2021-07-23T09:35:00Z
Navin Rehnius - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
  • 9
  • 232

What SOC product do you recommend?

Hi community members,

I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.

Based on your experience, which SOC tool/solution would you recommend and why?

12
PeerSpot user
12 Answers
JC
Senior Security Analyst at a financial services firm with 501-1,000 employees
Real User
2021-07-27T14:45:26Z
Jul 27, 2021

For tools I’d recommend: 


-SIEM- LogRhythm


-SOAR- Palo Alto XSOAR


Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.


Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.


If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Jul 27, 2021

@Jack Callaghan do you also have any good recommendations for an XDR product? 

PeerSpot user
Product comparison that may be of interest to you
Kumar Mahadevan - PeerSpot reviewer
IT Infrastructure Analyst at AG Group
Real User
Top 5Leaderboard
2021-07-26T03:13:53Z
Jul 26, 2021

I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module.


The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?

Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
2021-08-10T21:08:09Z
Aug 10, 2021

Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).

Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Reseller
Top 5Leaderboard
2021-07-26T09:03:14Z
Jul 26, 2021

I have no experience with Rapid 7 or InsightIDR. 


IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement. 


Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.

JC
Senior Security Analyst at a financial services firm with 501-1,000 employees
Real User
2021-07-28T06:02:02Z
Jul 28, 2021

@Evgeny Belenky, ​ I found Stellar to be quite intriguing. 


I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.

Ishan Kukreti - PeerSpot reviewer
Director at IP Infotech Pvt. Ltd.
Reseller
Top 5Leaderboard
2021-07-28T05:11:54Z
Jul 28, 2021

COMODO MDR 

Find out what your peers are saying about IBM QRadar vs. Splunk and other solutions. Updated: October 2022.
653,522 professionals have used our research since 2012.
John Stanford - PeerSpot reviewer
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
Real User
2021-07-26T19:06:05Z
Jul 26, 2021

Disclaimer: ICE Consulting offers SOC as a Service to our Clients.


For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.


Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix. 


Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.


Make sure training for the use of the service is included.  We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.


Good Luck!

Ishan Kukreti - PeerSpot reviewer
Director at IP Infotech Pvt. Ltd.
Reseller
Top 5Leaderboard
2021-07-26T05:52:39Z
Jul 26, 2021

COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports. 

Ishan Kukreti - PeerSpot reviewer
Director at IP Infotech Pvt. Ltd.
Reseller
Top 5Leaderboard
2021-07-26T05:26:09Z
Jul 26, 2021

I prefer the COMODO SOC solution because it is a very good and easy to deploy product.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Jul 26, 2021

@Ishan Kukreti, can you please be more specific about it: what features/ other aspects are positive about it? Thanks.

PeerSpot user
Kashif Ali - PeerSpot reviewer
Unit Head Titanium (Security Solution) at RapidCompute
Real User
2021-07-26T05:04:26Z
Jul 26, 2021

We are using LogRthythm SIEM complete case management and offer SIEM/SOC as service.

Vendor
Top 20
2021-08-09T10:08:21Z
Aug 9, 2021

If you are a small and medium-sized business, I recommend UTMStack; this free SIEM (a free community option) includes all essential cybersecurity services, including SOC, at a low price. https://utmstack.com/

Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Real User
ExpertModerator
2021-08-07T12:29:50Z
Aug 7, 2021

Splunk, ELK, AlienVault. depending on the requirement, outcome and budget.

Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jan 20, 2022
Hi dear professionals, How would you compare Securonix and Splunk as a SIEM enterprise solution? 
See 1 answer
Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
Jan 20, 2022
I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.  There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 17, 2021
Which is better and why?
See 2 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Oct 22, 2021
Hi @Netanya Carmi​, Below are some comparisons on features and Integrations.  Azure Monitor Splunk Full observability into your applications, infrastructure, and network. It provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications; Search, monitor, analyze and visualize machine data. Splunk Inc. provides the leading platform for Operational Intelligence. Customers use Splunk to search, monitor, analyze and visualize machine data.                                    IT Infrastructure Monitoring Features Application Monitoring √ √ Bandwidth Monitoring √ X Capacity Planning √ X Configuration Change Management √ √ Data Movement Monitoring √ √ Health Monitoring √ X Multi-Platform Support √ X Performance Monitoring √ √ Point-in-Time Visibility √ X Reporting / Analytics √ √ Virtual Machine Monitoring √ X                                                 Integrations Squadcast √ √ Amazon EKS X √ Amazon Redshift X √ Amazon Web Services (AWS) X √ Azure DevOps Services √ X Azure Logic Apps √ X Azure Stack √ X Beats √ X CMS Hub X √ CyberOne X √
Nov 17, 2021
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy. The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus. Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform. There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better. Conclusion: For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top User Behavior Analytics - UEBA Tools...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 9, 2021
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis. In today’s ever-evolving cybersecurity climate, businesses face more threats than ever before. Finding the right SIEM is crucia...
2 out of 6 comments
CraigHeartwell - PeerSpot reviewer
Visionary at Whaduu, LLC
Jul 12, 2021
Excellent article.  ArcSight claims to use ML - they are not listed under ML here (?).  Can LogRhythm handle your correlation logic example?  A simple comparison table would be very useful (features, checkmarks).
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jul 12, 2021
@CraigHeartwell, ​thanks for your spelling correction.  ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic. SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
2 out of 3 comments
MK
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
John Stanford - PeerSpot reviewer
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Mar 29, 2021
End-users can connect with different options: by cloud (AWS, Microsoft Azure or other cloud providers), by a SaaS solution or from their own datacenter. The next option is Multi Cloud and hybrid - this makes it difficult to find reasons for a performance problem.  Now users have to deal with many options for their network. You have to take into account problems such as latency and congestion...
See 1 comment
SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
Assoc Quality Analyst at OptumServe Technology Services
Mar 29, 2021
On top of this Cloud Infrastructure | Oracle is getting into frontline of the SAAS.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Top 7 User Behavior Analytics (UEBA) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Related Categories
Download Free Report
Download our FREE report comparing IBM QRadar and Splunk based on reviews, features, and more! Updated: October 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.