What is our primary use case?
Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.
How has it helped my organization?
In our company, around 200-300 people are using Wazuh. Most of them are regular employees, such as HR and IT personnel. Additionally, there are some stock traders who also use the solution.
What is most valuable?
There are three key strengths of Wazuh that stand out to me.
Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.
Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.
Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.
What needs improvement?
One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies.
In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.
For how long have I used the solution?
As a stock analyst, I have been using Wazuh as my preferred solution for the past three and a half years, and I am currently using the latest version available.
What do I think about the stability of the solution?
I would rate the stability of Wazuh a six out of ten. At times, there have been issues with bugs in the configuration, which can lead to unexpected use cases.
What do I think about the scalability of the solution?
I would rate the scalability of Wazuh a seven out of ten because it cannot perform deep data analysis.
How are customer service and support?
A few years back, when I deployed Wazuh for the first time, there was no cloud model available, so they didn't offer support for on-premises deployments. However, with the cloud model now in place, the support is much better. That being said, the customer service and support still require improvement.
How would you rate customer service and support?
How was the initial setup?
I found it to be more straightforward compared to other products like Splunk and Scalyr.
You can get started within five minutes.
What about the implementation team?
Deploying Wazuh can be done by one person, but for proper configuration within a specific use case, it is recommended to have at least three to four experienced individuals involved in the deployment process.
What was our ROI?
I have a level three analyst on my team, and as a stock analyst, I am aware that they also offer an MSP program that provides partnership offerings and other related services. However, I am not very familiar with it.
What's my experience with pricing, setup cost, and licensing?
Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price would be around $23 to $24.
Compared to its competitors like ELK Stack and other similar products, Wazuh offers a reasonable price point, with many of its competitors priced higher.
Which other solutions did I evaluate?
What other advice do I have?
Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender.
In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.