Netsurion Reviews

Our IT department has limited time and resources. We are unable to create our own SOC, therefore Netsurion has helped us accomplish more security initiatives and monitors our environment.

Netsurion provides us with information that we never saw before. The solution helps us see it, capture it, bring it together, report on it, and derive analytics from it. They've provided visibility that we've always wanted but never had. When I'm speaking to the board information from Netsurion helps me provide them and senior leadership pertinent security information from within our environment. We provide a visual map of where potential bad actors are trying to connect from. We can see which applications attackers are trying to exploit. It drives dialogue that helps increase security awareness. It also enables us to justify our security budget.

Extending our detection and response through integration is something we're exploring. We have various products that we currently integrate into Netsurion. Our organization typically takes a best-of-breed approach for software selection. We will explore more integrations to see if there are efficiencies to be gained or if we can achieve quicker reporting and remediation.

Netsurion offers a flexible solution that covers our entire IT environment. They're another resource for us and act as an extension to our existing security resources. Netsurion isn't just monitoring our environment, reporting on it, and letting us take care of it. We bounce questions off them, and they help us dig deeper into incidents as they happen. 

They provide us with the necessary information to make business decisions based on some of these events. Netsurion is more than just a vendor to us—they are truly a partner that has changed how we approach security.

Their SOC is going above and beyond. They're our first MDR. Netsurion prefers to label itself as an XDR, but we've never had a managed response at that level. We had someone watching our perimeter firewall before, and we would run unannounced penetration tests against our environment. That organization was not able to detect the anomalous activity.

When we ran tests with Netsurion, their SOC investigated things and pinpointed exactly what was going on within two minutes. We've been able to verify the work they're doing. It's nice to have an organization watching my back while I'm trying to do what I need to do.

We like to investigate and find any anomalies. Whether we or Netsurion see activity taking place, they have the resources to monitor logs and do the investigations that we are too strained to perform. They can identify the activity causing the incident. By seeing the whole picture, it has helped us make decisions that reduce our false positives.

As an example, we requested specific logs from our web filter, and the response of Netsurion's SOC was above and beyond what the contract specified. Not only did they provide the data requested, but they also modified the visual presentation to our specifications.

Using Netsurion's SOC has freed me up to focus on other tasks. Initially, my role was purely focused on day-to-day security. My role has transitioned into
managing half of our IT department. I have less time to focus on day-to-day tasks. Most of that work has been transferred to the SOC. We have utilized them far more than we ever expected.

When we signed an initial contract three years ago, we wanted to see what we could get from the service. As we get ready to renew the contract this year, we're looking for more ways to utilize their services because budgets are getting tighter. We are exploring ways to take advantage of the SecOps management features.

Our time-to-detection has decreased exponentially, but I don't know how to quantify it because we weren't seeing the things that they're reporting. We knew they were there, but that level of visibility wasn't there. They notify us in under five minutes about issues we never would have known about before.

The remediation time has also improved exponentially. We can't remediate an issue unless it's known. As soon as an incident is detected, they notify us within a few minutes. We've remediated most issues in under five minutes.

What I like most about Netsurion is the level of visibility and reporting. We integrate multiple solutions and feed them into the managed services. It provides a single-pane-of-glass view. Having that data integration makes it easier.  Instead of logging into all these different solutions to find the essential things we're trying to home in on, we can log into Netsurion. We have them monitoring for specific events and activity, and they report alerts within a few minutes.

The integration is easy. We define the requirements, and they make it happen. We don't have an SLA for how quickly it needs to be integrated. You give the requirements and they make it happen. Communication is consistent and thorough. Validation testing is also done to ensure our needs have been met.

There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user. That's something that could be simplified, but I have no complaints about the product or the service they provide. They're phenomenal.

We are going into the third year of our contract with Netsurion.

At times, the agent may consume a lot of resources, but that typically happens when the agent is running on some assets that are near the end of life. 

We have not contacted technical support directly because we work strictly with our SOC. We've had relatively few issues with it outside of requests or alerts.

We had a company that did some network monitoring, but we were unsatisfied with their detections, and they were not responsive. 

The deployment couldn't have been easier and required approximately three staff on our side. After installation, Netsurion doesn't require much maintenance aside from providing the resources for the solution to run on. We go through support to request upgrades and customization. They take care of all of that. We only need to allocate resources. 

Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract. 

We looked at Splunk, LogRhythm, and SolarWinds. We may have evaluated some other solutions, but those were the main players. We chose Netsurion after consulting with other organizations in our industry. Netsurion is a highly respected company with a good reputation. They also seemed more than willing to adjust to our environment. With some of the larger players, you have no choice in how to utilize their product. Netsurion was accommodating to all our requests. 

Obviously, pricing was a factor. They weren't the cheapest or the most expensive. Ultimately, it came down to how they could help us. It felt like they wanted to work with us to enhance our security posture and get us where we needed to be versus just selling us a service and a product. They wanted to work with us.

We use Netsurion to meet our HIPAA and PCI compliance requirements and to implement best security practices. Before we implemented Netsurion, our company had no visibility into the environment. We use it to alert us about unusual processes that may be executed. After an investigation, we whitelist or blacklist those processes. It also helps us manage our asset inventory and respond to threats as they arrive. 

Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred.

With Netsurion, we've also consolidated a lot of our cybersecurity technology. Case in point, Netsurion can aggregate the log files from a Meraki wireless access point, which correlates that data, so that minimizes the time necessary to investigate. They have already taken care of the heavy work. With Netsurion, I take their data, and I know where to start.

Any security professional will agree that if you don't have a solid understanding of your inventory of assets, it's going to haunt you. In this case, it provided me the opportunity to see what's out there. This is especially crucial given that we have some BYOD devices that are not allowed onto the network. I was able to spot those devices and enable conditional access through our Azure Active Directory.

It has reduced the amount of time it takes to identify and respond to constantly evolving threats. We don't know everything. So we could have something that we've never seen before and it requires research on my part, which can be very time-consuming. I like to have the reference readily available.

The managed security solution has freed up IT staff time to work on other things. Our IT team is tiny. I am the only security person in a company with more than 5,000 employees. I don't have to focus on security 24/7, which frees up a lot of time and lets me have a work-life balance. It's equivalent to saving us the cost of three full-time employees at 40 hours a week. The SOC is an essential component. It's crucial to have those individuals correlating and reporting on alerts or taking care of events that don't need to be reported. That's a lot of manual work.

I'm new to the company and the environment, so it's valuable for me to see what is deployed and what processes are being executed in the environment to ensure that nobody is running something that may have malware or infections. Netsurion's log aggregation feature is something I use heavily. They use Elastic as their SIM tool. I'm able to take the numbers that they provide and correlate events.

Netsurion also integrates the MITRE ATT&CK framework. Every alert includes a reference to the MITRE number that you can research yourself. I have experience with the MITRE framework, so this is valuable to me. The company did not previously have an understanding of MITRE, so it's essential to me as the security person responsible. This framework has definitely helped us identify threats that we might have missed otherwise. With the MITRE ATT&CK number, I can research in the right direction.

Netsurion's threat detection and response aren't quite mature. I would expect a little more. Instead of an Excel spreadsheet with a log output, I would rather have a web portal that I could log into and see the event live. In all fairness, they may have that, but they have not provided that to us. They send me an Excel spreadsheet, and I have to aggregate the data manually to find out what I want to look at. It would be better to have a web portal where the data is already aggregated, and I can see where the hotspots are. They could do something like Arctic Wolf, which has a web portal or page we can log into.

I have been using Netsurion since approximately June of 2020.

Stability has been okay. We've only had one instance where specific endpoints were not reporting in. During the discovery, we found that devices were pointed to the wrong collector on the Netsurion side, and they fixed that.

With Netsurion, we're covering more than 5,000 endpoints without any real difficulties, and I think we could grow even further with that, so I don't have any concerns with scalability. However, I don't know how far they can go.

I would give Netsurion support a nine out of 10. Their technical support has been outstanding. There have been some challenges on the administrative side getting the phone tree updated. That's an area where they need a little bit of work. But I have no complaints on the technical support side. They've been accommodating. Their SOC is also excellent. They're working on a mature model, and I think they're going to raise the bar. We also have five other managed service providers that the SOC needs to work with across different time zones. Everybody just needed to get on the same page and align the timing. After that, it went fine.

Positive

I joined the company while they were in the middle of deploying Netsurion, and I actually led the last phase of implementation, which was getting the agents installed through the endpoint. In my opinion, it was pretty straightforward, and the deployment took about 90 days. The only issue was getting their agent to work on some of the Apple products. The developers had to go back and tweak the agent to get it running on these systems. Netsurion's SOC helped walk us through the onboarding process. Without their support, we would've probably been extremely frustrated and unhappy. 

I would rate Netsurion eight out of 10. While there is room for improvement and maturity, I have no complaints about their services. To anyone thinking about adopting Netsurion, I would advise them to research and get references. You should also do a cost-benefit analysis of a managed solution. Doing this work in-house is extremely expensive compared to offshoring it to someone already established who can do the work you need. 

If someone is concerned about Netsurion's SOC being outside the United States, I would say that this hasn't been a problem for us, given the compliance spectrum we're working with. Some companies may have another view of that, but I work with that team and trust them. They meet all my expectations. I'm pretty satisfied with their service and how it was managed during implementation.

We use Netsurion as our security operation center and also as an SIEM to put together all of our telemetry from various systems and to notify us when we have security events.

Netsurion's additional data source integration provides a unified view of our security posture. This makes it easy to track and see what's happening at a glance. We can also see our security status in real-time, without having to find an all-in-one security platform. Instead, we were able to choose the data sources that we wanted and integrate them into a single platform.

Integrating with our existing security tools was easy. Netsurion did all the work making it so easy for us.

The integration of Netsurion and our security tools gives us a unified view of our threat landscape.

The integrations that extend our detection and response capabilities are now easier to use. I no longer need to flip through the Azure or Office 365 admin centers to view our security alerts, and I don't need to go into Xcitium to see the security issues there. I can simply go to Netsurion's dashboard to see everything in real-time.

Netsurion's SOC does a good job of alert monitoring and threat hunting.

Netsurion's SOC has helped to eliminate recurring false positives. When they occur, we discuss them. If the investigation shows that it is a false positive, we will discuss how to prevent or suppress those types of false positives in the future.

Netsurion's SOC is effective at expediting incident response. I have worked with them on a few real incidents, and they have been outstanding. They handle a lot of the documentation for us, which is helpful. This way, we can refer back to it and what they were able to show us about our problem.

Netsurion takes care of platform management, which makes my job much easier. As a one-person IT department, I don't have the resources or budget to hire more staff to monitor cybersecurity incidents. Netsurion is like having a team of security experts on my side, at a much more reasonable price than hiring even one more person.

Netsurion allows me to focus on other tasks. In previous positions, I did not have this level of automation. I would spend two hours every morning going over logs, or X amount of time every hour checking things to make sure there were no problems. Now, I can focus on all of my other duties because I know that Netsurion will alert me if anything pops up.

Netsurion helped us boost our security operations productivity by decreasing the tedious security operations management tasks.

Netsurion has helped reduce our time to detection.

Netsurion has helped us improve our ability to remediate security incidents. In the past, we had to manually collect logs and analyze them to identify the source of an incident. Netsurion has simplified this process by providing us with pre-analyzed logs and after-reports that help us track down and remediate incidents more quickly.

Netsurion takes a holistic and proactive approach to security. They are proactive in that they give us advance notice of potential threats, such as when they have patches available. They recommend that we apply these patches immediately, rather than waiting for our regular patch day. They also notify us of other security-related matters. Additionally, they take a holistic approach by helping us with all of our systems.

Netsurion has its own security operations center, where it tracks information that comes across our telemetry. If there is an emergency, they will notify us immediately. If it is just a concern, they will notify us that day or in the weekly report.

I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets.

I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great.

Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

I have been using Netsurion for two years.

Netsurion is stable. I have not encountered any issues.

Netsurion is easy to scale out. We have grown from 200 employees to 700 total units with no problems.

Our pricing for Netsurion last year was US $52,000 per year. In January, they were going to raise that to US $72,000. I told them I couldn't afford that anymore, and that I would have to go elsewhere. They worked with me and we were able to lock in last year's pricing for a two-year deal.

I would rate Netsurion nine out of ten. They're not perfect but they're as close as I would consider any other company in the market to be.

The maintenance is minimal. Netsurion provides me with a list of things they notice that could cause security issues. This is no more maintenance than I would typically do. In fact, it is a little easier because I do not have to go out and look for these problems. They notify me of the issues, and then I take action to remediate them.

Our experience with Netsurion has been excellent. We have had a positive relationship with them because they are easy to work with, responsive, and helpful.

Since we can't have 24/7 operations for our SOC, we hire out for that and have it as a managed service. This makes much more sense and allows us to focus on the day-to-day activities of the company.

Since it is a managed service, they take care of everything for us and just reach out when they have a question, there is an incident, or an important alert. That is the most important part for me because that allows me to focus elsewhere.

It allows us to avoid needing to employ people to stay during evening hours, which is a positive.

The solution provides an embedded MITRE ATT&CK framework. The framework is relatively new. I like that it is a curated knowledge base now. It is very important because it lets everyone know what is going on and being observed in the real world. It definitely helps in the analysis of whatever threat is found. Remediation is already built into the framework.

Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for.

We haven't had any incidents, which is a good thing. It is a valuable product.

The solution provides actionable threat intelligence. It is not a passive service. They go in and perform mitigations on whatever they find. It is timely. They provide context, so it is understood by anyone who receives these reports.

It is important that Netsurion Managed Threat Protection has enabled us to consolidate cybersecurity technology, including SIEM, network traffic analysis, and endpoint security.

I would like faster responses when things are found. For example, when they inform me, it is usually when they begin to respond.

The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later.

Their SOC team can't understand our network because they haven't worked in the actual company. This does negatively affect security posture, e.g., if you don't have knowledge about the network, then you will miss things.

Personally, I would have deployed it on its own independent server. It uses a lot of IOPS and resources. Now, we have contention between our other servers on the same cluster.

I have been using it for at least three years. It was installed at the company before I joined.

It scales fine.

It is being used throughout all our systems non-stop, so we don't have plans to increase the usage or utilize it in different ways.

One person can maintain and work with the solution.

The SOC component is the most important part of the solution. I know who the SOC team is, so it is not someone different every time. I have seen changes in the team. However, for the most part, the team is usually steady. They are professionals in this and do a good job. 

They could improve by having faster communications. They always get back to us on the same day, but it is usually a few hours later. It would be nice if it was within an hour.

Neutral

We have seen time and cost savings. It prevents us from having to hire specialized people for this type of work. We would need to hire six staff members to accommodate the same service.

If you are not going to go for their managed service, then you will need to hire a SOC team, and if you are not going to hire a SOC team, then you are messing up.

I am sure that other companies have their own SOC teams instead of having a SOC-managed service, but this solution makes it cost effective for us.

I would rate it as a six out of 10.