Netsurion Reviews

The pricing and licensing experience with Netsurion has been positive overall. Reviewers mention there haven't been any surprises with pricing and licensing, as the costs are clearly laid out based on factors such as the number of nodes on the network. 

Netsurion has had a positive impact on the organization's ability to identify and understand sophisticated threats. The managed SOC component of the solution has been particularly valuable, freeing up staff to work on other responsibilities and saving on the need to hire specialized personnel. Implementing Netsurion has resulted in time and cost savings, as it eliminates the need to hire additional staff or invest in building internal alert systems. 

The solution provides actionable results about threats like ransomware, potentially preventing costly incidents. Netsurion also enables the organization to devote time to other projects and improves its overall security posture. 

The primary use case of Netsurion is to provide managed SIEM services for organizations. It collects log information and events from different systems, analyzes them for security-related issues, and alerts the company. 

Netsurion also helps organizations meet compliance requirements such as HIPAA and PCI. It allows companies to monitor their environment for unusual actions and provides protection through a deny-all policy. Netsurion is used by decentralized companies with multiple locations and endpoints, allowing for log forwarding and monitoring on workstations and servers across various cloud platforms. 

It is particularly valuable for small businesses that lack dedicated security professionals.

The most valuable features of Netsurion include: 

• its threat detection and response capabilities
• visibility into unauthorized downloads and software procurement procedures
• managed vulnerability management and IOC reviews
• actionable threat intelligence
• consolidation of cybersecurity technology
• 24/7 analysis and alerting by the SOC team
• analysis of non-obvious threats
• noise reduction in SIEM
• EDR component for analysis
• remediation for endpoints
• exposure of vulnerabilities and guidance for PCI compliance
• industry-standard MITRE ATT&CK framework for threat identification and understanding

Some areas for improvement on Netsurion are:

1. Lack of feedback on options for taking action in response to threats. Users would like to know if it is possible to take specific actions through the SIEM service or agent.

2. Slow response time in notifying users about identified threats. Users would prefer to be informed promptly rather than hours later.

3. Insufficient understanding of users' networks by the SOC team, which negatively impacts security posture. Users suggest having a dedicated server for Netsurion to avoid resource contention with other servers.

4. Improved communication with the SOC team. Users would like more interaction and assistance in going through generated reports.

5. Need for a web portal instead of receiving data in an Excel spreadsheet. Users would prefer a portal that aggregates data and highlights hotspots, similar to Arctic Wolf.

6. Development of the product to utilize internet options inherent in the operating system for better communication and security. Users suggest redeveloping the application to be more compatible with current technology.

7. Faster response time for operational events, such as lockouts, to enable timely action. Users want quicker updates on non-high security events to optimize network traffic.

8. Improvement in weekly reporting, including timely incorporation of landscape document details.

The initial setup for Netsurion was generally straightforward and easy to deploy. Some users found it relatively simple, especially with the assistance provided by Netsurion's team. They mentioned that the deployment process took some time, ranging from several weeks to 90 days, depending on the specific circumstances. 

There were also a few users who encountered challenges during the onboarding process. They noted that technical resources from Netsurion were lacking, resulting in a longer onboarding period than expected. 

The scalability of Netsurion appears to be highly satisfactory. Users have mentioned that it scales well and has been utilized across their systems without encountering any difficulties. They express confidence in the solution's ability to accommodate future growth, with some even stating that they could expand further without concerns. 

While there are additional paid features available, users indicate that the current licensed features are being fully utilized. 

Netsurion's customer service and support have received positive feedback from users. The SOC team is considered the most important part of the solution, with professionals who do a good job. However, there is room for improvement in terms of faster communication. 

Users appreciate the fact that they have consistent contact with the same people, who are familiar with their company and previous issues. The support team is responsive and takes care of problems quickly, although there may be a slight delay due to the time difference with the team in India.  

Users also mention that the SOC was instrumental in the onboarding process and provides helpful guidance. Netsurion's technical support is highly regarded and accommodating. 

Custom requests are handled efficiently, and regular communication and follow-ups are conducted. 

The stability of Netsurion's solution has been mostly satisfactory, with the occasional issue of agents not reporting in. 

There have been instances where the software agent had problems, causing it to report as offline even though it was online. This was frustrating and the performance of the hosted on-premise hardware was also poor. There were severe hardware problems with the server that were not communicated to the user until they needed to check on something. 

However, other than these specific incidents, there has been no downtime and Netsurion is generally considered highly stable. 

There have been minor issues such as specific endpoints not reporting due to misconfiguration and these were promptly fixed.