We use it for log and threat management and compliance.
The correlation rules and the user platform are most valuable.
They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information.
They can also improve a lot of rules and vulnerability assessment. For vulnerability management, they can add more features.
I have been using this solution for three years.
It is stable. You just log in, and there are no issues.
I use it as software as a service. Scalability depends on whether I have included redundancy in the link or communication between my network and the third-party network.
Their technical support is okay. I have contacted them for technical issues, and they have dealt with those issues very well.
Its initial setup is of medium complexity. I would rate it a seven out of ten in terms of complexity.
They have changed the pricing policy. Its price is competitive. Its price is less than half of the price of QRadar, LogRhythm, and Splunk.
We evaluated AlienVault and ManageEngine.
I would recommend this solution depending on the size of the organization and whether you require software as a service or on-prem. I prefer ClearSkies for small organizations that require software as a service and have up to 500 employees. In Saudi Arabia, we consider organizations with up to 500 employees as small. Organizations with 500 to 1,000 employees are considered mid-sized. Organizations with more than 1,000 employees are considered large. This categorization would vary based on the region. ClearSkies is the best for software as a service and small organizations with up to 500 employees.
I would rate ClearSkies SaaS NG SIEM an eight out of ten.