I use the solution as a SIEM and managed SOC. It collects events and incidents from all our systems like, EDR, NDR, servers, and switches. The managed SOC team raises incidents for us to review and take action on.
Has good integration capability and provides information and events but improvement is needed in information retrieval speed
What is our primary use case?
How has it helped my organization?
By integrating the main & critical system with ClearSkies, it provide centralized visibility over the network, servers, devices, & applications. And provide unified view security across the infrastructure.
What is most valuable?
The best features are the comprehensive event collection and analysis. Once set up properly, we receive all events and information. The team analyzes our data and presents incidents to us. We can communicate with their team to escalate and resolve incidents. It has a feature we use to search for information about our environment and past incidents. This is very valuable.
The integration capability is very good - the ClearSkies SaaS NG SIEM team is collaborative. We've integrated most of our systems, including EDR and NDR. They have agents to collect events from servers and assets.
What needs improvement?
The main issue for improvement is the platform's slowness in presenting information. Retrieving information can take a little time when clicking on something.
For how long have I used the solution?
I have been using the product for 7 years.
What do I think about the stability of the solution?
I'm satisfied with how stable the ClearSkies SaaS NG SIEM solution is. It's getting better and better over time.
What do I think about the scalability of the solution?
It's good for scalability in terms of adding assets and collecting more information, but it depends on buying more licenses—so it's scalable with money.
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
It's a cloud solution, so installation is easy. We don't need to do any maintenance ourselves. When there's maintenance, they send a notification, and we just wait for them to finish the update. The cloud aspect means we don't have to handle any maintenance tasks.
What was our ROI?
The main ROI from any SIEM is to avoid losses like breaches, fines, downtimes, & efficiency gains through out the security operations.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I'd say it's in the middle range. Pricing is very good compared to others.
What other advice do I have?
The tool is introducing AI features now, which we're just starting to check out to see how they'll benefit us. We're using some AI features, like real-time analysis and threat intelligence. They also offer vulnerability, identity, and access management, but we're not using those.
I rate the overall product a seven out of ten.
