Coming October 25: PeerSpot Awards will be announced! Learn more

Securonix Next-Gen SIEM OverviewUNIXBusinessApplication

Securonix Next-Gen SIEM is #2 ranked solution in top User Behavior Analytics - UEBA tools and #8 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give Securonix Next-Gen SIEM an average rating of 8.6 out of 10. Securonix Next-Gen SIEM is most commonly compared to Splunk: Securonix Next-Gen SIEM vs Splunk. Securonix Next-Gen SIEM is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Securonix Next-Gen SIEM Buyer's Guide

Download the Securonix Next-Gen SIEM Buyer's Guide including reviews and more. Updated: September 2022

What is Securonix Next-Gen SIEM?

Securonix Security Analytics SNYPR is a next-generation security analytics platform that transforms big data into actionable security intelligence, enabling you to take care of so much more than simply your SIEM (security information and event management) needs. In addition, it contains all of the tools that you may need to enable your organization to successfully handle both log management as well as UEBA (user and entity behavior analytics)-related tasks. The SNYPR management platform gives users the ability to combine security orchestration, automation, and response, security information and event management, network traffic analysis, and user and entity behavior analytics. This single technical environment does away with your need for multiple security, management, and analytics solutions.

Securonix Security Analytics SNYPR’s unified platform can be scaled up to handle up to one million security events every second. While this load may seem heavy, SNYPR handles it with ease. It is able to reduce incidents of false security positives by 60%. The access certification workload that IT administrators and managers need to deal with can be reduced by as much as 90%.

The model that this platform uses is based on a machine learning algorithm. This model gives Securonix Security Analytics’s SNYPR platform a number of extremely valuable capabilities. The platform gathers many different types of data and applies what it learns to threats as they arise. The system assigns threats risk values to determine where the areas of highest need are. Machine learning also allows you to respond to slow acting threats by using historical data to inform your response.

All of the data that the system gathers is stitched together and used to create a complete picture of the risks that the system faces. Any blind spots that may exist are exposed by the collaborative UI that compiles the system data in a single location. This also increases your ability to monitor advanced application threats. 

Key Features

Some of Securonix Security Analytics’s SNYPR platform’s key features include:

  • The ability to enrich all data that the SNYPR platform collects. When SNYPR gathers information, it applies relevant data which can be used in the future to gauge whether or not a particular event is a threat.
  • The ability for data redundancy to automatically take place. All of the data that is gathered, analyzed, and processed by SNYPR is automatically copied and distributed across the system. If there is a failure in any particular part of the system, the information will still be preserved.
  • The ability to track historical issues and use that information to help deal with current threats. The SPOTTER feature allows analysts to look back at both old data and the contextual information that is attached to it. They can then use that data to inform their responses to similar threats that they are currently dealing with.

Reviews from Real Users

Securonix Security Analytics SNYPR platform stands out among its competitors for a number of reasons. Two major ones are its ability to significantly reduce the number of false positives that administrators have to deal with and the way that it incorporates contextual information into security events to reduce the time spent finding solutions to problems that arise.

Peerspot users note the effectiveness of these features. One user wrote, “Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine-tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.”

Another user noted, “The way that a Securonix is able to put a lot of the contextual information into the events is very helpful. That has reduced the amount of time required for investigating, ‘Hey, this might be something I need to look at,’ and then doing further research. It puts all of those violations in one event or case, so that you can look at different types of violations that all correlate. That has reduced the amount of time for researching some of those cases. It's dependent upon the scenario, but in some cases it could save an hour of going out and doing a bunch of individual searches.”

Securonix Next-Gen SIEM was previously known as Securonix Security Analytics.

Securonix Next-Gen SIEM Customers

Dtex Systems

Pfizer

Western Union

Harris

ITG

Securonix Next-Gen SIEM Video

Securonix Next-Gen SIEM Pricing Advice

What users are saying about Securonix Next-Gen SIEM pricing:
  • "I had heard that it was much cheaper than Splunk and some of the other tools, and they gave us a nice package with support. They accommodated the number of users and support very well."
  • "Its price is fine. We found it to be cheaper than LogRhythm, Exabeam, Splunk, as well as Elastic Security. A few months ago, when we were comparing Securonix with Elastic Security, we found Securonix to be cheaper than Elasticsearch. We were pretty surprised that Elastic Security is more expensive than Securonix because Elasticsearch is just starting, and it cannot compete with Securonix at this time. So, the pricing of Securonix is pretty good for now."
  • "Its pricing is quite similar to others and is very competitive. The other solutions have different types of licensing, but when you do the math, it is competitive."
  • Securonix Next-Gen SIEM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Cyber Security Analyst at a retailer with 10,001+ employees
    Real User
    Top 20
    Playbooks integrations, incident management features, and threat hunting services saved time and streamlined investigations
    Pros and Cons
    • "Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
    • "When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated."

    What is our primary use case?

    We were using it for data loss prevention and data acceleration. We wanted a platform with a proper ticketing facility, and as and when we reviewed a user, we also needed a proper documentation setup. Securonix provided that. We were able to integrate playbooks and a lot of other modules so that we not only looked at a particular problem area but also at other factors. We didn't only want to look at exfiltration but also at any lateral movement inside the company by a user. We wanted to look at the outliers in a better way, not only in terms of a user's activity but also in relation to the peer activity to show that it is not a team; it is just a team member doing something wrong.

    We most probably were using version 6.0.

    How has it helped my organization?

    It was very easy for us to do our manual threat hunting. We had a lot of instances where we found our internal users exfiltrating data. We were able to see that they were exfiltrating data. We could confirm that through the platform by taking a deeper look, which was very nice. It is user-friendly and handy. It allowed us to look at all kinds of activities and logs.

    It provides actionable intelligence on threats related to the use cases. After you have done the configuration, it triggers an alert for any incident. This actionable intelligence is very important because it allows us to respond in time without missing the window of being able to take an action. Sometimes, threats are small, and the indicators do not pop up, but with manual analysis, we can get a complete view. So, it is very important to have real-time triggers.

    We have been able to find a few true positives. Based on the triggers from the tool, we got to know that people have been exfiltrating data over a period of time. They had been doing it in small amounts, and that's why it went unnoticed. After the tool notified us, we discovered that one or two users have exponentially exfiltrated data over a period of time. Without the solution, just by looking at the logs, we wouldn't have known that. The tool understood the behavior and triggered a notification, and we got to know that. The users were not just sending our data to themselves but also to another vendor. They were contractors, and they were exfiltrating the data to another vendor. They were about to leave the company, and we were able to catch them before they left.

    It reduces the amount of time required for investigations. If I had to check logs from different log sources or tools from different vendors and create tickets, it would have taken time. With SNYPR, we were able to perform a lot of actions within the same platform, and we were also able to push tickets to our SOAR management tool. Everything was in one place. We didn't have to navigate between different things. It was helpful for incident management. It took time for analysts to check whether an alert was a false positive or not and provide the right evidence. Having incident management within the tool reduced time in creating and closing some of the incidents. Instead of 30 minutes before, it was reduced to 10 to 15 minutes per incident. We didn't have back-and-forth navigation. Everything was in one place. 

    It saved us a couple of hours of our day-to-day activity because everything was consolidated. Once I logged in, one or two hours were enough for me to look at everything and identify things to take an action on.

    It has definitely helped us with threat management. Because of the sample use cases that we saw from Securonix, we were able to design a few of our own use cases. We would not have thought of those use cases in the past. We were able to add use cases that were helpful for our data internally. We were able to understand logs even better and create our specific use cases. It was good learning.

    What is most valuable?

    It is user-friendly. Its user interface is better than the other tools.

    I like the playbook integration. In the beginning, we had a few hiccups because the tool was developing, but after that, the threat intelligence tool that we integrated got more accurate and better. The whitelisting and blacklisting of IPs, domains, or users were also working. 

    Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it. 

    Securonix accommodates customer requests in the upcoming versions very well. They do their best to bring in the features required by a customer. We were able to have custom widgets for different departments or specific use cases. All tools do not provide such customization. Securonix was good at taking a request, reviewing it, and if it made sense, adding it. We got at least one or two features added. 

    What needs improvement?

    When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated. 

    Buyer's Guide
    Securonix Next-Gen SIEM
    September 2022
    Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    635,162 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using this solution for about 2.5 years. Right now, I'm not using it, but I have used it in the last 18 months.

    What do I think about the stability of the solution?

    Initially, during patch management, we did see a few downtimes, which required a backfill of data. Before I moved out of the previous company, patch management and upgrades had improved, and the tool had become stable. The queries we were running weren’t breaking the tool. We were able to fetch reports for more roles and data as compared to when we started.

    What do I think about the scalability of the solution?

    The company that I was working with was midsize. We didn't have a huge amount of data. We were accommodated pretty well. We didn't have any thresholds or limits, but I cannot speak for companies that have a huge amount of data. 

    Their archiving and deletion policies also worked well for us. We didn't see any performance issues when the solution was ingesting all log sources. Its scalability was pretty nice. We started with six to seven data sources, and then we moved on to add a few more. It could easily accommodate any increase in the number of users or data. We didn't have to just stop at a particular point.

    With on-prem, customers have control over the infrastructure, and they can tweak it, but a cloud solution is more simplified. You don't have the headache and overhead of maintaining your resources. So, it is definitely scalable. They partition you based on how big the company is. So, even if you move to a bigger scale, more resources get added to make it work better. It is seamless. We didn't have many issues. We had a few slowness issues at times, but they were resolved. We didn't have to deal with them for a long period of time.

    How are customer service and support?

    Their support was pretty good. We didn't have any issues there. They were pretty fast. Anytime we had downtime or any issue, we were certainly helped. We got emails telling us how long it will take, and they would stick by it. There were a few times when there was a one-day or two-day delay in response, but eventually, it all worked out. We didn't have major issues. I would rate them a nine out of ten.

    They also provide a review with their content team. For the initial few months, they did a lot of threat hunting and showed us why they think a user is doing something in the company and why it is something that is worth taking a look at. It was helpful to have analysts from their side and see how the users are doing it and what are the patterns.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have only worked with this solution.

    How was the initial setup?

    We had another engineering team that took care of its deployment. My involvement in its setup was only for providing the type of data that we need to pull into Securonix. Some log sources took a while in terms of the data format that we wanted and accommodating it with the APIs on the Securonix end. We only had issues with a few data sources. It wasn't a very difficult process, but it did take some time. It took about two months.

    Overall, its onboarding was pretty smooth because we were on SaaS. In terms of the strategy, we had to provide the data sources that we needed. They were divided into three levels. We first integrated one or two data sources, and when we saw it triggering, we integrated a few more. We also worked on fine-tuning it for false positives with their content team. They trained us on various use cases and algorithms behind those use cases. If there was any incorrect trigger, they explained the reason for it. It did take quite some time to configure it for our own custom use cases. This phase took more time than the initial integration of data sources. It took at least two to three months to onboard all the sources.

    Because it was a SaaS solution, they did the maintenance. It didn't require any effort from our end. It minimizes infrastructure management. In case of downtime or outage, they used to notify us and fix the issue. It did not require our intervention, except monitoring and checking if things are running fine.

    They provided flexibility in terms of features and patches. If we wanted to stay on a particular patch or have a few features in the next version, they were able to accommodate that. They were able to add our features even when other customers did not need them. 

    What about the implementation team?

    There were two people on the engineering team from our side, but I am not sure how many people were there from the Securonix side. For integration, two people were there, and then there were four analysts at the beginning to support the tool and give feedback.

    What was our ROI?

    We most probably did see an ROI. I was working only at the analyst level. I do not have the numbers, but it did improve the efficiency to do more in less time. In the beginning, we were hesitant to use a new tool, but it soon became our go-to tool for checking and verifying any issues. We started engaging with the tool quite a lot, and it probably saved four to five hours a day. Documentation and ticketing were the biggest challenges, and it helped in having everything in one place. We could just click on a ticket and see everything.

    What's my experience with pricing, setup cost, and licensing?

    I had heard that it was much cheaper than Splunk and some of the other tools, and they gave us a nice package with support. They accommodated the number of users and support very well.

    Which other solutions did I evaluate?

    My team had definitely looked at other tools, but I was not involved in the PoC. 

    What other advice do I have?

    I would advise having a look at it. The user experience or the user interface is definitely better than other tools, but you need to see how it interacts with your data sources and how easy it is to integrate it with those data sources.

    It took us at least four to five months to realize the benefits of the solution from the time of its deployment. It depends on the log sources you are concentrating on and want to fine-tune. Most SIEM tools, including Securonix, have a lot of use cases that can be tied to Windows, VPN, etc. Modifying and tuning just one log source is not enough. You should tie different log sources so that you get an idea about any lateral movements. Everything that flows into a SIEM solution has to be tuned. If I'm sending a raw log in any format, it needs to be properly sanitized and tuned for my security requirements, which takes time. We had to go back and forth and get a lot of things fixed. It takes a while for the tool to understand and start triggering based on a specific activity.

    False positives will always exist. They won't completely go away. When we first deployed it, it used to trigger alerts for 500 to 600 users, which had come down to 20 to 30. It needed continuous fine-tuning, but as an analyst, I was no longer overwhelmed by hundreds of alerts. It took a while to get to that stage and involved a lot of blacklisting and whitelisting. Even though the false positive rate had come down to a pretty good number, we still had to intervene and verify whether it was a false positive or not, but it was easier to do.

    It hasn't helped to prevent data loss events, but it has helped to reduce further loss of data. We got to know about an event only when it had already started to happen. When the tool identified that something was happening, it would alert us. If an analyst was active enough to understand that and put a stop to it, it could have prevented any further loss, but I am not sure how much a data loss event would have cost our organization, especially in intellectual property. However, we figured out that about 40 to 50 GB of data was sent over a period of time. It was sent in small bits, and it included confidential reports, meeting keynotes, etc. We would not have known that if the tool had not notified us.

    I would rate it a 10 out of 10 based on the experience I had. We didn't have any major issues related to slowness or querying the tool. Querying was pretty simplified, and there were also documents to know the processes. Their support was good, and they were also good in terms of the expansion of the tool. When we wanted a new data source, they were there to review it and modify it with us. They provided good assistance.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Lead Security Engineer at a tech services company with 1-10 employees
    Reseller
    Top 5
    The solution has helped by reducing the number of false positives in half

    What is our primary use case?

    We are using it for Azure logins outside of US and Azure brute force use cases. We have use cases for our firewalls, like Palo Alto. These are use cases that we created ourselves. These are not the use cases out-of-the-box that Securonix provided us.

    How has it helped my organization?

    Without this product, my organization would not be able to function at all. It is our main monitoring product for our clients. We monitor everything through it. Securonix Security Analytics is the main process of providing services to our client because we are a 24/7/365 security operations center. So, Securonix is helping me out on daily basis all the time, every minute.

    Security Analytics helps provide actionable intelligence on threats related to our use cases, which is very important. They are improving it almost on a daily basis. They send it to us and keep it running on the back-end for all the tenants. If anything gets raised, according to the threat intelligence that they have generated, we will get an alert. We will then start digging into those events. After that, we work with clients to respond to that incident.

    The product can help increase efficiency. My analysts were working 12-hour shifts when we started. Now, they are working eight-hour shifts. However, it also depends on the person and how efficient they want to be. My analysts are monitoring, training, and doing their certifications all at the same time. This definitely divides their attention.

    What is most valuable?

    Features, like Spotter, are the most valuable. Spotter is a wide range of research for any of the incidents that happened under my clients' data. 

    They also have a feature that separates violations according to top violators. So, I can go in and see all the use cases that got preserved under them. It is an intensive search type of thing. You can just keep digging in. There are other policies attached to it. There are some remediation steps and recommendations attached to it. 

    Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.

    It helps us find sophisticated threats.

    What needs improvement?

    The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product.

    I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time. 

    It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.

    For how long have I used the solution?

    I have been using it for a year and three months.

    What do I think about the stability of the solution?

    It is pretty stable. Out of 100%, I would rate the stability between 80% to 85%. 20% can be unstable for any product. There can be bugs. There can be a failure in the core or a syntax error in the core. When I notify the support of these types of issues, they quickly fix the problem for me.

    We have experienced a few performance issues, about 10%, when Security Analytics is ingesting our log sources. This can happen with any product. We informed them that we are facing this issue and get pretty good support on it. 

    What do I think about the scalability of the solution?

    Scalability is pretty good. It does grow with our license. We work according to EPS. So, as our EPS pool grows, the solution will keep growing.

    Cloud Scale is super scalable. You can scale Securonix pretty well. Even if you have too much data coming in, you can figure things out or put more resources on it. Securonix is pretty good at doing these things. For example, they have load balancers already in place, which automatically take care of these things.

    There are 12 of us right now using the solution. I'm the senior engineer, and I have eight analysts who are using it. I have a senior manager who is also using it.

    How are customer service and support?

    Six months ago, if someone asked me about the support, I would say, "Not good." Now, the support is pretty effective. They try to resolve problems ASAP. For example, if it's a critical ticket, they get it fixed within an hour.

    I would rate the support as eight out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had a generic system previously, which has none of the things which have helped us by using Security Analytics. This solution automatically detects threats. There is a response bar that we can deploy. There is an email notification. So, if I am not available, then I will get an email that I can respond to pretty quickly. As far as threat detection, we get policy updates every three minutes. Therefore, if anything is detected, it will be right there on my screen.

    I have previously trained on FortiGate and Splunk. Securonix and Splunk are not that different. Splunk has a lot of things on one screen. Whereas, Securonix tries to clean it up.

    How was the initial setup?

    If you follow the documentation, it is straightforward. If you don't want to read, it will be complex. I don't review documentation anymore. I did it twice when I started, then I went in, wrote a batch script, and automated the whole process. Now, I just need to make some changes before running that script.

    The deployment takes 35 minutes on the client side.

    What about the implementation team?

    I am the only person involved in the managing and deployment of the solution.

    If there is any kind of setup that needs to be done on the cloud side, Securonix does that for us. I integrate clients with my platform, but Securonix takes care of the back-end.

    What was our ROI?

    The Securonix cloud-native platform helps minimize infrastructure management. We don't need that much manpower. If there is infrastructure to maintain, I need an engineer to maintain infrastructure, a software engineer who will look for the application, a security unit who will look for the threats and attacks, and a response person. Now, I don't need a software engineer or infrastructure engineer. That has gone away. Currently, I need only a security engineer and response person, which one person can do. We can also hire two people to do the different jobs. That is no problem. 

    We don't have to put more focus on infrastructure, which helps. There is a little bit of an infrastructure included, but that is a one-time setup thing. You don't need to go and maintain it again and again.

    Securonix Security Analytics adds contextual information into security events. For example, on a generic system, if I used to put in an hour, now I'm putting in 35 to 40 minutes on this. So, it's saving me about 20 minutes of time.

    What's my experience with pricing, setup cost, and licensing?

    Compared to the pricing of other products, Securonix's pricing is pretty good. Clients can get half of the price of other companies by going with Securonix. Other products, like IBM and Splunk, have pretty high pricing. Nowadays, we see CrowdStrike as up and coming, and they are pretty expensive. 

    Pricing does depend on what model you are looking for, e.g., are you going for an MSP or single tenant?

    Which other solutions did I evaluate?

    I don't find a lot of difference between solutions. Everybody tries to improve their product over time. I do free testing for multiple products, and they are basically copying each other's functions.

    I like Securonix because I am familiar with it and can do threat hunting in 10 minutes instead of the 30 minutes that it might take if I used other solutions.

    What other advice do I have?

    According to my clients and the security world, I cannot eliminate all the false positives because you cannot let false positives go. You need to make sure that there are no attacks attached to that false positive. So, we have a team of analysts who monitor it every time. So, if a false positive policy gets an alert, then we just go ahead and make sure to analyze it. That is okay. If it is a false positive, then we mark it as one. We did eliminate a lot of false positives, but not all of them. It is our choice, not Securonix's, what we want to keep or eliminate.

    I would rate Securonix as nine out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner - MSP
    PeerSpot user
    Buyer's Guide
    Securonix Next-Gen SIEM
    September 2022
    Learn what your peers think about Securonix Next-Gen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    635,162 professionals have used our research since 2012.
    Ibrahim Albalawi - PeerSpot reviewer
    SOC Leader at a tech consulting company with 51-200 employees
    Real User
    Less false positives, good detection and integration capabilities, and good pricing
    Pros and Cons
    • "The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
    • "The incident response area should be improved."

    What is our primary use case?

    We are using it for monitoring firewalls, Windows operating systems, some Linux operating systems, active directories, and some of the solutions in the cloud such as Office.

    In terms of deployment, everything is in the cloud. Our licenses are on the cloud. We don't deploy anything on premises except the RIN.

    How has it helped my organization?

    We are a managed service provider, and we offer this service to third-party clients. Most of our clients are very happy with the solution. We can detect a lot of threats, which are not false positives, and we can describe the threats very well. A lot of information can be obtained from this SIEM, and we can provide very good incident reports to our clients.

    We were using another solution previously. The other solution couldn't compete with the features and functionality that we were looking for as a managed service provider. Some clients ask for specific features, and we couldn't complete those needs with other products. They were more about calculations, such as events per second (EPS). With Securonix, it is easier to sell the product and make quotes for our clients. It has helped us a lot at the administration, commercial, and operation levels.

    It provides actionable intelligence on threats related to our use cases. It can detect violations and reduce false positives. This actionable intelligence is one of the most important parts because we have suffered with some of the other solutions in terms of receiving a lot of events and alarms where most of them were false positives, which made it a bit difficult for us to investigate and generate incident reports. Securonix is handy for engineers and the security operations center.

    Its analytics-driven approach is pretty good at finding sophisticated threats and reducing false positives. When it comes to monitoring network devices, such as firewalls, it can detect behaviors that would be difficult for other solutions to detect or for normal engineers to detect manually. It has a lot of violation policies, and it is very handy and helpful at this level.

    It adds contextual information to security events, which is one of the most important points. We can fill a lot of information into our reports for our clients.

    Everything is saved for us and indexed. We can review any event we need within three or six months. We can review even when the data is in the cold phase. We never faced any case where we lost any event data. When clients asked about some events in the past, we could find them very easily and without any issues by using the queries.

    It improves analysts' efficiency to do more with less time. Spotter is one of the best tools for me for searching and visualizing various things such as policies. With the Spotter language, you can search for whatever you need. You can search for any endpoint, any IP, any hostname, or any violation name. Even though it is not very fast, it is fine for us. Splunk or Elasticsearch is faster than Securonix because this is their job. Even though Spotter is not as fast, it has been helpful for us.

    What is most valuable?

    The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions. This was one of the reasons we decided to try or move to Securonix. Other products generated thousands of events, and a lot of them were false positives, which made it difficult for us to handle all the events. For example, we were monitoring a firewall internally, and that firewall generated about five million events per month. The previous product detected almost 1,000 to 1,500 events as positive events, whereas Securonix generates less than 200 events, and most of them are not false positives.

    It can integrate with a lot of solutions. Being able to ingest all our log sources when investigating threats is one of the good points of Securonix. After we started to use Securonix, we could integrate a lot of solutions, which we couldn’t do previously. It works with many devices, platforms, and cloud solutions. It is pretty good in terms of integration.

    What needs improvement?

    The incident response area should be improved.

    It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult.

    When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

    For how long have I used the solution?

    I have been using this solution for one year.

    What do I think about the stability of the solution?

    It is stable, but it slows down or gets stuck when you have a lot of tabs open.

    What do I think about the scalability of the solution?

    Overall, it is scalable, but when you are investigating a lot and you have a lot of tabs open and are involved in big work, it sometimes becomes slow or gets stuck.

    In terms of its users, our SOC team has three engineers, and I am the fourth one. We have three clients for now for Securonix. We use it internally to monitor our company. Overall, there are five or six users using the interface, investigating, and reporting to the clients.

    How are customer service and support?

    Most of the time, their support is very good, but sometimes, we had to escalate the issues. Sometimes, we opened a ticket, and we immediately received an answer for fixing the issue, but at other times, we got a response after one, two, three, or even seven days. I guess it is based on the impact or severity, but when we have an urgent issue or problem, Securonix solves it very fast. I would rate them an 8 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were previously using Splunk, and we wanted to continue, but when we did the evaluation, we found Splunk to be more difficult to implement than others. It is fine to operate it, but its implementation is more difficult. It also had fewer features than Securonix. Securonix is dedicated to security information event management, but this is not the main functionality of Splunk. Even though Splunk is very strong in security, and we have been using it, when it comes to, for example, machine learning, Securonix has pre-configured policies. So, we don't have to spend that much time, whereas when it comes to Splunk, we have to configure everything. We have to install the applications and configure the dashboards. Considering the functionalities, features, and pricing, we felt that Securonix would be the best option.

    It is better than previous solutions in terms of threat investigations and onboarding. That's because most of the other solutions are based on rules. Sometimes, there is no intelligence when it comes to detection, whereas Securonix has policies that are a collection of rules. Securonix doesn't only extract the log and tells us that it is a low-impact event or informative event. It also tries to correlate most of the events according to the policies and takes us to the main point. This is how Securonix has helped us to reduce a lot of false positives. Other solutions only worked with rules, and they only sent us events. We had to review most of those events, which is not the case with Securonix. It has a lot of policies for all types of detections. There are almost 1,000 policies, and Securonix can correlate various types of behaviors and pieces of evidence to detect advanced threats. It is good at this level.

    How was the initial setup?

    We have the cloud license of Securonix. Everything is on the cloud. We only implement RIN on-premises, which is straightforward. You just download the executable, give it permission, and execute it. You provide the information it asks. There are a few packages that you need to install previously, but overall, it is very handy and straightforward.

    What about the implementation team?

    I implemented it on my own. 

    What's my experience with pricing, setup cost, and licensing?

    Its price is fine. We found it to be cheaper than LogRhythm, Exabeam, Splunk, as well as Elastic Security. A few months ago, when we were comparing Securonix with Elastic Security, we found Securonix to be cheaper than Elasticsearch. We were pretty surprised that Elastic Security is more expensive than Securonix because Elasticsearch is just starting, and it cannot compete with Securonix at this time. So, the pricing of Securonix is pretty good for now.

    Which other solutions did I evaluate?

    We tried to evaluate some of the other products, but we decided to go with Securonix for the business part. It was easier for us to meet the needs of our clients related to calculations.

    We evaluated LogRhythm. The first problem that we faced with LogRhythm was that it would have been pretty difficult for engineers to handle in terms of the user interface. As compared to Securonix, it was also very expensive. Securonix had most of the features or functionalities that we were looking for. We also evaluated Exabeam, and we had the same problem with the price and features.

    What other advice do I have?

    It has somewhat reduced the amount of time we require for investigation. It hasn't probably helped in detecting advanced threats faster along with lower response times because there is this gap between the RIN receiving the information and then sending this information to the cloud. This gap makes it a little bit late as compared to other solutions. Other than that, it is good.

    I would rate it a 9 out of 10.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
    Flag as inappropriate
    PeerSpot user
    Pavan Lingam - PeerSpot reviewer
    Cyber Security - Consultant at LTI - Larsen & Toubro Infotech
    Consultant
    The built-in management tool has improved our security teams' efficiency
    Pros and Cons
    • "I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
    • "It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."

    What is our primary use case?

    We use Securonix to monitor attempted malware attacks. It sends us alerts, so we can investigate suspicious entities. We'll refer it to the consent team, who will give their solution or comments. 

    We have a server where all the data is stored. The Securonix people will take the data from that server, encrypt it, and send it back to the application. From there, we can work on the alert and monitor the data.

    How has it helped my organization?

    The product reduced our investigation times by about 85 percent. Data and geolocation enrichment are the two essential components of the detection part. When there is an IPS alert, we generally need to check to see where the IP is located. Securonix will tell you where the IP is located in the city and country. Securonix helped a lot when the Log4j cybersecurity attack broke out last year. It enabled us to investigate that threat deeper. 

    The behavioral analytics features reduce our false positive rate compared to traditional antivirus and cut the time spent detecting and responding to threats by about two hours each week. 

    Next-Gen SIEM provides valuable contextual information about security events. We are adding all the information, like user data, from Active Directory. Whenever a user is terminated or retires, we will get an alert stating that the user has separated. 

    The built-in management tool improved our security teams' efficiency. You can raise a ticket with one click when you see something suspicious. You can work on it and do your analysis in the backend. It will open a ticket and send it to the teams. 

    The analysis will be completed in 15 to 25 minutes. The solution will email the consent team to tell them they need immediate action. In other tools, we have to go to another third-party tool to raise a ticket, and we need to escalate the issue ourselves. There is typically another procedure, but Securonix has a built-in management tool. This reduces a process that would typically take an hour to about 15 or 25 minutes.

    It also helped us avoid data loss because we integrated SharePoint into Securonix. We get a notification when someone deletes files in Sharepoint that reports the SharePoint link, the user, deleted files, etc. We will investigate whether it's a legitimate activity or something else. 

    What is most valuable?

    The most attractive feature of Next-Gen SIEM is UEBA. The solution creates a user baseline and detects spikes and outliers. Before we started using Next-Gen SIEM, we used traditional signature-based detection. Signature-based detection checks whether a malware signature exists in the database, whereas behavioral detection analyzes all the data.

    For example, let's say a given user accessed a device ten times in the last 30 days during regular business hours on weekdays. Next-Gen SIEM will send an alert if the user accesses the device on the weekend or 20 times in a single day. Based on that, we will investigate and email the manager.

    The correlation rules and the Spotter carriers are essential in any SIEM. One new feature I like is the Autonomous Threat Sweeper. We will get a notification that a recent attack has entered the environment. They'll provide all the information we need to investigate. It's an excellent feature, but we've only been using it for three to four months. Threat Sweeper does the job in the background whenever we all have some other work. We go through the notifications and decide whether they're essential or not. 

    Threat Sweeper is handy. It will clearly show where the anomaly in the data occurs. There is clear information about the IOCs, IP addresses, domain names, etc. We can easily run it in the background and forward the same threat detection report to the other consult teams, like the network and server teams. Another new feature is XDR. I haven't used it, but I've heard it uses signatures and behavioral analysis efficiently.

    When I started to use Securonix, I was a little confused, but I could pick it up after a week. Everything is UI-based, and all the information is available on one page, so you don't need to go to different tabs to get what you need. It's very user-friendly. With a click, you can open all the reports you want and generate as many queries as you need. There's no need to use commands.

    What needs improvement?

    It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process. 

    For how long have I used the solution?

    I have been using Securonix for about a year and a half.

    What do I think about the stability of the solution?

    We can rely on Securonix. Whenever we get a new solution or new part, we'll always follow the vendor's suggestions, and they will give us an idea about what is happening or what we have to do.

    What do I think about the scalability of the solution?

    Securonix is scalable.

    How are customer service and support?

    I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours. 

    Which solution did I use previously and why did I switch?

    I previously used McAfee's SIEM solution. I switched because I shifted to another project using Securonix. Securonix is faster and more user-friendly. McAfee takes five minutes to load, whereas Securonix will load in the blink of an eye, and I never face any slowness in the application in Securonix. It takes an hour to generate a report on McAfee. It's no competition for Securonix.

    How was the initial setup?

    I joined after the implementation, but it requires very little maintenance after deployment. We have one or two hours of downtime for quarterly maintenance. 

    What other advice do I have?

    I rate Securonix Next-Gen SIEM nine out of ten. If you plan to implement Securonix, I recommend buying it now because they're offering a limited-time discount. It's an excellent SIEM, and anyone can afford it right now. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Rafael-Barrios - PeerSpot reviewer
    Cybersecurity SE at a tech vendor with 10,001+ employees
    Real User
    Reduces our investigation and response time, and it is very easy to use and integrate
    Pros and Cons
    • "Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice."
    • "It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."

    What is our primary use case?

    We mostly use it for user-behavior analytics. It is used for all the behaviors related to users. In terms of the environment, there are multiple connections at different sites and locations, and there is also integration with other platforms. For some endpoint use cases, I have to do integrations with different customers who already have the platform.

    Its deployment is hybrid. The cloud providers are Amazon and Google Cloud Platform.

    How has it helped my organization?

    When we have an endpoint threat, we have to move very quickly. We detect it through another tool that is associated with Securonix, and automatically the endpoint is isolated from the network. We also get some information for investigation and forensics allowing us to understand the type of threat. We get to know whether it is related to the endpoint or user behavior. We can get information on web-application firewalls and other solutions connected to Securonix, which allows us to understand the depth of the threat for a specific use case.

    It provides actionable intelligence on threats related to our use case. After the alerts, we can isolate the endpoints and make some modifications. We can also do some searches about the related IP on the internet and intelligence platforms. That's very nice.

    This actionable intelligence is pretty important. When we integrate different platforms, Securonix provides a lot of visibility and allows us to see the whole environment, not just a part. I have been working mostly on the endpoint side, but other people who are working on wider use cases can see all the dashboards and improve the security posture with Securonix.

    Its analytics-driven approach to finding sophisticated threats and reducing false positives is very important. With other similar tools, we have to work a lot to reduce or manage false positives. We have to improve the rules and integrations because there are a lot of false positives. With Securonix, we have fewer false positives, and there is also automatic recognition for false positives allowing us to move very quickly.

    It adds contextual information related to the use cases. My use case is very specific, but my partners and other teams get a lot of contextual information related to the whole company. It provides a lot of analytics related to a threat in terms of user behavior, environment, and target applications, such as databases, which is very important.

    It has saved a lot of investigation time. As compared to other solutions, it has saved more than 50% time.

    It has improved the threat detection response and reduced noise from false positives as compared to our previous SIEM solutions. The improvement in the response time is dependent on the scenario, but generally, it is about 40% more effective. When it comes to false positives, it is about 60% more effective.

    It has been helpful in detecting advanced threats faster and lowering response times, but I don't have the metrics. 

    What is most valuable?

    Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice. 

    What needs improvement?

    It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud.

    For how long have I used the solution?

    I have used it for two years separately, in 2020 and the last year, 2021.

    What do I think about the stability of the solution?

    Its stability is pretty nice because we don't have too many problems with it. The complexity is related to what we want to see. There are no issues with the performance. We have not experienced any performance issues when the solution is ingesting all of our log sources. 

    What do I think about the scalability of the solution?

    It is 100% cloud. So, its scalability is pretty nice. We have all the capabilities and options to grow. Our environment has more or less four locations with about 1,000 devices. We don't have any plans to increase its usage in the near future.

    How are customer service and support?

    I have had to call support three or four times, and I would rate them a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have worked with Splunk and LogRhythm. I am using Securonix because, in this company, most of our clients are using Securonix. So, I had to learn how it works and understand its architecture and capabilities. It is very easy to understand for anyone who has worked with similar solutions. It is 90% easier than Splunk, which has a lot of code. Securonix is very radical and intuitive.

    How was the initial setup?

    I wasn't involved in its setup and onboarding process, but I would assume that it is very quick. That's because it is very simple to use for my use cases, and they have nice support and help.

    Its maintenance is pretty lightweight. We have another team that is in charge of that. There are most probably two people who take care of SIEM and cybersecurity solutions.

    Securonix cloud-native platform helps to minimize infrastructure management. It allows us to focus on threats versus engineering or managing the platform.

    What was our ROI?

    We have surely seen an ROI when we look at multiple threats that we have been able to prevent.

    It improves analysts' efficiency to do more with less time. By using the contextual information that it provides, we can be more accurate in our investigation. It has saved about 30% time.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing is quite similar to others and is very competitive. The other solutions have different types of licensing, but when you do the math, it is competitive.

    What other advice do I have?

    You should know your environment and connectivity requirements very well. You should understand the analytics that Securonix is providing for the team. You can make a lot of improvements based on those analytics.

    I would rate it a ten out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Indrajit Ghosh - PeerSpot reviewer
    Cyber Security Consultant at LTI - Larsen & Toubro Infotech
    Consultant
    Top 20
    Helps us to quickly detect advanced threats, gives us lower response times, and reduces false positives
    Pros and Cons
    • "The most valuable feature is that it works on user behavior and event rarities."
    • "Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."

    What is our primary use case?

    We mainly use Securonix for SIEM software architecture and for logs. We generate all the logs from different APIs and firewalls. We also have created other policies. Securonix is the primary tool we use to get everything done for our projects and architecture. We even use it for other solutions like AD.

    Primarily, I work on violations and policies, not the backend. As an analyst, I work on SIEM.

    The solution is deployed on a private cloud. It is deployed with Microsoft Azure.

    Everyone has access to SIEM, but they don't have admin access. We mainly have three people and a team lead on the Azure Securonix team. I am the backup and work on the operational side of that team. Everyone has read-only access except the three team members. 

    How has it helped my organization?

    Securonix primarily helps with our log code situation. We found a vulnerability last December, so it helped us gather logs for that. We informed our vendor, and they provided some queries on how to get those vulnerabilities and logs.

    I normally work on policies and face a lot of false positives. We reduced many false positives since using this solution. Securonix has definitely helped improve our threat detection response and reduced noise from false positives.

    Sometimes we face threats and sign-in logs from different countries, but we're able to resolve those. Sometimes we face malicious activities from traffic but it's very rare. It happens about twice a month.

    Securonix helps a lot with monitoring. My project is in the monitoring and operational stage, so it's a primary tool I use to monitor everything. The implementation stage has already been completed. We have created policies for all kinds of tools and APIs.

    As we are the client, most of us don't have the SIEM threat model feature. There isn't a lot of proper information about how to implement that. Customer service doesn't have a proper idea either. We are lagging in this area, but it's good overall.

    In some cases, we have observed that people start getting login failures, so we checked the logs from Securonix and resolved the issue. In that way, it's helped.

    Securonix Next-Gen helps us detect advanced threats faster and gives us lower response times. Sometimes we face a data source delay and it's impacted badly, but overall it serves us a lot.

    I haven't faced any data loss since using Securonix.

    What is most valuable?

    The most valuable feature is that it works on user behavior and event rarities. Those features are in Splunk too, but they're not as effective. Securonix's customer service is also pretty good.

    It's not difficult to use the interface, but there's a lot of documentation to read.

    We haven't experienced any performance issues when ingesting log sources and investigating threats. The response is good.

    What needs improvement?

    Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source. That should be updated on a regular basis.

    In some of the policies, the geographical location for a single IP is from a specific country, but the IP doesn't match. For instance, if the log is from China, the actual location of that IP will be from somewhere else, not China.

    For how long have I used the solution?

    I have been using this solution for more than a year.

    What do I think about the stability of the solution?

    It's reliable and very stable. We haven't faced any major or even minor issues with security.

    What do I think about the scalability of the solution?

    It's definitely scalable and fulfills my needs.

    How are customer service and support?

    Technical support is good, but sometimes we face delays with responses.

    I would rate technical support as nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The solution was already in the mid-stage of implementation when I joined the organization. I mostly worked on fine-tuning the policies.

    We have a team that takes care of maintenance updates. The solution needed some updates because the user behavior wasn't working properly for some of the policies. As of now, instead of using user behavior, we use event rarity. After version 6.4 is implemented, the issue will be resolved. There are two or three more issues we have that will be resolved after the update.

    What other advice do I have?

    I would rate this solution a nine out of ten. 

    My advice is to get a proper idea of the tool you are working on and be sure to read the documentation.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
    MSP
    Top 5Leaderboard
    Bad integration and a very immature product with two failed attempts at implementation
    Pros and Cons
    • "There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
    • "We thought they were going to be a great product, however, they're actually not great at all as an MSP."

    What is our primary use case?

    It was supposed to be good for security to provide as a SOC-as-a-Service, however, it failed.

    How has it helped my organization?

    The solution did not improve our customer's organizations at all. The implementation attempts were a complete failure. We had to move them to another product.

    What is most valuable?

    There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

    What needs improvement?

    We thought they were going to be a great product, however, they're actually not great at all as an MSP.

    The integration is very bad.

    The initial setup failed in both use cases.

    The technical support is terrible and completely unhelpful.

    The product itself needs a lot of work; it's very immature.

    The stability isn't great.

    For how long have I used the solution?

    We never really properly used the solution. We tried, however, on the two clients we attempted to have to use the solution, it completely fell flat.

    What do I think about the stability of the solution?

    The stability of the solution is not good. 

    How are customer service and technical support?

    Technical support is terrible. they are very bad. They are not helpful or responsive, and we were quite disappointed with the level of service on offer. 

    Which solution did I use previously and why did I switch?

    We ended up moving out clients over to QRadar as this solution did not end up working for either of them.

    How was the initial setup?

    The initial setup failed. We had to move to a different solution completely. The installation process was terrible. It was not straightforward. 

    What about the implementation team?

    The implementation was done with the vendor, and the vendor failed on a number of areas to implement it.

    What's my experience with pricing, setup cost, and licensing?

    We did not pay a licensing fee. We moved away from the solution.

    What other advice do I have?

    We tried to implement it and we've taken it out. We've tried it with two clients, it failed, and therefore we moved them now to QRadar. It was terrible. It offered bad support and was a bad product, and everything that was promised wasn't able to be delivered.  

    We canceled our partnership with them, and we've actually reverted the two clients that were supposed to go onto the Securonix, on to QRadar now.

    We were trying to onboard two customers, and we ended up implementing this solution with neither of them.

    I'd rate the solution at a five out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    PeerSpot user
    Sanjay-Kulkarni - PeerSpot reviewer
    Manager Security Operation Center at a tech services company with 51-200 employees
    Real User
    Top 20
    A stable and scalable solution for small and medium sized companies
    Pros and Cons
    • "The solution is stable and scalable."
    • "We would like to see better integration with other products."

    What is our primary use case?

    We are a services company, so we provide services for our clients' companies.

    What needs improvement?

    We would like to see better integration with other products. 

    For how long have I used the solution?

    We have been using Securonix Security Analytics for around six months.

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    The solution is scalable.

    How are customer service and technical support?

    The technical support is okay. 

    Which solution did I use previously and why did I switch?

    We work with different SIEM solutions, including IBM QRadar and LogRythm. Although I prefer IBM QRadar to Securonix Security Analytics, there are no features of this product that I wish to see included in it, as these two platforms are disparate. 

    The reason I prefer IBM QRadar is because we already utilize this solution with our customers, whereas with Securonix Security Analytics we are talking about a process which we have yet to complete. 

    How was the initial setup?

    The initial setup was relatively uncomplicated. It basically involved operations, with which we had some issues. 

    What's my experience with pricing, setup cost, and licensing?

    I cannot comment on pricing as this is not within my purview. 

    What other advice do I have?

    Our clientele includes small and medium sized companies, not enterprise.

    I rate Securonix Security Analytics as an eight out of ten. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    Buyer's Guide
    Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Securonix Next-Gen SIEM Report and get advice and tips from experienced pros sharing their opinions.