Netsurion vs Wazuh comparison

Netsurion
Read 24 Netsurion reviews
  • 792 Views
  • 293 Comparison Views
92% willing to recommend
Wazuh
Read 39 Wazuh reviews
  • 28,493 Views
  • 15,700 Comparison Views
75% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Netsurion and Wazuh based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Netsurion vs. Wazuh Report (Updated: July 2024).
Buyer's Guide
Netsurion vs. Wazuh
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Netsurion
Ranking in Security Information and Event Management (SIEM)
14th
Ranking in Extended Detection and Response (XDR)
16th
Average Rating
8.4
Number of Reviews
24
Ranking in other categories
Managed Security Services (5th), SOC as a Service (3rd), Managed Detection and Response (MDR) (13th)
Wazuh
Ranking in Security Information and Event Management (SIEM)
3rd
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
7.4
Number of Reviews
39
Ranking in other categories
Log Management (2nd)
 

Mindshare comparison

As of July 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Netsurion is 0.3%, up from 0.2% compared to the previous year. The mindshare of Wazuh is 15.3%, up from 10.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
Managed Security Services
1.9%
SOC as a Service
2.3%
Log Management
18.6%
Extended Detection and Response (XDR)
15.6%
 

Featured Reviews

JosephSnyder - PeerSpot reviewer
Aug 23, 2023
Flexible with good incident response and helps with eliminating false positives
A SEIM is an SIEM. They all do the same thing. What's valuable about the Netsurion Managed XDR product is the analysis that it brings to the table. They do a really good job of filtering out; it generates a tremendous amount of data. They filter out what's needed and give me what I need to pay attention to. That's hard to do in a lot of the other products. The product provides us with a flexible solution that helps protect our entire IT environment. I only take advantage of it on the server side. I don't need it for my desktops, however, certainly, they offer that. Overall, it is quite flexible as evidenced by the fact that when it's first tuned, you get a large amount of data, and they're able to fine-tune that over time. To me, that's really important. We operate with their SOC. They are really nice guys. Great to work with. In terms of the SOC when it comes to alert monitoring and threat hunting, they do a great job. The fact that they're able to tune it for me over time and build a relationship is helpful. Some of those guys have been there for ten years. Is really important to us. They know what's valuable to us and what we want to see. We have the SOC provide a regular meeting. It's quarterly. We all get together, and I let my engineers do it over the phone. They'll let us know: "We're seeing this. This isn't important." They voluntarily call things to our attention and so on. It's a real value add working with them. The SOC is helpful for eliminating false positives. It filters out unneeded and unnecessary alerts and calls my attention to what's really important and what I need to pay attention to. Expediting incident response is really great. What's really nice is I haven't had to use it. So I don't have any examples. That said, they're really quick to respond. Again, that comes back to the SOC. They're there all the time. So they are looking at our stuff 24/7. We pay for that, yet it's a really valuable aspect of the service. Using the SOC affected our ability to focus on, for example, any other tasks. They've taken a whole bunch of work off my team and made it easier for them to do other important aspects of what we do every day in our bank. Monitoring helped to boost your SecOps productivity. It's decreasing the tedious SecOps management tasks. The time it's saved us per week is an FTE equivalent or more. That's easily 40 to 60 hours a week. It's saving my team. There's no doubt in my mind. It's probably more than that, however, I could confidently say it's 40 to 60 hours a week. The product has reduced the time to detection in my estimation. I haven't had any, however, it's clear to me that they would help. When we have had something that's been sort of fishy, they definitely chime in, and we get a notification from them almost immediately.
Read full review
MB
Jun 15, 2023
Good for file integrity monitoring
There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"What I like most about Netsurion is the level of visibility and reporting."
"Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
More Netsurion pros
"The deployment is easy and they provide very good documentation."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Its cost-effectiveness is the most valuable aspect."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"I like that the solution is on top of the Kubernetes stack."
"The product’s interface is intuitive."
"The tool is stable."
"It offers built-in modules for file integrity and vulnerability management."
More Wazuh pros
 

Cons

"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
More Netsurion cons
"Wazuh is missing many things that a typical SIEM should have."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"It would be great if there could be customization for the decoder portion."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
More Wazuh cons
 

Pricing and Cost Advice

"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
"Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."
"The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."
"The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high."
"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."
"It is a bit expensive as compared to some of the other products that have come out in recent years. Expense-wise, the only downside is that it is not cheap."
More Netsurion pricing and cost advice
"It is a free-of-cost solution."
"Wazuh is free and open source."
"Wazuh is an open-source tool, which means it is freely available for use."
"There is not a license required for Wazuh."
"It is an open-source product."
"The solution's pricing is very competitive."
"It is a cost-effective solution."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
More Wazuh pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
28%
Manufacturing Company
12%
Government
8%
Financial Services Firm
6%
Computer Software Company
17%
Government
7%
Manufacturing Company
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Netsurion Managed Threat Protection?
Expediting incident response is really great.
See all answers
What is your experience regarding pricing and costs for Netsurion Managed Threat Protection?
Their pricing is high. I don't know if it's a barrier. The quality speaks to the price. The price is the price. They provide what they promise. From a purchasing perspective, I just have to come ba...
See all answers
What needs improvement with Netsurion Managed Threat Protection?
There is one area that needs improvement and that is with the agents and the server that's on-site. The system requirements are very, very high. So I need a pretty powerful server to run. If they c...
See all answers
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
See all answers
What needs improvement with Wazuh?
I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating mu...
See all answers
What is your primary use case for Wazuh?
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.
See all answers
 

Comparisons

Arctic Wolf Managed Detection and Response vs Netsurion Logo
Arctic Wolf Managed Detection and Response vs Netsurion
Compared 49% of the time
CyberHat CYREBRO vs Netsurion Logo
CyberHat CYREBRO vs Netsurion
Compared 26% of the time
Sumo Logic Security vs Netsurion Logo
Sumo Logic Security vs Netsurion
Compared 25% of the time
More Netsurion Competitors
Security Onion vs Wazuh Logo
Security Onion vs Wazuh
Compared 15% of the time
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Compared 13% of the time
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Compared 11% of the time
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Compared 9% of the time
Graylog vs Wazuh Logo
Graylog vs Wazuh
Compared 6% of the time
More Wazuh Competitors
 

Product Reports

Buyer's Guide
Netsurion
July 2024
Netsurion reportDownload Netsurion product report
Buyer's Guide
Wazuh
June 2024
Wazuh reportDownload Wazuh product report
 

Also Known As

Netsurion Managed Threat Protection, Netsurion EventTracker
No data available
 

Learn More

Video not available
Netsurion
Wazuh
 

Overview

Our open XDR platform unifies your existing security telemetry to deliver wider attack surface coverage and deeper threat analytics resulting in greater security visibility. Our SOC does the heavy lifting for you of proactive threat hunting, event correlation and analysis, and provides you with guided remediation. The result is a force multiplier that allows your IT team to be confident and in control again while also maximizing all of your cybersecurity investments.

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

 

Sample Customers

The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Information Not Available
Buyer's Guide
Netsurion vs. Wazuh
July 2024
Free Report: Netsurion vs. Wazuh
Find out what your peers are saying about Netsurion vs. Wazuh and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Netsurion vs. Wazuh report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.