We performed a comparison between Securonix Next-Gen SIEM and Securonix UEBA based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI of Sentinel is very good and easy to use, even for beginners."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Log aggregation and data connectors are the most valuable features."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
"The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features."
"The most valuable feature is that it works on user behavior and event rarities."
"The machine-learning algorithms are the most valuable feature because they're able to identify the 'needle in the haystack.'"
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"The feature dashboard is very well organized and intuitive to use. It organizes information on a timeline which is exactly what we need for insider threat future-analysis."
"Their user and entity behavior analysis algorithms are the most valuable features."
"One of the most valuable features is UEBA. It's pretty helpful for us to make sure of our thresholds for any of our clients."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"We'd like also a better ticketing system, which is older."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"One of the things they can improve on a little bit is the usability side, to make some things simpler... The tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
"Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"The area that needs improvement is reporting."
"There is room for improvement in the algorithms. Although I said that we have a very solid starting point - our existing library is already very comprehensive - we constantly find areas where we need to develop new algorithms. That is common across platforms. Any vendor with a solid starting point would still need to continue to evolve."
"When compared to others, if you look at the integration aspect, I believe that some aspects of integration can be enhanced."
Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews while Securonix UEBA is ranked 14th in User Entity Behavior Analytics (UEBA) with 3 reviews. Securonix Next-Gen SIEM is rated 8.6, while Securonix UEBA is rated 10.0. The top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". On the other hand, the top reviewer of Securonix UEBA writes "Inbuilt detection algorithms, attentive technical support, and reasonably priced". Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Exabeam Fusion SIEM and USM Anywhere, whereas Securonix UEBA is most compared with IBM Security QRadar, Splunk User Behavior Analytics and ArcSight Analytics. See our Securonix Next-Gen SIEM vs. Securonix UEBA report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.