IT Central Station is now PeerSpot: Here's why

Securonix Next-Gen SIEM OverviewUNIXBusinessApplication

Securonix Next-Gen SIEM is #6 ranked solution in top User Behavior Analytics - UEBA tools and #22 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give Securonix Next-Gen SIEM an average rating of 8 out of 10. Securonix Next-Gen SIEM is most commonly compared to Splunk: Securonix Next-Gen SIEM vs Splunk. Securonix Next-Gen SIEM is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: June 2022

What is Securonix Next-Gen SIEM?

Securonix Security Analytics SNYPR is a next-generation security analytics platform that transforms big data into actionable security intelligence, enabling you to take care of so much more than simply your SIEM (security information and event management) needs. In addition, it contains all of the tools that you may need to enable your organization to successfully handle both log management as well as UEBA (user and entity behavior analytics)-related tasks. The SNYPR management platform gives users the ability to combine security orchestration, automation, and response, security information and event management, network traffic analysis, and user and entity behavior analytics. This single technical environment does away with your need for multiple security, management, and analytics solutions.

Securonix Security Analytics SNYPR’s unified platform can be scaled up to handle up to one million security events every second. While this load may seem heavy, SNYPR handles it with ease. It is able to reduce incidents of false security positives by 60%. The access certification workload that IT administrators and managers need to deal with can be reduced by as much as 90%.

The model that this platform uses is based on a machine learning algorithm. This model gives Securonix Security Analytics’s SNYPR platform a number of extremely valuable capabilities. The platform gathers many different types of data and applies what it learns to threats as they arise. The system assigns threats risk values to determine where the areas of highest need are. Machine learning also allows you to respond to slow acting threats by using historical data to inform your response.

All of the data that the system gathers is stitched together and used to create a complete picture of the risks that the system faces. Any blind spots that may exist are exposed by the collaborative UI that compiles the system data in a single location. This also increases your ability to monitor advanced application threats. 

Key Features

Some of Securonix Security Analytics’s SNYPR platform’s key features include:

  • The ability to enrich all data that the SNYPR platform collects. When SNYPR gathers information, it applies relevant data which can be used in the future to gauge whether or not a particular event is a threat.
  • The ability for data redundancy to automatically take place. All of the data that is gathered, analyzed, and processed by SNYPR is automatically copied and distributed across the system. If there is a failure in any particular part of the system, the information will still be preserved.
  • The ability to track historical issues and use that information to help deal with current threats. The SPOTTER feature allows analysts to look back at both old data and the contextual information that is attached to it. They can then use that data to inform their responses to similar threats that they are currently dealing with.

Reviews from Real Users

Securonix Security Analytics SNYPR platform stands out among its competitors for a number of reasons. Two major ones are its ability to significantly reduce the number of false positives that administrators have to deal with and the way that it incorporates contextual information into security events to reduce the time spent finding solutions to problems that arise.

Peerspot users note the effectiveness of these features. One user wrote, “Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine-tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.”

Another user noted, “The way that a Securonix is able to put a lot of the contextual information into the events is very helpful. That has reduced the amount of time required for investigating, ‘Hey, this might be something I need to look at,’ and then doing further research. It puts all of those violations in one event or case, so that you can look at different types of violations that all correlate. That has reduced the amount of time for researching some of those cases. It's dependent upon the scenario, but in some cases it could save an hour of going out and doing a bunch of individual searches.”

Securonix Next-Gen SIEM was previously known as Securonix Security Analytics.

Securonix Next-Gen SIEM Customers

Dtex Systems

Pfizer

Western Union

Harris

ITG

Securonix Next-Gen SIEM Video

Securonix Next-Gen SIEM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Lead Security Engineer at a tech services company with 1-10 employees
Reseller
Top 5
The solution has helped by reducing the number of false positives in half

What is our primary use case?

We are using it for Azure logins outside of US and Azure brute force use cases. We have use cases for our firewalls, like Palo Alto. These are use cases that we created ourselves. These are not the use cases out-of-the-box that Securonix provided us.

How has it helped my organization?

Without this product, my organization would not be able to function at all. It is our main monitoring product for our clients. We monitor everything through it. Securonix Security Analytics is the main process of providing services to our client because we are a 24/7/365 security operations center. So, Securonix is helping me out on daily basis all the time, every minute. Security Analytics helps provide actionable intelligence on threats related to our use cases, which is very important. They are improving it almost on a daily basis. They send it to us and keep it running on the back-end for all the tenants. If anything gets raised, according to the threat intelligence that they have generated, we will get an alert. We will then start digging into those events. After that, we work with clients to respond to that incident. The product can help increase efficiency. My analysts were working 12-hour shifts when we started. Now, they are working eight-hour shifts. However, it also depends on the person and how efficient they want to be. My analysts are monitoring, training, and doing their certifications all at the same time. This definitely divides their attention.

What is most valuable?

Features, like Spotter, are the most valuable. Spotter is a wide range of research for any of the incidents that happened under my clients' data.  They also have a feature that separates violations according to top violators. So, I can go in and see all the use cases that got preserved under them. It is an intensive search type of thing. You can just keep digging in. There are other policies attached to it. There are some remediation steps and recommendations attached to it.  Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives. It helps us find sophisticated threats.

What needs improvement?

The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product. I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time.  It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.
Buyer's Guide
Security Information and Event Management (SIEM)
June 2022
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: June 2022.
609,272 professionals have used our research since 2012.

For how long have I used the solution?

I have been using it for a year and three months.

What do I think about the stability of the solution?

It is pretty stable. Out of 100%, I would rate the stability between 80% to 85%. 20% can be unstable for any product. There can be bugs. There can be a failure in the core or a syntax error in the core. When I notify the support of these types of issues, they quickly fix the problem for me. We have experienced a few performance issues, about 10%, when Security Analytics is ingesting our log sources. This can happen with any product. We informed them that we are facing this issue and get pretty good support on it. 

What do I think about the scalability of the solution?

Scalability is pretty good. It does grow with our license. We work according to EPS. So, as our EPS pool grows, the solution will keep growing. Cloud Scale is super scalable. You can scale Securonix pretty well. Even if you have too much data coming in, you can figure things out or put more resources on it. Securonix is pretty good at doing these things. For example, they have load balancers already in place, which automatically take care of these things. There are 12 of us right now using the solution. I'm the senior engineer, and I have eight analysts who are using it. I have a senior manager who is also using it.

How are customer service and support?

Six months ago, if someone asked me about the support, I would say, "Not good." Now, the support is pretty effective. They try to resolve problems ASAP. For example, if it's a critical ticket, they get it fixed within an hour. I would rate the support as eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had a generic system previously, which has none of the things which have helped us by using Security Analytics. This solution automatically detects threats. There is a response bar that we can deploy. There is an email notification. So, if I am not available, then I will get an email that I can respond to pretty quickly. As far as threat detection, we get policy updates every three minutes. Therefore, if anything is detected, it will be right there on my screen. I have previously trained on FortiGate and Splunk. Securonix and Splunk are not that different. Splunk has a lot of things on one screen. Whereas, Securonix tries to clean it up.

How was the initial setup?

If you follow the documentation, it is straightforward. If you don't want to read, it will be complex. I don't review documentation anymore. I did it twice when I started, then I went in, wrote a batch script, and automated the whole process. Now, I just need to make some changes before running that script. The deployment takes 35 minutes on the client side.

What about the implementation team?

I am the only person involved in the managing and deployment of the solution. If there is any kind of setup that needs to be done on the cloud side, Securonix does that for us. I integrate clients with my platform, but Securonix takes care of the back-end.

What was our ROI?

The Securonix cloud-native platform helps minimize infrastructure management. We don't need that much manpower. If there is infrastructure to maintain, I need an engineer to maintain infrastructure, a software engineer who will look for the application, a security unit who will look for the threats and attacks, and a response person. Now, I don't need a software engineer or infrastructure engineer. That has gone away. Currently, I need only a security engineer and response person, which one person can do. We can also hire two people to do the different jobs. That is no problem.  We don't have to put more focus on infrastructure, which helps. There is a little bit of an infrastructure included, but that is a one-time setup thing. You don't need to go and maintain it again and again. Securonix Security Analytics adds contextual information into security events. For example, on a generic system, if I used to put in an hour, now I'm putting in 35 to 40 minutes on this. So, it's saving me about 20 minutes of time.

What's my experience with pricing, setup cost, and licensing?

Compared to the pricing of other products, Securonix's pricing is pretty good. Clients can get half of the price of other companies by going with Securonix. Other products, like IBM and Splunk, have pretty high pricing. Nowadays, we see CrowdStrike as up and coming, and they are pretty expensive.  Pricing does depend on what model you are looking for, e.g., are you going for an MSP or single tenant?

Which other solutions did I evaluate?

I don't find a lot of difference between solutions. Everybody tries to improve their product over time. I do free testing for multiple products, and they are basically copying each other's functions. I like Securonix because I am familiar with it and can do threat hunting in 10 minutes instead of the 30 minutes that it might take if I used other solutions.

What other advice do I have?

According to my clients and the security world, I cannot eliminate all the false positives because you cannot let false positives go. You need to make sure that there are no attacks attached to that false positive. So, we have a team of analysts who monitor it every time. So, if a false positive policy gets an alert, then we just go ahead and make sure to analyze it. That is okay. If it is a false positive, then we mark it as one. We did eliminate a lot of false positives, but not all of them. It is our choice, not Securonix's, what we want to keep or eliminate. I would rate Securonix as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner - MSP
Flag as inappropriate
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
Top 5Leaderboard
Bad integration and a very immature product with two failed attempts at implementation
Pros and Cons
  • "There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
  • "We thought they were going to be a great product, however, they're actually not great at all as an MSP."

What is our primary use case?

It was supposed to be good for security to provide as a SOC-as-a-Service, however, it failed.

How has it helped my organization?

The solution did not improve our customer's organizations at all. The implementation attempts were a complete failure. We had to move them to another product.

What is most valuable?

There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

What needs improvement?

We thought they were going to be a great product, however, they're actually not great at all as an MSP.

The integration is very bad.

The initial setup failed in both use cases.

The technical support is terrible and completely unhelpful.

The product itself needs a lot of work; it's very immature.

The stability isn't great.

For how long have I used the solution?

We never really properly used the solution. We tried, however, on the two clients we attempted to have to use the solution, it completely fell flat.

What do I think about the stability of the solution?

The stability of the solution is not good. 

How are customer service and technical support?

Technical support is terrible. they are very bad. They are not helpful or responsive, and we were quite disappointed with the level of service on offer. 

Which solution did I use previously and why did I switch?

We ended up moving out clients over to QRadar as this solution did not end up working for either of them.

How was the initial setup?

The initial setup failed. We had to move to a different solution completely. The installation process was terrible. It was not straightforward. 

What about the implementation team?

The implementation was done with the vendor, and the vendor failed on a number of areas to implement it.

What's my experience with pricing, setup cost, and licensing?

We did not pay a licensing fee. We moved away from the solution.

What other advice do I have?

We tried to implement it and we've taken it out. We've tried it with two clients, it failed, and therefore we moved them now to QRadar. It was terrible. It offered bad support and was a bad product, and everything that was promised wasn't able to be delivered.  

We canceled our partnership with them, and we've actually reverted the two clients that were supposed to go onto the Securonix, on to QRadar now.

We were trying to onboard two customers, and we ended up implementing this solution with neither of them.

I'd rate the solution at a five out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Buyer's Guide
Security Information and Event Management (SIEM)
June 2022
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: June 2022.
609,272 professionals have used our research since 2012.
Sanjay-Kulkarni - PeerSpot reviewer
Manager Security Operation Center at a tech services company with 51-200 employees
Real User
Top 20
A stable and scalable solution for small and medium sized companies
Pros and Cons
  • "The solution is stable and scalable."
  • "We would like to see better integration with other products."

What is our primary use case?

We are a services company, so we provide services for our clients' companies.

What needs improvement?

We would like to see better integration with other products. 

For how long have I used the solution?

We have been using Securonix Security Analytics for around six months.

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

The technical support is okay. 

Which solution did I use previously and why did I switch?

We work with different SIEM solutions, including IBM QRadar and LogRythm. Although I prefer IBM QRadar to Securonix Security Analytics, there are no features of this product that I wish to see included in it, as these two platforms are disparate. 

The reason I prefer IBM QRadar is because we already utilize this solution with our customers, whereas with Securonix Security Analytics we are talking about a process which we have yet to complete. 

How was the initial setup?

The initial setup was relatively uncomplicated. It basically involved operations, with which we had some issues. 

What's my experience with pricing, setup cost, and licensing?

I cannot comment on pricing as this is not within my purview. 

What other advice do I have?

Our clientele includes small and medium sized companies, not enterprise.

I rate Securonix Security Analytics as an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Securonix Solutions, Splunk, Exabeam, and more!
Updated: June 2022
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Securonix Solutions, Splunk, Exabeam, and more!