We performed a comparison between i-SIEM and Netsurion based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The main benefit is the ease of integration."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The UI-based analytics are excellent."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"They have a number of integrations with different products. Google Workspace is one of them, and Microsoft Azure is another one. They integrate with a number of other things, such as Duo for multi-factor authentication. They can pull the logs from Duo to see if users are coming from bad repeatable IPs or if there are malicious known IPs that may be popping up in the logs. They are able to see that, and they can identify that. Some of the other integrations they do are from inside your network. For firewalls, they can integrate with SonicWall, Cisco, Fortinet, etc. They have a pretty wide variety of things to integrate with and be able to pull the logins from those devices."
"Expediting incident response is really great."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"I think the number one area of improvement for Sentinel would be the cost."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution should allow for a streamlined CI/CD procedure."
"I would like to see more AI used in processes."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"Netsurion's SOC can be a bit too aggressive at times."
"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews. i-SIEM is rated 9.0, while Netsurion is rated 8.4. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.