Securonix Next-Gen SIEM Reviews

We work with CrowdStrike, Securonix Next-Gen SIEM, and other cybersecurity products such as Gurucul. We are a service provider and partner of Securonix Next-Gen SIEM. We operate as a reseller of Securonix Next-Gen SIEM for their customers' cybersecurity as their primary defense mechanism.

They are very updated. Their customer responses are great, and they keep using the new AI tools to keep themselves at the edge of the game.

This is very helpful because there are many false positives which keep cropping up, and one of the things that Securonix Next-Gen SIEM does very well is ensuring they don't give attention to false positives. They don't take attention away from the real problems and reduce a lot of noise.

We look forward to more developments from Securonix Next-Gen SIEM in terms of their service turnaround times and staying connected with customers.

Given that they have already started improving on the service levels, there isn't much we can recommend at this point. We will wait and see how things unfold.

We have been using the solution for about four years.

We have experienced no latency issues with the system.

It's fairly scalable. We have not had any customers come back to say they cannot scale at the speed of their business growth. Typically, Securonix Next-Gen SIEM is chosen by customers who are already fairly large. They don't have very small customers implementing Securonix Next-Gen SIEM.

It's certainly meant for large entities and to some extent medium entities who are on a growth trajectory, but certainly not for small ones.

They excel in response times and quick reactions when there's an actual threat. We work with a particular team which is regionally based out of the Middle East, and they have been very responsive, so we don't want to make any changes.

Positive

The solution is easily integrable and fairly easy to implement.

The solution is definitely not expensive. It's benchmarked against others in this space, and we haven't received any negative feedback about pricing from customers or prospects.

The choice depends on the posture that the particular company would take. If they are more mobile intensive with more endpoints, they would go for solutions from companies such as CrowdStrike. It also depends on which tool the CISO and the rest of their team is more comfortable dealing with.

Automated threat hunting is an evolving space because you can only hunt so many threats, but there are always some that go completely unnoticed. You only know what you know.

The system is pretty robust because it covers all applications and the entire spectrum. There are cycles that you keep going through and review periodically.

Whatever feedback we provide to the Securonix Next-Gen SIEM team, they have been very forthcoming.

I rate Securonix Next-Gen SIEM a 9 out of 10.

We have actually used our company, which is a large one, and we are using multiple Securonix Next-Gen SIEM technologies. For the on-premises environment, we are using Securonix Next-Gen SIEM, and for cloud, we are using Sentinel.

We primarily use Securonix Next-Gen SIEM to detect policy violations, firewall detection, and other basic parts for the on-premises system, but we primarily focus on the cloud solution because cloud is the scope of our work and we are moving to cloud slowly.

The other SIEM solutions lack an option for big data analysis, whereas in the Securonix Next-Gen SIEM, we have this option, so considering the scope of the project we planned, we chose Securonix Next-Gen SIEM over other vendors.

We utilize user and entity behavior analytics in the Securonix Next-Gen SIEM.

The reporting in the Securonix Next-Gen SIEM is very good, and the dashboard is great.

We have a separate dashboard for MTTD and MTTR. Compared to the previous solution we used, Securonix Next-Gen SIEM has many advantages on the MTTR part, as the containment and alerts automations are feasible from the response point of view.

The customization in Securonix Next-Gen SIEM is more difficult compared to other solutions. At the operation level, we are not facing many challenges with automating things using Securonix Next-Gen SIEM, but at the admin level, we have many challenges where log parsing is causing issues and compatibility is not present.

The primary technology challenge we have is not at the security tools level. For example, firewall Cisco and others are capable. However, specific to product, for SAP, we are using certain products, and developing custom connectors for each product, especially the internal applications, is difficult, and Securonix Next-Gen SIEM is not up to the mark.

I have been working with Securonix Next-Gen SIEM for almost one and a half years, and we have undergone a major migration. Earlier, we were an individual company, but we have now merged with MBD, so the bank scope has been widely spread, and we have migrated to Securonix Next-Gen SIEM.

We had an individual product before we purchased Securonix Next-Gen SIEM, having separate SOAR and SIEM solutions, along with separate tools for each activity. Securonix Next-Gen SIEM has built a centralized environment where we can perform all these tasks without any dependency on a separate SOAR solution for containing alerts' action items, and the big data plays a major role, allowing a large setup of datasets to be parsed into Securonix Next-Gen SIEM without issues.

The stability of Securonix Next-Gen SIEM is based on the events we are processing. For certain solutions where not much log is generated or stored, it handles tasks efficiently, but where a large number of logs are generated in a short time, it keeps them as a cache and releases them as an event, which takes some time. It is stable, but only at a certain level.

I do not face any challenges regarding scalability. I can rate it around eight to nine, and it is very scalable and capable of handling tasks, especially for the on-premises product.

For technical support, I can rate it as seven. They also have the same issues other vendors are facing. They are good at resolving issues but not all of them. When we reach out to someone, we often wait for the right person with the right skills to come and fix the solution, which is the major challenge.

Neutral

We validated ArcSight, Securonix Next-Gen SIEM, and Splunk while considering suitable SIEM solutions. Before using Securonix Next-Gen SIEM, we used ArcSight, where the integration created many issues, particularly data integration, because most end-of-life service systems are not supported in ArcSight, and regular content updates are not up to the mark. Securonix Next-Gen SIEM provides both options, which made us switch from ArcSight.

We also considered Splunk, and we noticed the customization in our organization is not at the level we need. We tried providing some applications to develop a custom parser, but we do not think Splunk is capable of handling such complexities.

As I mentioned, it has been hardly a year. We have a premium subscription with the vendor for Securonix Next-Gen SIEM implementation and related activities, and so far, we have never faced any issues since the vendor support is available. It may become a challenge in the fourth year if we do not renew as a premium license and go with an operational license.

It does take some time to get there.

I would rate Securonix Next-Gen SIEM as six to seven out of ten.

From my perspective, it changes based on the organization using it. If your scope focuses on big data, I recommend going with Securonix Next-Gen SIEM. If you plan to maintain the same level of scope in the on-premises environment without any advanced technology, then I would suggest going with better SIEM solutions.

We use Securonix for alert generation by feeding events from different data sources and creating policies. Based on policy violations, we manage alerts. It's essentially a SIEM system for what we do with Securonix.

One of the valuable features of Securonix is the auto-incident creation, which was not available two or three years ago. Previously, we had to create incidents manually when a violation was triggered. Now, the process is automatic, reducing our workload. Additionally, behavioral analytics is a useful function, even though it sometimes triggers due to legitimate actions. It requires fine-tuning but correctly detects abnormal behavior.

When dealing with a large amount of data, such as when firewall logs increase, queries sometimes crash or get stuck. This issue became noticeable after transitioning from a NetApp to a Snowflake environment. Improving this would be helpful.

I have been using Securonix for the last three years.

I would rate stability as an eight out of ten.

I rate scalability as seven out of ten.

The technical support from Securonix is good. If I raise a ticket, it initially goes to the L1 team, but the next level of escalation is really effective. Response times are satisfactory and meet deadlines.

Neutral

I have used other SIEM and SOAR solutions that automatically assign incidents to engineers, which would be a beneficial feature to add in Securonix.

Our tech team handles the setup outside of my working hours, and the process is simple.

I'm not sure about subscriptions and pricing as it's handled by others.

The main competitors to Securonix are Splunk and QRadar.

If you could improve query stability with large data sources, it would be beneficial. 

Overall, I rate Securonix as an eight out of ten.

We use Securonix Next-Gen SIEM as a SIEM, security incident and event management solution in our organization.

Securonix Next-Gen SIEM has effective features for threat detection, such as models and custom trap models which are useful. Its integration capabilities are good and comprehensive, allowing us to connect with various necessary components. 

Additionally, the AI capabilities enhance threat detection, although they were relatively new at the time. Finally, the solution has shown to be time-saving in the long run.

The passing and setup are quite complex at the beginning, making onboarding not smooth, which is an area that needs improvement.

We have been using the solution for around two years.

I rate the stability of the solution as eight on a scale of one to ten.

The solution is scalable as it is cloud-based and cloud-native.

Customer support is rated around seven to eight out of ten. The support system requires creating support requests, and there is no UK-based support, which leads to delays in waiting for US support.

Positive

Previously, we used Splunk. We switched to Securonix Next-Gen SIEM since Splunk required a lot of hand-holding in terms of creating rules and models. We needed a solution out of the box as we have a small team.

The initial setup involved complex passing and setup, which made the onboarding process not smooth.

Deployment was handled by the vendor, Securonix themselves.

The solution is time-saving, particularly in the long run after it is deployed, enabling us to get value promptly.

The pricing has similar ingestion charges compared to other solutions, such as Splunk.

We compared Securonix with Exabeam before deployment.

I would recommend Securonix Next-Gen SIEM depending on the use case. For a small team that wants to get things done without much additional work, it is suitable. 

Overall, I would rate the solution at eight point five.

We use Securonix Next-Gen SIEM primarily for managed SOC, focusing on threat detection, baselining, and ensuring the maturity of our SOC security operations. 

It is integrated with threat intelligence and utilizes frameworks like MITRE ATT&CK and the Cyber Kill Chain. 

The solution helps in threat detection, especially with use cases like brute force attacks, port scans (both horizontal and vertical), other insider threat activities, Privileged access abuse, Ransomware detection and Data exfiltration prevention. We also customize and fine-tune these use cases based on our requirements.

Securonix Next-Gen SIEM has significantly improved the visibility of tools and technologies within the environment. 

It enhances our security posture by providing comprehensive oversight of users and devices, aiding in threat detection and prevention. 

Additionally, its scalability and ease of onboarding new devices and technologies have streamlined our security operations.

The most valuable feature of Securonix Next-Gen SIEM is its advance analytics, flexibility and scalability. We ingest billions of logs without worrying about resource allocation. This makes it a robust and cost-effective solution for our needs. Its user entity and behavior analytics (UEBA) are also integral for detecting insider threats and lateral movements within the organization. These features help organizations strengthen their security posture, protect sensitive data, and maintain compliance with strict regulatory requirements.

The dashboards in Securonix Next-Gen SIEM need more customization and informational capabilities. 

The reporting features also require improvements. 

Additionally, the multi-tenancy functionality should be enhanced to allow individual consoles for different customers, which is currently a limitation. This feedback has been given to Securonix for future improvements.

I have previous experience with Securonix Next-Gen SIEM for almost three years in deployment management and baselining in my past experience.

Securonix Next-Gen SIEM is very stable and reliable, but like any sophisticated security platform, its stability depends on several factors, including deployment architecture, environment, and proper maintenance. It handles billions of logs efficiently, along with the managed service, ensure its reliable performance especially when deployed in the cloud. However, to maintain long-term stability, it's important to ensure the platform is well-resourced, updated regularly, and properly configured. When implemented correctly, Securonix SIEM delivers reliable performance and security monitoring without significant interruptions.

The scalability of Securonix Next-Gen SIEM is seamless. We don't have to worry about resource allocation as long as we have the required EPS licenses. The solution is designed to scale according to our needs without any hassle.

Securonix is generally regarded for its strong customer service and support, which is a critical factor in ensuring the success of complex security solutions like SIEM. Overall, Securonix offers solid and responsive support with a team that is technically proficient and helpful, especially in complex deployments. The proactive guidance, customization support, and strong documentation make it easier for organizations to implement and maintain their SIEM effectively. However, for critical issues, it's advisable to escalate promptly and ensure you're engaging the appropriate level of support for your organization's needs. 

Positive

Prior to Securonix, we evaluated LogRhythm and IBM QRadar. Based on our company’s requirements, reduced operational overhead, lower TCO and improved threat detection Securonix Next-Gen SIEM was the best fit.

The initial setup includes evaluating technology that fits our organizational needs, signing NDAs, scoping, providing inventory, and EPS calculation. Once we procure the licenses, there is an expectation setting for onboarding, followed by workflows for exchanging guides, documents, and prerequisites. After the environment is ready, we proceed with onboarding.

I was closely working with the internal team and the vendor, leading the project. Including me, there were four people involved in the onboarding and baselining part.

From a business point of view, it can be assessed in both quantitative and qualitative terms. The ROI may vary depending on the organization’s size, security needs, and how well the platform is utilized and is highly positive in environments with high compliance requirements, frequent security incidents, or large amounts of data to process. By reducing incidents, improving operational efficiency, and simplifying compliance, the cost savings and protection against expensive breaches can quickly outweigh the initial investment.

The pricing of Securonix Next-Gen SIEM is reasonable, especially considering the package they provide. If we went with the same package with another vendor, it would be significantly more expensive. It’s value for money.

Before choosing Securonix, we evaluated LogRhythm and IBM QRadar. Based on our requirements need for more advanced analytics, scalability, better cloud integration, and automated threat detection., Securonix Next-Gen SIEM was found to be the best fit.

My recommendation would be to evaluate the solution precisely based on the company's requirements to avoid scalability issues in the future. Careful calculation of the EPS during initial sizing is crucial as it can become costly to procure additional EPS licenses later.

I'd rate the solution eight out of ten.

I use this solution for security monitoring and user behavior analytics. Banks, governments, and the oil and gas sector utilize it.

The software includes user behavior interactions, dashboards, and training capabilities. These features are interactive, allowing for comprehensive engagement.

In terms of improvements, SIEM could have better integration with other technologies. 

Additionally, it might benefit from integration with other sources, such as firewalls. It all depends on specific use cases.

I have been using the solution for three years.

I have found the solution to be stable.

The system is very scalable, and I would rate it around eight out of ten.

I find customer service to be very good.

Neutral

The initial setup is not very complex, however, it does have its intricacies, and I would rate it around seven out of ten.

The return on investment depends on the customer. It typically takes at least a year to realize the value.

Comparatively, it is reasonable when compared to solutions like Splunk and Exabeam. Licensing is based on events per second (EPS), costing between $50 to $60 per EPS.

My rating for the solution would be around eight out of ten. 

If organizations are on a journey to move to cloud, I recommend transitioning to Securonix over an on-premise solution due to its ease of deployment in cloud.

We use it for user behavior analytics in a hospital. Consider patient health information. We use the product to understand where the information is, who's using it, who's accessing it, whether the access is authorized or unauthorized, and whether there is a possible risk of someone stealing that data. There are many such use cases.

Additionally, we can find who's accessing the data at a particular time in the hospital network. It is flagged as a potential risk if it is an unlikely behavior. When unauthorized access is made, an investigation is launched. There are similar use cases of Securonix that we built in hospitals in the US over the last six or seven years.

The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry.

The solution could provide more automation. There should be proactive creation of use cases specific to particular hospitals. What we get out of the box is not necessarily good enough. We have to build the use cases as a service provider. There's room to improve the use cases provided by Securonix.

We are partners and managed service providers of the solution in multiple markets across different regions.

The product is stable. I would rate the stability an eight out of ten.

The solution is scalable. It is the size of the organization that determines the number of users. It could be 10,000 or 20,000 users if it's a large organization. Sometimes, we see up to 30,000 users in a large corporation across multiple geographies. It all depends on the size of the company. Anything above 10,000 users is the standard size that we get with Securonix. I rate the scalability an eight out of ten.

The initial setup is easy. I don't see that as a challenge. All the features are user-friendly, and anyone with basic training should be able to install and get it started.

Generally, government clients or large enterprises prefer the product on-premises. Around 20 to 30% of our clients prefer to have it on the cloud. Most of our clients have installed it on-premises because they are very large companies. Fortune 500 companies would prefer to have it in their own environment and not on the cloud. However, Fortune 2000 or Fortune 5000 companies would be more interested in a cloud environment.

Compared to other known brands in the industry, the overall cost of the licenses is a bit higher than what customers expect. We have segmented Securonix as a platform for high-end customers, large banks and hospitals. The product is not suitable for mid-tier customers.

There are no hidden costs. The product has a transparent policy. The cost of the platform could depend on the number of users. There could be one price for one user per month. It is typically how all such platforms are priced. The pricing can also be done based on data usage. It would depend on how much data we are processing and managing.

We have clients in Europe and US. The tool is pretty good in the market. We must keep our eyes and ears open and look for different products. Nothing in the world of cybersecurity is going to stay for long. We see dynamic changes happening in the environment. As we see new threats emerging, the tools that are scalable and responsive are the only tools that will matter. We must keep benchmarking and checking out the best in the market.

Overall, I rate the solution a nine out of ten.

We use Securonix to monitor attempted malware attacks. It sends us alerts, so we can investigate suspicious entities. We'll refer it to the consent team, who will give their solution or comments. 

We have a server where all the data is stored. The Securonix people will take the data from that server, encrypt it, and send it back to the application. From there, we can work on the alert and monitor the data.

The product reduced our investigation times by about 85 percent. Data and geolocation enrichment are the two essential components of the detection part. When there is an IPS alert, we generally need to check to see where the IP is located. Securonix will tell you where the IP is located in the city and country. Securonix helped a lot when the Log4j cybersecurity attack broke out last year. It enabled us to investigate that threat deeper. 

The behavioral analytics features reduce our false positive rate compared to traditional antivirus and cut the time spent detecting and responding to threats by about two hours each week. 

Next-Gen SIEM provides valuable contextual information about security events. We are adding all the information, like user data, from Active Directory. Whenever a user is terminated or retires, we will get an alert stating that the user has separated. 

The built-in management tool improved our security teams' efficiency. You can raise a ticket with one click when you see something suspicious. You can work on it and do your analysis in the backend. It will open a ticket and send it to the teams. 

The analysis will be completed in 15 to 25 minutes. The solution will email the consent team to tell them they need immediate action. In other tools, we have to go to another third-party tool to raise a ticket, and we need to escalate the issue ourselves. There is typically another procedure, but Securonix has a built-in management tool. This reduces a process that would typically take an hour to about 15 or 25 minutes.

It also helped us avoid data loss because we integrated SharePoint into Securonix. We get a notification when someone deletes files in Sharepoint that reports the SharePoint link, the user, deleted files, etc. We will investigate whether it's a legitimate activity or something else. 

The most attractive feature of Next-Gen SIEM is UEBA. The solution creates a user baseline and detects spikes and outliers. Before we started using Next-Gen SIEM, we used traditional signature-based detection. Signature-based detection checks whether a malware signature exists in the database, whereas behavioral detection analyzes all the data.

For example, let's say a given user accessed a device ten times in the last 30 days during regular business hours on weekdays. Next-Gen SIEM will send an alert if the user accesses the device on the weekend or 20 times in a single day. Based on that, we will investigate and email the manager.

The correlation rules and the Spotter carriers are essential in any SIEM. One new feature I like is the Autonomous Threat Sweeper. We will get a notification that a recent attack has entered the environment. They'll provide all the information we need to investigate. It's an excellent feature, but we've only been using it for three to four months. Threat Sweeper does the job in the background whenever we all have some other work. We go through the notifications and decide whether they're essential or not. 

Threat Sweeper is handy. It will clearly show where the anomaly in the data occurs. There is clear information about the IOCs, IP addresses, domain names, etc. We can easily run it in the background and forward the same threat detection report to the other consult teams, like the network and server teams. Another new feature is XDR. I haven't used it, but I've heard it uses signatures and behavioral analysis efficiently.

When I started to use Securonix, I was a little confused, but I could pick it up after a week. Everything is UI-based, and all the information is available on one page, so you don't need to go to different tabs to get what you need. It's very user-friendly. With a click, you can open all the reports you want and generate as many queries as you need. There's no need to use commands.

It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process. 

I have been using Securonix for about a year and a half.

We can rely on Securonix. Whenever we get a new solution or new part, we'll always follow the vendor's suggestions, and they will give us an idea about what is happening or what we have to do.

Securonix is scalable.

I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours. 

I previously used McAfee's SIEM solution. I switched because I shifted to another project using Securonix. Securonix is faster and more user-friendly. McAfee takes five minutes to load, whereas Securonix will load in the blink of an eye, and I never face any slowness in the application in Securonix. It takes an hour to generate a report on McAfee. It's no competition for Securonix.

I joined after the implementation, but it requires very little maintenance after deployment. We have one or two hours of downtime for quarterly maintenance. 

I rate Securonix Next-Gen SIEM nine out of ten. If you plan to implement Securonix, I recommend buying it now because they're offering a limited-time discount. It's an excellent SIEM, and anyone can afford it right now. 

We are using it for monitoring firewalls, Windows operating systems, some Linux operating systems, active directories, and some of the solutions in the cloud such as Office.

In terms of deployment, everything is in the cloud. Our licenses are on the cloud. We don't deploy anything on premises except the RIN.

We are a managed service provider, and we offer this service to third-party clients. Most of our clients are very happy with the solution. We can detect a lot of threats, which are not false positives, and we can describe the threats very well. A lot of information can be obtained from this SIEM, and we can provide very good incident reports to our clients.

We were using another solution previously. The other solution couldn't compete with the features and functionality that we were looking for as a managed service provider. Some clients ask for specific features, and we couldn't complete those needs with other products. They were more about calculations, such as events per second (EPS). With Securonix, it is easier to sell the product and make quotes for our clients. It has helped us a lot at the administration, commercial, and operation levels.

It provides actionable intelligence on threats related to our use cases. It can detect violations and reduce false positives. This actionable intelligence is one of the most important parts because we have suffered with some of the other solutions in terms of receiving a lot of events and alarms where most of them were false positives, which made it a bit difficult for us to investigate and generate incident reports. Securonix is handy for engineers and the security operations center.

Its analytics-driven approach is pretty good at finding sophisticated threats and reducing false positives. When it comes to monitoring network devices, such as firewalls, it can detect behaviors that would be difficult for other solutions to detect or for normal engineers to detect manually. It has a lot of violation policies, and it is very handy and helpful at this level.

It adds contextual information to security events, which is one of the most important points. We can fill a lot of information into our reports for our clients.

Everything is saved for us and indexed. We can review any event we need within three or six months. We can review even when the data is in the cold phase. We never faced any case where we lost any event data. When clients asked about some events in the past, we could find them very easily and without any issues by using the queries.

It improves analysts' efficiency to do more with less time. Spotter is one of the best tools for me for searching and visualizing various things such as policies. With the Spotter language, you can search for whatever you need. You can search for any endpoint, any IP, any hostname, or any violation name. Even though it is not very fast, it is fine for us. Splunk or Elasticsearch is faster than Securonix because this is their job. Even though Spotter is not as fast, it has been helpful for us.

The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions. This was one of the reasons we decided to try or move to Securonix. Other products generated thousands of events, and a lot of them were false positives, which made it difficult for us to handle all the events. For example, we were monitoring a firewall internally, and that firewall generated about five million events per month. The previous product detected almost 1,000 to 1,500 events as positive events, whereas Securonix generates less than 200 events, and most of them are not false positives.

It can integrate with a lot of solutions. Being able to ingest all our log sources when investigating threats is one of the good points of Securonix. After we started to use Securonix, we could integrate a lot of solutions, which we couldn’t do previously. It works with many devices, platforms, and cloud solutions. It is pretty good in terms of integration.

The incident response area should be improved.

It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult.

When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

I have been using this solution for one year.

It is stable, but it slows down or gets stuck when you have a lot of tabs open.

Overall, it is scalable, but when you are investigating a lot and you have a lot of tabs open and are involved in big work, it sometimes becomes slow or gets stuck.

In terms of its users, our SOC team has three engineers, and I am the fourth one. We have three clients for now for Securonix. We use it internally to monitor our company. Overall, there are five or six users using the interface, investigating, and reporting to the clients.

Most of the time, their support is very good, but sometimes, we had to escalate the issues. Sometimes, we opened a ticket, and we immediately received an answer for fixing the issue, but at other times, we got a response after one, two, three, or even seven days. I guess it is based on the impact or severity, but when we have an urgent issue or problem, Securonix solves it very fast. I would rate them an 8 out of 10.

Positive

We were previously using Splunk, and we wanted to continue, but when we did the evaluation, we found Splunk to be more difficult to implement than others. It is fine to operate it, but its implementation is more difficult. It also had fewer features than Securonix. Securonix is dedicated to security information event management, but this is not the main functionality of Splunk. Even though Splunk is very strong in security, and we have been using it, when it comes to, for example, machine learning, Securonix has pre-configured policies. So, we don't have to spend that much time, whereas when it comes to Splunk, we have to configure everything. We have to install the applications and configure the dashboards. Considering the functionalities, features, and pricing, we felt that Securonix would be the best option.

It is better than previous solutions in terms of threat investigations and onboarding. That's because most of the other solutions are based on rules. Sometimes, there is no intelligence when it comes to detection, whereas Securonix has policies that are a collection of rules. Securonix doesn't only extract the log and tells us that it is a low-impact event or informative event. It also tries to correlate most of the events according to the policies and takes us to the main point. This is how Securonix has helped us to reduce a lot of false positives. Other solutions only worked with rules, and they only sent us events. We had to review most of those events, which is not the case with Securonix. It has a lot of policies for all types of detections. There are almost 1,000 policies, and Securonix can correlate various types of behaviors and pieces of evidence to detect advanced threats. It is good at this level.

We have the cloud license of Securonix. Everything is on the cloud. We only implement RIN on-premises, which is straightforward. You just download the executable, give it permission, and execute it. You provide the information it asks. There are a few packages that you need to install previously, but overall, it is very handy and straightforward.

I implemented it on my own. 

Its price is fine. We found it to be cheaper than LogRhythm, Exabeam, Splunk, as well as Elastic Security. A few months ago, when we were comparing Securonix with Elastic Security, we found Securonix to be cheaper than Elasticsearch. We were pretty surprised that Elastic Security is more expensive than Securonix because Elasticsearch is just starting, and it cannot compete with Securonix at this time. So, the pricing of Securonix is pretty good for now.

We tried to evaluate some of the other products, but we decided to go with Securonix for the business part. It was easier for us to meet the needs of our clients related to calculations.

We evaluated LogRhythm. The first problem that we faced with LogRhythm was that it would have been pretty difficult for engineers to handle in terms of the user interface. As compared to Securonix, it was also very expensive. Securonix had most of the features or functionalities that we were looking for. We also evaluated Exabeam, and we had the same problem with the price and features.

It has somewhat reduced the amount of time we require for investigation. It hasn't probably helped in detecting advanced threats faster along with lower response times because there is this gap between the RIN receiving the information and then sending this information to the cloud. This gap makes it a little bit late as compared to other solutions. Other than that, it is good.

I would rate it a 9 out of 10.

We use Securonix Next-Gen SIEM to provide managed security services. We have an MSSP delivery model using the Securonix asset platform tool that delivers the solution to multiple customers using their multi-tenant approach. It is a shared service delivery model, and we have close to five customers using the tool in our MSSP model.

We get very positive responses from the customer regarding their lock management and storage.

The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features.

Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities. Other products have machine learning and AI algorithms that can trigger alerts automatically. This is a key feature that Securonix Next-Gen SIEM needs to be improved.

I have been using Securonix Next-Gen SIEM for three years now. We use the solution's latest version.

There are many integration issues. I rate the solution’s stability a seven out of ten.

I rate the solution’s scalability a seven out of ten.

We have worked with QRadar SIEM, Splunk, and Microsoft Sentinel. We use Securonix because we have a managed services model. 

We rely entirely on Securonix's production services for maintenance. They handle this, so we do not need to be involved in maintenance. In that area, I recommend this product. Overall, I rate the solution an eight out of ten.