IT Central Station is now PeerSpot: Here's why

What SOC product do you recommend?

Navin Rehnius - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees

Hi community members,

I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.

Based on your experience, which SOC tool/solution would you recommend and why?

PeerSpot user
1214 Answers

Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@Jack Callaghan do you also have any good recommendations for an XDR product? 

Kumar Mahadevan - PeerSpot reviewer
Top 5LeaderboardReal User

I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module.

The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?

Jairo Willian Pereira - PeerSpot reviewer
Top 5LeaderboardReal User

Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).

Tjeerd Saijoen - PeerSpot reviewer
Top 5LeaderboardReseller

I have no experience with Rapid 7 or InsightIDR. 

IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement. 

Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.

Jack Callaghan - PeerSpot reviewer
Real User

@Evgeny Belenky, ​ I found Stellar to be quite intriguing. 

I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.

Ishan Kukreti - PeerSpot reviewer
Top 5Real User


John Stanford - PeerSpot reviewer
Top 10Real User

Disclaimer: ICE Consulting offers SOC as a Service to our Clients.

For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.

Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix. 

Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.

Make sure training for the use of the service is included.  We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.

Good Luck!

Ishan Kukreti - PeerSpot reviewer
Top 5Real User

COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports. 

Ishan Kukreti - PeerSpot reviewer
Top 5Real User

I prefer the COMODO SOC solution because it is a very good and easy to deploy product.

Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@Ishan Kukreti, can you please be more specific about it: what features/ other aspects are positive about it? Thanks.

Kashif Ali - PeerSpot reviewer
Real User

We are using LogRthythm SIEM complete case management and offer SIEM/SOC as service.

Felicia Jonelle - PeerSpot reviewer

If you are a small and medium-sized business, I recommend UTMStack; this free SIEM (a free community option) includes all essential cybersecurity services, including SOC, at a low price.

Shibu Babuchandran - PeerSpot reviewer
ExpertModeratorReal User

Splunk, ELK, AlienVault. depending on the requirement, outcome and budget.