Securonix Next-Gen SIEM Reviews

We use it for information security.

It's helped identify risky and/or malicious behavior that otherwise would probably have been overlooked. An example would be flight-risk behavior, meaning employees who are planning to leave the firm and/or who are possibly exfiltrating data. It has identified alerts or threats that would not have originally been identified.

While I wouldn't necessarily say it has surfaced high-risk events that require immediate action, but it has surfaced events that require action.

The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."

Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.

There is room for improvement in the product's integration with ServiceNow and in the reporting features.

The solution's stability has improved over time. Early on, we had issues with stability, but over the last three to six months, it's been relatively rock-solid.

My understanding is that it's scalable, but I don't get into that piece.

Technical support is fairly good. I meet with them on a weekly basis. I give them any concerns, issues, use-case changes, etc. Usually, the following week, they have fixed whatever needed to be fixed or enhanced things according to my requests. It's an acceptable turnaround time, for the most part.

We did not have a previous solution.

I believe it was Securonix themselves who did the deployment.

We're probably approaching the break-even point.

The only other solution that I believe we looked at was Splunk's UBA. It wasn't Splunk at the time and it wasn't mature enough at the time.

I'm not an engineer, I'm a consumer of the tool. It's doing what it's been asked to do. It's really all about use cases and having the data. You have to have your use cases well-defined and make sure you can feed Securonix the data. You should definitely do a PoC. Never buy anything without checking it out first.

I wouldn't say the solution's behavior analytics has helped to prioritize advanced threats.

Regarding the Hadoop piece, I would compare it to the way I drive a car. I put gas in it and I don't care what kind of engine is in there, how the engine works. I just turn the key and the car starts.

The users are our security operations team, which has about a dozen people. We use it on a day-to-day basis. We'll increase the use cases.

Data loss protection and account misuse are our primary use cases. We're utilizing it to help identify and correlate user behavior to identify potential data loss as well as to detect certain types of fraud.

The behavior analytics of Securonix has helped to prioritize advanced threats for us. We're still working through it, but it has helped. For example, it enables us to customize widgets, risk scores, and dashboards to identify what we want to see and gives us the ability to base the risk score on our business model and what we consider to be a high priority.

While we would have detected the threats that we do without the solution, it helps us have a central point to manage and detect those threats. It would have taken a little bit more work or additional tools to identify them after the fact. For example, it helps us in identifying and detecting fraud in the early stages.

The solution has decreased the time required to investigate alerts and threats because a lot of the data is in one console. We're not having to go to three or four different consoles. It also helps to surface high-risk events that require immediate action, such as identification of penetration testing.

The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case.

The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate.

Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along.

I think they have fixed the encryption piece and they have supposedly fixed training. I haven't seen the new training modules yet. The reporting and metrics will be improved in the next release, from what I understand.

The solution is very stable. We haven't had any issues.

We were able to increase it. It's scalable, but with some work on-prem; we're not cloud. But it is scalable. The issues were mostly from our environment: networking and support.

My team only is the only team that's using it and it's one hundred percent part of our daily functions. We have plans to increase usage, and extensively. We're about 50 percent of the way to where we want it to be.

Technical support is excellent.

We did not have a previous solution.

The setup was complex. The data mapping was complex because of our own structure and environment. From start to finish, it took us about three-and-a-half months before we went to production.

In terms of an implementation strategy, we worked with Securonix to develop a statement of work and we followed that. It included development and identification of data sources, implementing or ingesting those data sources, and applying use cases to those data sources as we fed them in.

Securonix helped us to deploy the solution. Our experience with them was very good; excellent.

So far we have seen ROI. We would like to see even better ROI. 

We pay yearly.

We did a PoC between two solutions and we chose Securonix. The other solution was Exabeam. One of the reasons we went with it is that someone had used Securonix at a different company. The scalability, the interface, and the results that it provided were also factors in our decision to go with it.

The biggest lesson we have learned from using Securonix is to start small. Don't throw everything at it. Start with one single use case and build out. Don't throw all the use cases into it at once. Otherwise, it's too much work, you get flooded with too much data, you can't focus on what's important, and you can't clean it as quickly. You can clean it, but it will take a lot of time.

My advice is to go with the cloud solution and, as I said, start small. Don't try to ingest everything at once. And don't create use cases for everything under the sun.

Because we're on-prem, we've had to both focus on threats and on the engineering of the platform. They provide support, but we still have some engineering overhead on our side.

We have five users using it and they're all investigator-analysts. We deployed with the help of four people who are security engineers, and maintenance is pretty much done by the two Securonix support people we have.

Overall, I would rate Securonix at eight out of ten. We're still going through it, developing, learning, and we find issues.

My use cases relate to SIEM. 

I like Securonix Next-Gen SIEM's integration with in-house AI. I use its behavior analytics feature and am happy with it. It helps to enhance security. 

The solution's AI features reduce the need for manual analysis and help in decision-making. It displays the report in seconds.  It saves my resources three to four hours of work. 

Securonix Next-Gen SIEM's deployment is complex and you need a team to do it. 

I have been using the product for two years. 

I rate the solution's stability a ten out of ten. 

The tool is scalable since it's on the cloud. There are no limitations. 

I haven't contacted the technical support since we have a strong in-house team. 

We did the deployment in-house. 

The solution's price is double the competitors. 

I would recommend Securonix Next-Gen SIEM to SMBs if they have the money. I rate it a ten out of ten.