We performed a comparison between DNIF HYPERCLOUD and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"It has a lot of great features."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"I like the MITRE table, a feature I saw for the first time in the same solution. There was one MITRE tactic table, which can be used to identify threats if you have all kinds of rules enabled or if you have rules for all the tactics in the MITRE table. There are 14 tables in MITRE, and those 14 tables consist of multiple columns, tactics, and techniques. It was one of the first SIEM tools I saw that had that particular MITRE table. On that basis, you can create new rules and identify existing ones. At any point, if an alert is triggered, it will try to match it to any of those MITRE tactics. I liked that creating a workbook on MITRE business was straightforward. I also like that you can search using SQL or DQL."
"The User Behavior Analytics is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network."
"The solution is quite stable and offers good performance. It also works on a virtual machine. We haven't found any issues with it so far. It's been reliable."
"The beauty of the solution is that you can develop infrastructure for a data lake using open sources that are separate from the licenses."
"Great for scaling productivity for log monitoring purposes."
"The response time on queries is super-fast."
"The dashboard is helpful, and it creates visualizations to let staff review event data and identify patterns and anomalies."
"Has a great search capability."
"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"What I like most about Netsurion is the level of visibility and reporting."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"There are currently some issues with machine learning plug-ins."
"The solution's command line should be simpler so that routine commands can be used."
"I think DNIF HYPERCLOUD can implement the ability to export more than 100,000. At the moment, we can't go beyond that. So many times, if you're checking for the firewall logs and working on something related to authentication or network-related traffic, while that log count is low, the account goes beyond that. You can't restrict the logs or the amount of data you can export. It's very important for my situation. It would be better if they could increase the capacity of exports. Although there are many more types of searching in DNIF HYPERCLOUD, people still struggle to query out what they want because not everyone is good at SQL or DQL. The easiest way to query out in DNIF is using the GUI-based interface. But in the GUI interface, you can use operator calls. It gets tricky when you want to search for a specific type of event. You don't know where it will be passed and whether it will be consistent. In the initial phase, it's tough for us to use DNIF. You cannot pass every event in a stable DNIF. When we used that particular tool, we used to get those logs, but sometimes many things are not getting passed. So, we used to export the sheet or export the data into Excel and weigh the required details. In the next release, I would like them to improve the export of the columns and make the application more user-friendly. I would also like a threat-hunting feature in the next release."
"The vendor is fairly new and it's not as big as some of the international competitors. It's not a mature product. If you ask them to move data, it might take a lot of time."
"The EBA could be improved."
"The solution should be able to connect to endpoints, such as desktops and laptops... If this solution had a smart connector to these logs- Windows, Linux, or any other logs - without affecting the performance of the connector, that would be wonderful."
"Dependency on the DNIF support team was frustrating."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"Netsurion's SOC can be a bit too aggressive at times."
DNIF HYPERCLOUD is ranked 22nd in Security Information and Event Management (SIEM) with 7 reviews while Netsurion is ranked 15th in Security Information and Event Management (SIEM) with 24 reviews. DNIF HYPERCLOUD is rated 7.6, while Netsurion is rated 8.4. The top reviewer of DNIF HYPERCLOUD writes "Development from open sources is very valuable but a huge infrastructure is required". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". DNIF HYPERCLOUD is most compared with IBM Security QRadar, Splunk Enterprise Security and Wazuh, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh. See our DNIF HYPERCLOUD vs. Netsurion report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.