Securonix Next-Gen SIEM Reviews

We have actually used our company, which is a large one, and we are using multiple Securonix Next-Gen SIEM technologies. For the on-premises environment, we are using Securonix Next-Gen SIEM, and for cloud, we are using Sentinel.

We primarily use Securonix Next-Gen SIEM to detect policy violations, firewall detection, and other basic parts for the on-premises system, but we primarily focus on the cloud solution because cloud is the scope of our work and we are moving to cloud slowly.

The other SIEM solutions lack an option for big data analysis, whereas in the Securonix Next-Gen SIEM, we have this option, so considering the scope of the project we planned, we chose Securonix Next-Gen SIEM over other vendors.

We utilize user and entity behavior analytics in the Securonix Next-Gen SIEM.

The reporting in the Securonix Next-Gen SIEM is very good, and the dashboard is great.

We have a separate dashboard for MTTD and MTTR. Compared to the previous solution we used, Securonix Next-Gen SIEM has many advantages on the MTTR part, as the containment and alerts automations are feasible from the response point of view.

We use Securonix for alert generation by feeding events from different data sources and creating policies. Based on policy violations, we manage alerts. It's essentially a SIEM system for what we do with Securonix.

One of the valuable features of Securonix is the auto-incident creation, which was not available two or three years ago. Previously, we had to create incidents manually when a violation was triggered. Now, the process is automatic, reducing our workload. Additionally, behavioral analytics is a useful function, even though it sometimes triggers due to legitimate actions. It requires fine-tuning but correctly detects abnormal behavior.

We use Securonix Next-Gen SIEM as a SIEM, security incident and event management solution in our organization.

Securonix Next-Gen SIEM has effective features for threat detection, such as models and custom trap models which are useful. Its integration capabilities are good and comprehensive, allowing us to connect with various necessary components. 

Additionally, the AI capabilities enhance threat detection, although they were relatively new at the time. Finally, the solution has shown to be time-saving in the long run.

We use Securonix Next-Gen SIEM primarily for managed SOC, focusing on threat detection, baselining, and ensuring the maturity of our SOC security operations. 

It is integrated with threat intelligence and utilizes frameworks like MITRE ATT&CK and the Cyber Kill Chain. 

The solution helps in threat detection, especially with use cases like brute force attacks, port scans (both horizontal and vertical), other insider threat activities, Privileged access abuse, Ransomware detection and Data exfiltration prevention. We also customize and fine-tune these use cases based on our requirements.

Securonix Next-Gen SIEM has significantly improved the visibility of tools and technologies within the environment. 

It enhances our security posture by providing comprehensive oversight of users and devices, aiding in threat detection and prevention. 

Additionally, its scalability and ease of onboarding new devices and technologies have streamlined our security operations.

I use this solution for security monitoring and user behavior analytics. Banks, governments, and the oil and gas sector utilize it.

The software includes user behavior interactions, dashboards, and training capabilities. These features are interactive, allowing for comprehensive engagement.

We use it for user behavior analytics in a hospital. Consider patient health information. We use the product to understand where the information is, who's using it, who's accessing it, whether the access is authorized or unauthorized, and whether there is a possible risk of someone stealing that data. There are many such use cases.

Additionally, we can find who's accessing the data at a particular time in the hospital network. It is flagged as a potential risk if it is an unlikely behavior. When unauthorized access is made, an investigation is launched. There are similar use cases of Securonix that we built in hospitals in the US over the last six or seven years.

The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry.

We are using it for monitoring firewalls, Windows operating systems, some Linux operating systems, active directories, and some of the solutions in the cloud such as Office.

In terms of deployment, everything is in the cloud. Our licenses are on the cloud. We don't deploy anything on premises except the RIN.

We are a managed service provider, and we offer this service to third-party clients. Most of our clients are very happy with the solution. We can detect a lot of threats, which are not false positives, and we can describe the threats very well. A lot of information can be obtained from this SIEM, and we can provide very good incident reports to our clients.

We were using another solution previously. The other solution couldn't compete with the features and functionality that we were looking for as a managed service provider. Some clients ask for specific features, and we couldn't complete those needs with other products. They were more about calculations, such as events per second (EPS). With Securonix, it is easier to sell the product and make quotes for our clients. It has helped us a lot at the administration, commercial, and operation levels.

It provides actionable intelligence on threats related to our use cases. It can detect violations and reduce false positives. This actionable intelligence is one of the most important parts because we have suffered with some of the other solutions in terms of receiving a lot of events and alarms where most of them were false positives, which made it a bit difficult for us to investigate and generate incident reports. Securonix is handy for engineers and the security operations center.

Its analytics-driven approach is pretty good at finding sophisticated threats and reducing false positives. When it comes to monitoring network devices, such as firewalls, it can detect behaviors that would be difficult for other solutions to detect or for normal engineers to detect manually. It has a lot of violation policies, and it is very handy and helpful at this level.

It adds contextual information to security events, which is one of the most important points. We can fill a lot of information into our reports for our clients.

Everything is saved for us and indexed. We can review any event we need within three or six months. We can review even when the data is in the cold phase. We never faced any case where we lost any event data. When clients asked about some events in the past, we could find them very easily and without any issues by using the queries.

It improves analysts' efficiency to do more with less time. Spotter is one of the best tools for me for searching and visualizing various things such as policies. With the Spotter language, you can search for whatever you need. You can search for any endpoint, any IP, any hostname, or any violation name. Even though it is not very fast, it is fine for us. Splunk or Elasticsearch is faster than Securonix because this is their job. Even though Spotter is not as fast, it has been helpful for us.

We use Securonix to monitor attempted malware attacks. It sends us alerts, so we can investigate suspicious entities. We'll refer it to the consent team, who will give their solution or comments. 

We have a server where all the data is stored. The Securonix people will take the data from that server, encrypt it, and send it back to the application. From there, we can work on the alert and monitor the data.

The product reduced our investigation times by about 85 percent. Data and geolocation enrichment are the two essential components of the detection part. When there is an IPS alert, we generally need to check to see where the IP is located. Securonix will tell you where the IP is located in the city and country. Securonix helped a lot when the Log4j cybersecurity attack broke out last year. It enabled us to investigate that threat deeper. 

The behavioral analytics features reduce our false positive rate compared to traditional antivirus and cut the time spent detecting and responding to threats by about two hours each week. 

Next-Gen SIEM provides valuable contextual information about security events. We are adding all the information, like user data, from Active Directory. Whenever a user is terminated or retires, we will get an alert stating that the user has separated. 

The built-in management tool improved our security teams' efficiency. You can raise a ticket with one click when you see something suspicious. You can work on it and do your analysis in the backend. It will open a ticket and send it to the teams. 

The analysis will be completed in 15 to 25 minutes. The solution will email the consent team to tell them they need immediate action. In other tools, we have to go to another third-party tool to raise a ticket, and we need to escalate the issue ourselves. There is typically another procedure, but Securonix has a built-in management tool. This reduces a process that would typically take an hour to about 15 or 25 minutes.

It also helped us avoid data loss because we integrated SharePoint into Securonix. We get a notification when someone deletes files in Sharepoint that reports the SharePoint link, the user, deleted files, etc. We will investigate whether it's a legitimate activity or something else.