Securonix UEBA delivers powerful user behavior analytics with intuitive dashboards and advanced threat detection algorithms.
| Product | Mindshare (%) |
|---|---|
| Securonix UEBA | 2.7% |
| Exabeam | 8.8% |
| IBM Security QRadar | 7.4% |
| Other | 81.1% |
| Type | Title | Date | |
|---|---|---|---|
| Category | User Entity Behavior Analytics (UEBA) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Securonix UEBA vs Exabeam | Jun 23, 2026 | Download |
| Comparison | Securonix UEBA vs One Identity Safeguard | Jun 23, 2026 | Download |
| Comparison | Securonix UEBA vs IBM Security QRadar | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| IBM Security QRadar | 4.0 | 7.4% | 91% | 218 interviewsAdd to research |
| Varonis Platform | 4.2 | 4.4% | 95% | 20 interviewsAdd to research |
Securonix UEBA aggregates diverse use case data into organized dashboards, visualizing trends and enabling cross-organization comparisons. Advanced algorithms detect insider threats and anomalies, ensuring comprehensive user activity visibility. Continuous enhancements through new policies and custom rules support thorough monitoring and investigation, while cyber analytics algorithms differentiate it in the market. Improvements are needed in algorithm enhancement, integration with EDRs and packages, and reporting emphasis.
What are the key features of Securonix UEBA?Organizations use Securonix UEBA in insider threat detection and behavior analysis, assisting in lateral movement, ransomware, and malware detection. It's used for network traffic observation in scenarios such as data exportation by contractors or abnormal account access, typically in appliance-based setups within data centers, offering thorough user threat notifications and behavior analysis tailored to industry needs.
Securonix UEBA was previously known as Securonix User and Entity Behavior Analytics.
| Author info | Rating | Review Summary |
|---|---|---|
| Regional Channel Manager at i2sBusiness Solutions | 4.0 | My primary use for Securonix UEBA is user threat notification and behavior analysis. It excels in insider threat monitoring and AI-based analytics, although integration with other tools needs improvement. ROI typically materializes within a year, demonstrating good value for money. |
| Executive Vice President,Global Head at a tech vendor with 10,001+ employees | 4.0 | No summary available |
| Lead Security Engineer at a tech services company with 1-10 employees | 4.0 | I use this solution primarily for behavioral analysis, finding its UEBA feature very valuable. It's stable and scalable, with straightforward setup and comfortable pricing. My main concern is reporting, which needs improvement, and customer service is average. Overall, I rate it 8/10. |
| Principal Member of Technical Staff at AT&T | 5.0 | I use Securonix for insider threat detection, gaining crucial visibility into behaviors and reducing investigation time by 30-40%. Its comprehensive algorithms, intuitive dashboard, and excellent support make it highly stable and scalable, providing great ROI despite complex setup. |
The most valuable features of Securonix UEBA include insider threat monitoring, which provides complete visibility of user activities, and next-gen AI-based behavior analytics. The customizable UEBA-based analytics dashboard is highly effective and covers most use cases from a UEBA point of view.
The integration with other tools, like EDRs and other technology tools, can be improved.
I would rate the stability as eight out of ten.
Securonix UEBA is very much scalable. I would rate the scalability as eight out of ten.
The support system is not very good as of now. They have a local support team based here and in India.
Positive
The initial setup is very easy to prepare. I would rate the setup as eight out of ten.
Customers definitely see the value of money. It usually takes around one year to see a return on investment, depending on the customer's environment.
The cost is approximately $50 per user per year. The pricing is reasonable compared to other solutions.
I recommend using Securonix UEBA as it reduces the time for deployment and offers a customizable UEBA analytics dashboard covering most use cases.
Overall, I would rate Securonix UEBA eight out of ten.
Securonix UEBA is used for lateral movement detection, ransomware detection, multiple malware detections, user activity monitoring, and behavior analysis.
We have completed a large number of additional use cases based on specific effects and commitment.
Their user and entity behavior analysis algorithms are the most valuable features. I believe, the cyber analytics algorithm is the unique differentiator.
The built-in algorithms for detecting anomalies and threats.
When compared to others, if you look at the integration aspect, I believe that some aspects of integration can be enhanced. There are numerous other integrations with various packages that are possible.
I have been working with Securonix UEBA for almost seven years.
The stability of Securonix UEBA is good. We have not had any problems.
In terms of scalability, we tested 180,000 events per second with no problems.
It is not calculated based on the number of users. In terms of scalability, we calculate security platforms based on events per second. It can be one of the factors, but it is not the determining factor for scalability. Scalability is determined by the number of events that can be processed per second.
When looking at enterprise users who are connected to the SOC. An organization can have 100,000 employees, contractors, or staff, but that is not how the same solutions are allocated.
In that organization, based on assets, end users, endpoint network devices, and so on and so forth, the result will be events per second. In terms of the same tool usage, the same tool or Securonix tool will be used only by the number of SOC analysts who are monitoring the entire environment. Nobody else uses it.
The data for all employees and staff in that organization is consolidated. That is one way of looking at it, and it is not proportional. The number of employees and security events per second is not a direct correlation factor.
We are an MSSP. We use it based on the needs of our customers. We are not using it for our own internal purposes.
Based on our customer's requirements we deploy it.
As platinum partners, we have excellent technical support. We have had no issues.
We are using other log management tools such as RSI, IBM, Splunk, and ArcSight but not LogRhythm, or ELK.
We haven't used the NTA solution in a lot of places because it comes with Corelight. We've used it a few times, but that is not the quote. For the NTA, we use different packages.
We haven't used the SOR solution yet. We're looking into it right now and will make a decision later.
The initial setup is not simple, but it is also not complicated; it is medium.
It will be determined by size. Securonix will be used by 30, or 40 analysts who monitor and manage the cyber environment.
There will not be thousands of people logging into Securonix because no one logs into Securonix UEBA. Only the SOC analyst will have access to Securonix.
We are global system integrators for all these products.
ROI is evident. The ROI is there from cost optimization and everything else. However, it is dependent on how you deploy it, engineer it, and provide the necessary automation.
I would rate it a three out of five.
When compared to other solutions, it is less expensive.
It is a good tool. They can evaluate based on their business use case and requirements, and it will work.
I will rate them based on their scalability, flexibility, and adoption, as well as their specific analysis of threat detection via behavioral models. And, of course, there's the price. It is less expensive than the others. also deployment simplicity, it's simple to set up. It's not difficult.
We are partners as well as resellers.
I would rate Securonix UEBA an eight out of ten.
We are using the solution for behavioral analysis of the users and behavioral analysis of network traffic. For example, if we know that there is an IP address that keeps reaching out, we confirm it with the client, put that in behavioral analysis and say, "Okay. This is a regular behavior." It's not going to trigger us if they reach out to a certain threshold. If that IP reaches out to over that threshold, then we are going to tell the client, "Something seems to be wrong over here. This machine does not go to that IP address a lot, but this is going on a lot today."
From a behavioral analysis perspective, the use cases are data exportation by contractors, by determination, account accessing, removal of media.
The version we are using is SNYPR.
One of the most valuable features is UEBA. It's pretty helpful for us to make sure of our thresholds for any of our clients. Another great feature is how Investigation Workbench works with all of the user analysis.
They are continuously improving things. They keep putting new policies and new rules as well as updating the old ones.
The area that needs improvement is reporting. They don't focus on that area enough, but everything else is good.
We have been using this solution for a year and a half.
It's stable but every product has ups and downs. Sometimes it gets extraordinarily overloaded because sometimes I push billions of events in an hour. It takes a little bit of time to run the analysis, but it is pretty stable in the back end.
The solution is scalable.
I deal with their tech support on an almost daily basis. I would give it a 6 out of 10.
I have also used Loglogic and LogRhythm, which is not a good tool. I prefer Splunk. Securonix is my second choice. Third would be QRadar, and my fourth choice would be AlienVault.
We are not currently using Splunk, but we are considering them to be our secondary SIEM.
Setup is pretty straightforward. If you are going to set up everything on the back end, on cloud port and everything, then they're going to send you a forwarder package. You just install that on the VM and get going from there.
It's pretty easy to maintain if you go through the documents.
Their pricing is pretty comfortable. They will work with you on the cost.
I would give this solution and 8 out of 10.
Make sure that you get the training properly and get a hold of the correct people so that things are done properly. Don't try to find a way in the middle.
We use it for insider threat detection. It's appliance-based in the data center.
Previously, we did not have visibility into some of the behaviors until we had this tool. Only then we were able to surface those behaviors. An example is that people can log into VPN at night from another country - people actually do that all the time - and that's the leading cause of a credential compromise scenario. We did not have visibility into that before so we couldn't figure out what was going on there to come up with a mitigation plan. Now we can make data-driven decisions to mitigate that vulnerability.
Securonix has enabled our team to focus on threats rather than on engineering of the platform. Algorithms deliver through the program platform. We just go into the system, point and click and pick and choose algorithms that are needed to satisfy the use case. So we don't have to write any code. We don't have to write any customizations.
The solution has also decreased the time required to investigate alerts or threats because we don't have to sort through or do the log analysis. We don't have to look at individual log entries to figure out what's going on. Now, the system has ingested the data and it has derived intelligence from those raw records. They're visualized and assembled on the timeline and presented on the dashboard. You can imagine how much that's going to save an analyst's time in investigating or knowing what's going on. And in some cases, it's even night and day, meaning it has gone from impossible to possible. In those cases the amount of decrease in time would not even be applicable, for good reason. In other cases, the time it saves us is approximately 30 to 40 percent.
Securonix UEBA also helps to surface high-risk events that require immediate attention or action. It gives us the ability to prioritize the risk. That is a focus in the design of the platform. There are many ways it allows users to prioritize the risks that are very important, per that organization's threat landscape. It's either done through re-scoring boosting or you can craft a segregated dashboard to focus on something. You can also have a targeted user-list on which you want to focus the monitoring. There are many ways to pick and choose and combine to meet our prioritization requirements.
The solutions Hadoop-based platform has definitely also provided operational benefits. We talk about the "three V's," the challenges in dealing with big data. Data is high in volume, it changes all the time - the loss is very high - and it can be unstructured. By basing the platform on the Hadoop big-data platform, versus a single SQL database, it definitely meets the requirements for monitoring.
The aggregation library is definitely very comprehensive. It covers a lot of use cases.
Also, the feature dashboard is very well organized and intuitive to use. It organizes information on a timeline which is exactly what we need for insider threat future-analysis.
Data insights are where we can not only look at items but can visualize the activity trends over a period of time and compare them across organizations. That's very useful for us.
The algorithms surface the exact indicators that we need for the purpose of insider threat detection. That is something that we have not always found is the case with other vendors we have evaluated. We consider cyber indicators as part of insider threat detection. We don't look at them in silos. We correlate them and look at them from a holistic point of view. The algorithm for surfacing those relevant indicators is very comprehensive. We almost find everything we need to surface the indicators we want. We're very impressed with that.
There is room for improvement in the algorithms. Although I said that we have a very solid starting point - our existing library is already very comprehensive - we constantly find areas where we need to develop new algorithms. That is common across platforms. Any vendor with a solid starting point would still need to continue to evolve. That's where customers can help by giving them feedback about their challenges and asking for help in addressing them. That will help to roadmap and mature the product itself.
Securonix is very stable. We do encounter error scenarios here and there in different jobs but, to a large degree, that's because our demand is very high. Our data volume is very high and it fluctuates. That goes back to the "three V's" of big data, but that said, the platform is very stable.
Because we're based on clients, scalability is horizontal. It's up to us to how much we want to scale up. There's no limit to that. It's just adding nodes to the cluster or even adding additional clusters to the deployment. Moving to the cloud, we expect that's going to be even more flexible. We want scaling to be on-demand and it's only going to improve. We do not see scaling as a limiting factor in any way.
We definitely have plans to increase usage of the solution because business acquisitions keep happening. That has happened for the last two or three years within our company. Our monitoring inquiries are going to increase, based on that.
On a scale of one to ten, I'll give Securonix tech support a ten. They're extremely knowledgeable, they're able to flex, and they're dedicated. AT&T as a client is very demanding. Our scale is large, our complexity is very high, our data is very complex.
Prior to Securonix, we didn't have a tool whose mission was insider threat detection.
We went with it primarily from the algorithm perspective. Some vendors claim they're doing behavior analysis but they're not really looking at it from the perspective that we want to look at it. For example, we want location anomalies, time anomalies and the like. We worried about non-mature indicators and nobody was worried about those, they were worried about entities. Securonix is very comprehensive in those algorithms. We didn't have to develop new algorithms, it was just plug-and-play. And how wonderful was that? That was a critical success factor for us.
Another success factor was that it made the job easy for the analysts. The visualization, the dashboard, the timeline. You would think those would be natural requirements for a platform like this but not every player was able to give us all that. Securonix definitely stood out from those perspectives.
The initial setup is complex because we're talking about a very complex technology. Our hardware detectors are very complex and our deployment is large-scale. The number of clusters and the number of nodes of each type in the clusters is huge. And we have to synchronize between elements and make sure the service runs from end-to-end so it's not a trivial job. But that's not unique to this vendor. It comes with the technology itself. Anything that's based on big data or that involves algorithms, that involves data ingestion, would be that complex at that type of scale. Our process is very unique.
In terms of implementation strategy, we definitely wanted to get close on the first shot. For example, the platform comes with out-of-the-box algorithms. We considered them as the starting points for us. By enabling them with their initial conditions we were looking to strike close on that first shot. Then, we looked to get exact in the second step. In that step, we looked at maturing of the content and we wanted it to be guided by our clients. At that stage our threat clients could come to us and be exact with how they wanted those conditions, the algorithms, to be. We then took that into our content maturing process to get it exact for them. It was definitely a phased approach.
Securonix helped with the deployment. They were very knowledgeable and were able to pivot. Each client deployment scenario would be slightly different. There was no one-size-fits-all strategy or solution. But they were able to pivot based on our unique challenges.
For example, we were on Hadoop and then we moved Cloudera, which was a unique AT&T requirement. They were still able to integrate with that environment quickly. They're knowledgeable and they're able to flex, and those were very critical success factors for us.
We have definitely seen return on investment. We have a good contract with them in terms of monitoring as we have unlimited licenses.
We evaluated a bunch of them, some of the well-known ones like Exabeam and IBM QRadar. They're big players in the space.
The biggest lesson I have seen from using Securonix is that you should never underestimate how complex and large scale a client deployment could be. Prior to Securonix coming to us, they had huge success in different sectors with big and small companies, until they had us. We were a challenge. We have successfully overcome the challenges and proved they're the best. But everybody who went through that process learned a lot about never underestimating how complex a client can become and how demanding they can be.
My advice would be to consider Securonix. You can horizontally compare competitors across the space but really pay attention to what they can offer. That's how they impressed us when we compared. Sometimes you can't tell the difference until you compare different varieties of apples. Sometimes, when we asked the same question to five vendors, four of them didn't even understand what the question meant. That was an indication in and of itself and showed the difference. So pay attention to this player and compare them against others. That's going to make you more confident. Don't pass over this one.
Within our company, the number of users who are using the platform to monitor threats and develop content is less than ten people. It's a very controlled user group because of the sensitivity of the user data and the activity data within the platform. We have a dedicated team within the chief security office called the Insider Threat Program Team. They are responsible for operational monitoring, keeping the system up, developing content, and responding to the findings. They do all things connected with the platform. But the platform itself monitors a user-base of 600,000 people.
In terms of deployment and maintenance, we have two people from our group who are leading that effort but in the background, with regard to the data center deployment, there are a bunch of people supporting it from that perspective.
We don't use their cloud monitoring functionality but we are interested in that area too.
Overall, I would rate the solution at ten out of ten. There have been a lot of challenges, but the more we face challenges and I see how we work through them, the more confident we are in this product.
