | Jun 14, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 4.8% | 96% | 132 interviewsAdd to research |
| Wazuh | 3.7 | 13.3% | 80% | 48 interviewsAdd to research |
Securonix Next-Gen SIEM utilizes advanced analytics and machine learning to detect complex threats that traditional SIEM solutions might miss. Its architecture is built on Hadoop, enabling scalability and the processing of large volumes of data in real-time. This allows organizations to gain deep insights into security incidents, prioritize threats, and automate response actions. The solution also includes behavior analytics to detect insider threats and unknown attacks, integrating seamlessly with existing IT infrastructure.
What are the critical features of Securonix Next-Gen SIEM?
What is the ROI expectations?
Securonix Next-Gen SIEM is implemented across various industries, including finance, healthcare, and retail. Its flexibility and advanced analytics capabilities make it suitable for environments with complex security needs. In finance, it helps detect fraud, while in healthcare, it ensures patient data security. In retail, it protects against data breaches and payment fraud.
In summary, Securonix Next-Gen SIEM offers advanced threat detection, scalability, and integration capabilities, making it a robust solution for modern enterprises.
Securonix Next-Gen SIEM was previously known as Securonix Security Analytics.
Dtex Systems, Pfizer, Western Union, Harris, ITG
We were using it for data loss prevention and data acceleration. We wanted a platform with a proper ticketing facility, and as and when we reviewed a user, we also needed a proper documentation setup. Securonix provided that. We were able to integrate playbooks and a lot of other modules so that we not only looked at a particular problem area but also at other factors. We didn't only want to look at exfiltration but also at any lateral movement inside the company by a user. We wanted to look at the outliers in a better way, not only in terms of a user's activity but also in relation to the peer activity to show that it is not a team; it is just a team member doing something wrong.
We most probably were using version 6.0.
It was very easy for us to do our manual threat hunting. We had a lot of instances where we found our internal users exfiltrating data. We were able to see that they were exfiltrating data. We could confirm that through the platform by taking a deeper look, which was very nice. It is user-friendly and handy. It allowed us to look at all kinds of activities and logs.
It provides actionable intelligence on threats related to the use cases. After you have done the configuration, it triggers an alert for any incident. This actionable intelligence is very important because it allows us to respond in time without missing the window of being able to take an action. Sometimes, threats are small, and the indicators do not pop up, but with manual analysis, we can get a complete view. So, it is very important to have real-time triggers.
We have been able to find a few true positives. Based on the triggers from the tool, we got to know that people have been exfiltrating data over a period of time. They had been doing it in small amounts, and that's why it went unnoticed. After the tool notified us, we discovered that one or two users have exponentially exfiltrated data over a period of time. Without the solution, just by looking at the logs, we wouldn't have known that. The tool understood the behavior and triggered a notification, and we got to know that. The users were not just sending our data to themselves but also to another vendor. They were contractors, and they were exfiltrating the data to another vendor. They were about to leave the company, and we were able to catch them before they left.
It reduces the amount of time required for investigations. If I had to check logs from different log sources or tools from different vendors and create tickets, it would have taken time. With SNYPR, we were able to perform a lot of actions within the same platform, and we were also able to push tickets to our SOAR management tool. Everything was in one place. We didn't have to navigate between different things. It was helpful for incident management. It took time for analysts to check whether an alert was a false positive or not and provide the right evidence. Having incident management within the tool reduced time in creating and closing some of the incidents. Instead of 30 minutes before, it was reduced to 10 to 15 minutes per incident. We didn't have back-and-forth navigation. Everything was in one place.
It saved us a couple of hours of our day-to-day activity because everything was consolidated. Once I logged in, one or two hours were enough for me to look at everything and identify things to take an action on.
It has definitely helped us with threat management. Because of the sample use cases that we saw from Securonix, we were able to design a few of our own use cases. We would not have thought of those use cases in the past. We were able to add use cases that were helpful for our data internally. We were able to understand logs even better and create our specific use cases. It was good learning.
It is user-friendly. Its user interface is better than the other tools.
I like the playbook integration. In the beginning, we had a few hiccups because the tool was developing, but after that, the threat intelligence tool that we integrated got more accurate and better. The whitelisting and blacklisting of IPs, domains, or users were also working.
Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it.
Securonix accommodates customer requests in the upcoming versions very well. They do their best to bring in the features required by a customer. We were able to have custom widgets for different departments or specific use cases. All tools do not provide such customization. Securonix was good at taking a request, reviewing it, and if it made sense, adding it. We got at least one or two features added.
When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated.
I have been using this solution for about 2.5 years. Right now, I'm not using it, but I have used it in the last 18 months.
Initially, during patch management, we did see a few downtimes, which required a backfill of data. Before I moved out of the previous company, patch management and upgrades had improved, and the tool had become stable. The queries we were running weren’t breaking the tool. We were able to fetch reports for more roles and data as compared to when we started.
The company that I was working with was midsize. We didn't have a huge amount of data. We were accommodated pretty well. We didn't have any thresholds or limits, but I cannot speak for companies that have a huge amount of data.
Their archiving and deletion policies also worked well for us. We didn't see any performance issues when the solution was ingesting all log sources. Its scalability was pretty nice. We started with six to seven data sources, and then we moved on to add a few more. It could easily accommodate any increase in the number of users or data. We didn't have to just stop at a particular point.
With on-prem, customers have control over the infrastructure, and they can tweak it, but a cloud solution is more simplified. You don't have the headache and overhead of maintaining your resources. So, it is definitely scalable. They partition you based on how big the company is. So, even if you move to a bigger scale, more resources get added to make it work better. It is seamless. We didn't have many issues. We had a few slowness issues at times, but they were resolved. We didn't have to deal with them for a long period of time.
Their support was pretty good. We didn't have any issues there. They were pretty fast. Anytime we had downtime or any issue, we were certainly helped. We got emails telling us how long it will take, and they would stick by it. There were a few times when there was a one-day or two-day delay in response, but eventually, it all worked out. We didn't have major issues. I would rate them a nine out of ten.
They also provide a review with their content team. For the initial few months, they did a lot of threat hunting and showed us why they think a user is doing something in the company and why it is something that is worth taking a look at. It was helpful to have analysts from their side and see how the users are doing it and what are the patterns.
Positive
I have only worked with this solution.
We had another engineering team that took care of its deployment. My involvement in its setup was only for providing the type of data that we need to pull into Securonix. Some log sources took a while in terms of the data format that we wanted and accommodating it with the APIs on the Securonix end. We only had issues with a few data sources. It wasn't a very difficult process, but it did take some time. It took about two months.
Overall, its onboarding was pretty smooth because we were on SaaS. In terms of the strategy, we had to provide the data sources that we needed. They were divided into three levels. We first integrated one or two data sources, and when we saw it triggering, we integrated a few more. We also worked on fine-tuning it for false positives with their content team. They trained us on various use cases and algorithms behind those use cases. If there was any incorrect trigger, they explained the reason for it. It did take quite some time to configure it for our own custom use cases. This phase took more time than the initial integration of data sources. It took at least two to three months to onboard all the sources.
Because it was a SaaS solution, they did the maintenance. It didn't require any effort from our end. It minimizes infrastructure management. In case of downtime or outage, they used to notify us and fix the issue. It did not require our intervention, except monitoring and checking if things are running fine.
They provided flexibility in terms of features and patches. If we wanted to stay on a particular patch or have a few features in the next version, they were able to accommodate that. They were able to add our features even when other customers did not need them.
There were two people on the engineering team from our side, but I am not sure how many people were there from the Securonix side. For integration, two people were there, and then there were four analysts at the beginning to support the tool and give feedback.
We most probably did see an ROI. I was working only at the analyst level. I do not have the numbers, but it did improve the efficiency to do more in less time. In the beginning, we were hesitant to use a new tool, but it soon became our go-to tool for checking and verifying any issues. We started engaging with the tool quite a lot, and it probably saved four to five hours a day. Documentation and ticketing were the biggest challenges, and it helped in having everything in one place. We could just click on a ticket and see everything.
I had heard that it was much cheaper than Splunk and some of the other tools, and they gave us a nice package with support. They accommodated the number of users and support very well.
My team had definitely looked at other tools, but I was not involved in the PoC.
I would advise having a look at it. The user experience or the user interface is definitely better than other tools, but you need to see how it interacts with your data sources and how easy it is to integrate it with those data sources.
It took us at least four to five months to realize the benefits of the solution from the time of its deployment. It depends on the log sources you are concentrating on and want to fine-tune. Most SIEM tools, including Securonix, have a lot of use cases that can be tied to Windows, VPN, etc. Modifying and tuning just one log source is not enough. You should tie different log sources so that you get an idea about any lateral movements. Everything that flows into a SIEM solution has to be tuned. If I'm sending a raw log in any format, it needs to be properly sanitized and tuned for my security requirements, which takes time. We had to go back and forth and get a lot of things fixed. It takes a while for the tool to understand and start triggering based on a specific activity.
False positives will always exist. They won't completely go away. When we first deployed it, it used to trigger alerts for 500 to 600 users, which had come down to 20 to 30. It needed continuous fine-tuning, but as an analyst, I was no longer overwhelmed by hundreds of alerts. It took a while to get to that stage and involved a lot of blacklisting and whitelisting. Even though the false positive rate had come down to a pretty good number, we still had to intervene and verify whether it was a false positive or not, but it was easier to do.
It hasn't helped to prevent data loss events, but it has helped to reduce further loss of data. We got to know about an event only when it had already started to happen. When the tool identified that something was happening, it would alert us. If an analyst was active enough to understand that and put a stop to it, it could have prevented any further loss, but I am not sure how much a data loss event would have cost our organization, especially in intellectual property. However, we figured out that about 40 to 50 GB of data was sent over a period of time. It was sent in small bits, and it included confidential reports, meeting keynotes, etc. We would not have known that if the tool had not notified us.
I would rate it a 10 out of 10 based on the experience I had. We didn't have any major issues related to slowness or querying the tool. Querying was pretty simplified, and there were also documents to know the processes. Their support was good, and they were also good in terms of the expansion of the tool. When we wanted a new data source, they were there to review it and modify it with us. They provided good assistance.
