Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Log Management
September 2022
Get our free report covering Splunk, IBM, Securonix Solutions, and other competitors of Exabeam Fusion SIEM. Updated: September 2022.
632,611 professionals have used our research since 2012.

Read reviews of Exabeam Fusion SIEM alternatives and competitors

Ibrahim Albalawi - PeerSpot reviewer
SOC Leader at a tech consulting company with 51-200 employees
Real User
Less false positives, good detection and integration capabilities, and good pricing
Pros and Cons
  • "The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
  • "The incident response area should be improved."

What is our primary use case?

We are using it for monitoring firewalls, Windows operating systems, some Linux operating systems, active directories, and some of the solutions in the cloud such as Office.

In terms of deployment, everything is in the cloud. Our licenses are on the cloud. We don't deploy anything on premises except the RIN.

How has it helped my organization?

We are a managed service provider, and we offer this service to third-party clients. Most of our clients are very happy with the solution. We can detect a lot of threats, which are not false positives, and we can describe the threats very well. A lot of information can be obtained from this SIEM, and we can provide very good incident reports to our clients.

We were using another solution previously. The other solution couldn't compete with the features and functionality that we were looking for as a managed service provider. Some clients ask for specific features, and we couldn't complete those needs with other products. They were more about calculations, such as events per second (EPS). With Securonix, it is easier to sell the product and make quotes for our clients. It has helped us a lot at the administration, commercial, and operation levels.

It provides actionable intelligence on threats related to our use cases. It can detect violations and reduce false positives. This actionable intelligence is one of the most important parts because we have suffered with some of the other solutions in terms of receiving a lot of events and alarms where most of them were false positives, which made it a bit difficult for us to investigate and generate incident reports. Securonix is handy for engineers and the security operations center.

Its analytics-driven approach is pretty good at finding sophisticated threats and reducing false positives. When it comes to monitoring network devices, such as firewalls, it can detect behaviors that would be difficult for other solutions to detect or for normal engineers to detect manually. It has a lot of violation policies, and it is very handy and helpful at this level.

It adds contextual information to security events, which is one of the most important points. We can fill a lot of information into our reports for our clients.

Everything is saved for us and indexed. We can review any event we need within three or six months. We can review even when the data is in the cold phase. We never faced any case where we lost any event data. When clients asked about some events in the past, we could find them very easily and without any issues by using the queries.

It improves analysts' efficiency to do more with less time. Spotter is one of the best tools for me for searching and visualizing various things such as policies. With the Spotter language, you can search for whatever you need. You can search for any endpoint, any IP, any hostname, or any violation name. Even though it is not very fast, it is fine for us. Splunk or Elasticsearch is faster than Securonix because this is their job. Even though Spotter is not as fast, it has been helpful for us.

What is most valuable?

The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions. This was one of the reasons we decided to try or move to Securonix. Other products generated thousands of events, and a lot of them were false positives, which made it difficult for us to handle all the events. For example, we were monitoring a firewall internally, and that firewall generated about five million events per month. The previous product detected almost 1,000 to 1,500 events as positive events, whereas Securonix generates less than 200 events, and most of them are not false positives.

It can integrate with a lot of solutions. Being able to ingest all our log sources when investigating threats is one of the good points of Securonix. After we started to use Securonix, we could integrate a lot of solutions, which we couldn’t do previously. It works with many devices, platforms, and cloud solutions. It is pretty good in terms of integration.

What needs improvement?

The incident response area should be improved.

It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult.

When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

For how long have I used the solution?

I have been using this solution for one year.

What do I think about the stability of the solution?

It is stable, but it slows down or gets stuck when you have a lot of tabs open.

What do I think about the scalability of the solution?

Overall, it is scalable, but when you are investigating a lot and you have a lot of tabs open and are involved in big work, it sometimes becomes slow or gets stuck.

In terms of its users, our SOC team has three engineers, and I am the fourth one. We have three clients for now for Securonix. We use it internally to monitor our company. Overall, there are five or six users using the interface, investigating, and reporting to the clients.

How are customer service and support?

Most of the time, their support is very good, but sometimes, we had to escalate the issues. Sometimes, we opened a ticket, and we immediately received an answer for fixing the issue, but at other times, we got a response after one, two, three, or even seven days. I guess it is based on the impact or severity, but when we have an urgent issue or problem, Securonix solves it very fast. I would rate them an 8 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were previously using Splunk, and we wanted to continue, but when we did the evaluation, we found Splunk to be more difficult to implement than others. It is fine to operate it, but its implementation is more difficult. It also had fewer features than Securonix. Securonix is dedicated to security information event management, but this is not the main functionality of Splunk. Even though Splunk is very strong in security, and we have been using it, when it comes to, for example, machine learning, Securonix has pre-configured policies. So, we don't have to spend that much time, whereas when it comes to Splunk, we have to configure everything. We have to install the applications and configure the dashboards. Considering the functionalities, features, and pricing, we felt that Securonix would be the best option.

It is better than previous solutions in terms of threat investigations and onboarding. That's because most of the other solutions are based on rules. Sometimes, there is no intelligence when it comes to detection, whereas Securonix has policies that are a collection of rules. Securonix doesn't only extract the log and tells us that it is a low-impact event or informative event. It also tries to correlate most of the events according to the policies and takes us to the main point. This is how Securonix has helped us to reduce a lot of false positives. Other solutions only worked with rules, and they only sent us events. We had to review most of those events, which is not the case with Securonix. It has a lot of policies for all types of detections. There are almost 1,000 policies, and Securonix can correlate various types of behaviors and pieces of evidence to detect advanced threats. It is good at this level.

How was the initial setup?

We have the cloud license of Securonix. Everything is on the cloud. We only implement RIN on-premises, which is straightforward. You just download the executable, give it permission, and execute it. You provide the information it asks. There are a few packages that you need to install previously, but overall, it is very handy and straightforward.

What about the implementation team?

I implemented it on my own. 

What's my experience with pricing, setup cost, and licensing?

Its price is fine. We found it to be cheaper than LogRhythm, Exabeam, Splunk, as well as Elastic Security. A few months ago, when we were comparing Securonix with Elastic Security, we found Securonix to be cheaper than Elasticsearch. We were pretty surprised that Elastic Security is more expensive than Securonix because Elasticsearch is just starting, and it cannot compete with Securonix at this time. So, the pricing of Securonix is pretty good for now.

Which other solutions did I evaluate?

We tried to evaluate some of the other products, but we decided to go with Securonix for the business part. It was easier for us to meet the needs of our clients related to calculations.

We evaluated LogRhythm. The first problem that we faced with LogRhythm was that it would have been pretty difficult for engineers to handle in terms of the user interface. As compared to Securonix, it was also very expensive. Securonix had most of the features or functionalities that we were looking for. We also evaluated Exabeam, and we had the same problem with the price and features.

What other advice do I have?

It has somewhat reduced the amount of time we require for investigation. It hasn't probably helped in detecting advanced threats faster along with lower response times because there is this gap between the RIN receiving the information and then sending this information to the cloud. This gap makes it a little bit late as compared to other solutions. Other than that, it is good.

I would rate it a 9 out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Flag as inappropriate
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
Not user friendly, doesn't integrate well, and has terrible technical support
Pros and Cons
  • "The solution can scale."
  • "The solution is clunky."

What is our primary use case?

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

How has it helped my organization?

It helped our organization in the sense that having it was better than nothing. However, I did not enjoy the product overall and I advised we switch to something else.

What is most valuable?

The user behavior analytics as part of our deployment was okay, even though it was clunky.

The solution can scale.

What needs improvement?

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.

The solution is clunky. 

The interface could be much better.

The integration capabilities within the product are not that great.

For how long have I used the solution?

I've been using the solution for about two years at this point. My team has been using it for two to three years, so we have a total of about five years of experience in all.

What do I think about the stability of the solution?

I wouldn't describe the solution as stable. 

It was really buggy. Like other app integrations, it wasn't straightforward. It was pretty clunky. We tried to integrate Qualys with it and it wasn't effective. To integrate anything took quite a bit of time and energy. It wasn't easy. When it did, it didn't work properly. It wasn't really pulling in the data correctly.

What do I think about the scalability of the solution?

Scalability was hard as it was on-prem. We needed to add more modules, and had to add more of the servers to stack it. It wasn't that a simple task at all. I wouldn't say that it scales well, although technically, you can scale it.

When we were using the solution, we had ten to 15 users on it. They were anyone from Information Security Engineers to regular IT admins.

How are customer service and technical support?

Technical support was awful. We often didn't even have any assistance available to us. On a scale from one to ten, I'd rate them at a three. We were very unsatisfied with the level of support we received. They just simply weren't helpful when it came down to it.

Which solution did I use previously and why did I switch?

The organization didn't previously use a different solution before choosing QRadar.

We actually switched to LogRhythm as I didn't like how the solution was working for the organization.

How was the initial setup?

I didn't handle the initial setup. It was handled before I arrived at the organization.

What other advice do I have?

I'm not sure of which version of the solution we're using.

I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. 

Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC.

Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director General de España at a cloud provider with 51-200 employees
Real User
Integrates with every technology, easy to use, and good for analytics and cybersecurity

What is our primary use case?

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

What is most valuable?

It is very easy to use and integrate. There are connectors for every technology.

What needs improvement?

The UI can be improved. Dashboards and reports can be better in terms of graphics.

For how long have I used the solution?

We have been using this solution for a few years. In 2016, we became a Splunk partner.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

How are customer service and support?

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

Which solution did I use previously and why did I switch?

We tried to work with Exabeam for user behavior analytics, but we stopped it.

How was the initial setup?

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

What other advice do I have?

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Flag as inappropriate
Md. Shahriar Hussain - PeerSpot reviewer
Cyber Security & Compliance Lead Engineer at Banglalink
Real User
Top 5Leaderboard
Other solutions perform better and have a slicker GUI, but this one is cheaper
Pros and Cons
  • "We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
  • "ArcSight ESM needs to improve performance, user interface, and automation."

What is our primary use case?

We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.

How has it helped my organization?

ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage. 

What needs improvement?

ArcSight ESM needs to improve performance, user interface, and automation.

What do I think about the stability of the solution?

ArcSight has become more stable with the latest patches that have come out, but we also have had many difficulties applying the patches

What do I think about the scalability of the solution?

It's costly to scale up ArcSight ESM, but it's scalable. You have to pay for extra storage, licenses, and log processing.

How are customer service and support?

ArcSight support is okay but slow. It isn't provided promptly. There is a vast time difference between American time and East Asian time. 

How was the initial setup?

Setting up ArcSight is very complex. Nothing about it is user-friendly.

What's my experience with pricing, setup cost, and licensing?

ArcSight's price is reasonable. That's why our company was forced to buy this. It's cheaper than some of the better solutions. 

Which other solutions did I evaluate?

LogRhythm has a better GUI and some automation options, like an automated password writing script. In Exabeam, I can see an event with the user's picture, which Exabeam can draw from the Active Directory. It has a better GUI, better performance, and customization. I expect these things from ArcSight, but it can't deliver yet.

What other advice do I have?

I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Log Management
September 2022
Get our free report covering Splunk, IBM, Securonix Solutions, and other competitors of Exabeam Fusion SIEM. Updated: September 2022.
632,611 professionals have used our research since 2012.