Coming October 25: PeerSpot Awards will be announced! Learn more

DNIF OverviewUNIXBusinessApplication

Buyer's Guide

Download the Log Management Buyer's Guide including reviews and more. Updated: September 2022

What is DNIF?

DNIF offers solutions to the world’s most challenging cybersecurity problems. Recognized by Gartner and used by some of the well-known global companies like PwC, Vodafone and Tata, this next generation analytics platform combines Security and Big Data Analytics to provide real-time threat detection and analytics to the most critical data assets on the Internet. With over a decade of experience in threat detection systems, DNIF has one of the fastest query response times and bridges the gap between searching, processing, analyzing and visualizing data thereby enabling companies with better SOC (Security Operations Center) management.

DNIF Customers

Vodafone India, IDEA Cellular, RBL Bank, NCDEX, NSE

DNIF Video

Archived DNIF Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Exec. VP & Head - IT at a consultancy with 11-50 employees
Real User
Fast and stable but needs better intelligence feeds
Pros and Cons
  • "The solution is quite stable and offers good performance. It also works on a virtual machine. We haven't found any issues with it so far. It's been reliable."
  • "The vendor is fairly new and it's not as big as some of the international competitors. It's not a mature product. If you ask them to move data, it might take a lot of time."

What is our primary use case?

We have integrated all our network devices, our servers, and our applications as well as some customized applications. We use the solution to collect the logs. We track items such as unsuccessful logins, any identical opening identification, repeated use of passwords within a certain timeframe, unsuccessful login attempts, etc.

What is most valuable?

The process is quite fast. It's basically on a loop.

The typing of passwords onto a new application account is very simple.

What needs improvement?

The vendor is fairly new and it's not as big as some of the international competitors. It's not a mature product. If you ask them to move data, it might take a lot of time.

There needs to be more knowledge sharing with the team in order to develop out the product.

The solution needs to come up with its own intelligent feeds. They had a form of tech management that they are probably not updating anymore. It's something they need to work on.

For how long have I used the solution?

I've been using the solution for more than two years.

Buyer's Guide
Log Management
September 2022
Find out what your peers are saying about NETMONASTERY, Splunk, IBM and others in Log Management. Updated: September 2022.
632,779 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is quite stable and offers good performance. It also works on a virtual machine. We haven't found any issues with it so far. It's been reliable.

What do I think about the scalability of the solution?

The solution is scalable. If a company needs to expand, it shouldn't have trouble doing so. 

Currently, we have about 40-50 devices on the solution. User-wise, we have about 50 people on it.

How are customer service and support?

We haven't had too many instances in which we had to reach out to technical support. Mostly, we went through an integrator. However, there were times I had to escalate. It's a small team. I was able to speak directly to the CEO. He even came to our office for a visit. 

Which solution did I use previously and why did I switch?

We didn't previously use a different solution. This is the first solution we've used for this type of service.

How was the initial setup?

The initial setup was straightforward. It was not complex. We were a new company, so we were starting from scratch, which made it easy to set things up. We didn't have packages we needed implemented individually.

When it came to deployment, first we just took the responsibility of ensuring that all logs started coming into the data store. Then we casually started taking some of the use cases that came along with it. Shortly after that, when our application started coming, we implemented it. The first set of integrating applications included 40 devices. In the end, it took about two or three months.

What about the implementation team?

We implemented the solution with the assistance of integrators.

Which other solutions did I evaluate?

We didn't look at other vendors before choosing this solution. We planned ahead specifically with this solution.

What other advice do I have?

We're just a customer. We're not a partner or reseller.

While we use the on-premises deployment model, our data center is outsourced, and we have dedicated servers for it.

Other companies should see the capability of the tool to integrate into their current solution. It's something they should look into. 

Since I don't have much experience with other solutions, and can't compare it to anything, I'd rate the solution six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ramasamy Balakrishnan - PeerSpot reviewer
CEO at Irisk Assurance Consultancy Services Pvt Ltd
Real User
Powerful analytics and machine-learning enable us to find attack patterns
Pros and Cons
  • "The response time on queries is super-fast."
  • "The User Behavior Analytics is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network."
  • "The solution should be able to connect to endpoints, such as desktops and laptops... If this solution had a smart connector to these logs- Windows, Linux, or any other logs - without affecting the performance of the connector, that would be wonderful."

What is our primary use case?

We are a security operation center and we implement and manage DNIF for clients.

As a SIEM solution, it collects logs not only from network devices like firewalls, servers, databases, switches, or routers, but it also collects logs from applications.

The use case is that we can develop very complex correlation rules, correlating the application logs and the device logs. It enables us to detect fraud within organizations by correlating multiple logs from multiple data sources.

How has it helped my organization?

Many other SIEMs do not collect from the application logs. This solution enables us to collect logs from applications like SAP and Oracle.

We are also able to develop correlation rules very easily. The tool provides a query language called EQL which is very easy to understand. It is very easy to create queries using this language, enabling us to create exception reports. 

What is most valuable?

The solution is based on a big-data platform and the response time on queries is super-fast. That's why we like this solution. It is 30 times faster than traditional SIEMs. It provides responses to queries within a minute. That's the most impressive feature we have found in this product.

Also, the UBA, the User Behavior Analytics, is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network. That's an amazing feature of this product.

What needs improvement?

The solution should be able to connect to endpoints, such as desktops and laptops. Endpoints are also vulnerable to malware attacks and they generate a lot of logs. If this solution had a smart connector to these logs - Windows, Linux, or any other logs - without affecting the performance of the connector, that would be wonderful.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The solution is absolutely stable and scalable. It doesn't fail easily. It's quite good. It accepts the logs consistently and steadily and it doesn't drop any packets.

What do I think about the scalability of the solution?

The scalability is excellent. You can scale up from a few gigabytes to terabytes or even petabytes. The scalability is never a question.

How are customer service and technical support?

Technical support is good. They have a good technical team in India, so we have no problem.

They also have a training division and they keep training our engineers. They are always in touch. We have their telephone number and e-mail for support, so we can always reach out to them in case our consultants or security analysts have any doubts or need clarification. They are always there. The provide 24/7 support.

Which solution did I use previously and why did I switch?

Previously, we were using ArcSight and AlienVault. We switched because this is the next generation of SIEM. It is much faster and, technology-wise, it is much better. It has UBA, User Behavior Analytics, which other solutions don't have. It has very powerful analytics and machine-learning technology, which enables us to find a pattern of attacks. It understands what normal user behavior is and, if there is abnormal behavior, it detects it and reports it. Machine-learning concepts are also embedded in the solution and that's one of the reasons we switched. This is futuristic technology.

How was the initial setup?

The setup is straightforward. Their architecture includes an adapter. Using it, you can easily connect to different devices for collecting logs. The solution has a data store and the adapter sends the logs to the data store. There is a correlation engine from which you can correlate the logs and reports. They have both a cloud-based and on-premise model also. Overall, it is not complex, it is quite easy to do.

The deployment depends on the client environment. If the client has only one location, we can deploy within ten to 15 days. If a client is spread across geographies, it will take more time: two, three, or four months. It all depends on the number of locations the client has and the number of devices. If the device list is small, we can do a very fast implementation. If the device list is big, it's going to take time.

Typically, although it depends on the number of locations, about two to three people would be enough to do the deployment. But to monitor the data in our security operations center, we typically require three level-one analysts. Each of our three shifts requires three people. There will also be a couple of level-two and a level-three. So about five to six people are enough to monitor a single client.

What's my experience with pricing, setup cost, and licensing?

The pricing is based on the log size. We have a log calculation sheet. When we approach a client, we ask them how many devices they have, how many firewalls, how many Active Directory servers, how many routers, and how many applications. We calculate the events per second, events per day, and events per month. Based on the log volume we charge a price per GB. For each GB we charge about 150 Indian rupees.

This price is only for the license subscription. On top of it, we add the service cost of monitoring. It depends on the size and volume.

Which other solutions did I evaluate?

There is one more option which has been developed in India and we are also using that. But DNIF is much more mature. The other one is called Khika. It is also good but it is still new to the market. We are still evaluating them and we are using it for smaller deployments. Cost-wise, Khika is cheaper, but feature-wise, DNIF is probably slightly better.

What other advice do I have?

I would definitely recommend DNIF.

We have been using this solution for about six months now. It is a very new solution. It is a next-generation SIEM with security analytics and UBA - User Behavior Analytics. We have a very good team of security analysts who manage installation, implementation, and monitoring of the solution.

DNIF is much faster, much more responsive, and far superior when compared to competitive tools.

It offers a cloud model, in a very secure way, or you can deploy it on-premise, where it is much safer. Here in India, and even elsewhere, banks have a policy of not letting their data outside of the organization's data center. For those banks, DNIF will have to be deployed on-premise. For other organizations, whether they are e-commerce, manufacturing, or any other type, they can deploy it on the cloud. The cloud version is also is quite fast. The log collection works quite well, consistently. Our consultants are able to remotely monitor and do their jobs properly.

End-users don't use this solution. The main job of this solution is to collect the logs from different devices. The end-users do their normal e-mailing, their normal transaction-processing, etc. But their log sessions, their logins and logouts, are logged in Active Directory. Or if somebody accesses the internet, they have to pass through the firewall and, based on the firewall rules and policies, they are allowed access to different websites. All these sources have logs that are collected and sent to the DNIF. The solution stores the logs. 

Our security analysts monitor them to find out if there is any malware, attack, or hacker who is hacking at a client and we report on that. The users are the information security team. On our side, the users are my security analysts.

We not only find out if there is an anomaly or any malware, we also do incident response. We have a ticketing tool and use that tool to report if there are any serious incidents which need to be looked into immediately, and we resolve it along with the client team.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Siddhant Mishra - PeerSpot reviewer
Siddhant MishraCyber Security Consultant at NETMONASTERY Inc.
Consultant

Thank you so much for your kind words, Ramasamy Balakrishnan. We’re happy to hear we hit the mark for you!

We really appreciate you taking the time out to share your experience with us—and we agree that DNIF should be able to integrate with endpoint devices. DNIF does ingest logs from these endpoints with the help of Syslog and Nxlog, however endpoints are better managed using an Endpoint Detection and Response(EDR) tools which can then be integrated with DNIF to run advanced correlation.

DNIF complements point focussed security solutions like EDR or Web Application Firewalls(WAF), etc to provide a holistic view of the security posture. Here is a link that you might find useful: https://dnif.it/docs/integration/

Buyer's Guide
Download our free Log Management Report and find out what your peers are saying about NETMONASTERY, Splunk, IBM, and more!
Updated: September 2022
Buyer's Guide
Download our free Log Management Report and find out what your peers are saying about NETMONASTERY, Splunk, IBM, and more!