Awake Security Platform Review

Behavior-based machine-learning gives us high-fidelity, anomaly-based detections


What is our primary use case?

We use it primarily for network-based security and threat-hunting across the network.

How has it helped my organization?

We had an incident that involved a phishing email that came in. We were able to use Awake Security to detect everybody on the network who actually went to the website linked to by the phishing email. It allowed us to take care of the infection. Whereas before, we'd have to wait and base things around user self-reporting.

It also definitely helps us monitor devices used in our network by insiders, contractors, partners, and suppliers. Everything that moves across our network, exits or moves laterally across our network, is picked up by the Awake appliance. So if anybody's using a device on our network, it's captured in the appliance.

In addition, we use Awake Security to identify and assess IoT solutions. We don't have a ton of them on our network but we are a cancer research institution so we do have scientific instruments that are internet-aware and which get their updates across the internet.

Finally, it provides us with better situational awareness. I would say there has been about a 50 percent increase there.

What is most valuable?

  • I really enjoy the query language on it. It makes it very easy.
  • The dashboards and displays are very intuitive.

The query language makes it easy to query the records on the network, to do searches for the various threat activities that we're looking for. The dashboard, the Security Knowledge Graph, displays information meaningfully and easily. I am able to find the information that I want to find pretty quickly.

Also, the data science capabilities of the are great. We aren't currently using it, but the behavior-based machine-learning that they do incorporate is really impressive. It's the primary reason why we picked up the product. It gives us a high-fidelity, anomaly-based detections.

What needs improvement?

I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it. I'm conversant with the query language, but if I put it in front of somebody else they have difficulty in learning how to address the query language. That is the biggest area of room for improvement. They should push it more into a natural language style as opposed to a query language.

For how long have I used the solution?

We installed it in January of this year, so we've been using it for about eight months now.

What do I think about the stability of the solution?

It's extremely stable. We have only had one minor incident which had to do it with an update. But it's very stable.

What do I think about the scalability of the solution?

We're only using one appliance now, but it seems extremely scalable. We have plans to increase our usage of it. Within the next year, we are going to roll Awake appliances out to our remote sites as well.

How are customer service and technical support?

Technical support is very responsive and quick to get things done. Any problems I have had with the product, they're usually contacting me about them as opposed to me contacting them. They're very proactive.

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was extremely straightforward. Basically, we just plugged it in and it ran. It's an appliance, so racking is what actually took the longest. It took approximately an hour, at most.

We first started deploying it on the edge, as a PoC. We deployed it for traffic entering and exiting our network, on the edge. Then we expanded it out to traffic that's moving laterally.

What about the implementation team?

We did not use a third-party.

What was our ROI?

We have seen return on investment but we don't really have the data points around that yet. It's kind of hard to quantify data points with a network security appliance. But we had zero visibility into our network before and so now we have visibility into our network.

What's my experience with pricing, setup cost, and licensing?

The pricing model is an annual subscription. There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

We evaluated ExtraHop. There were two reasons we went with Awake Security. First, we really liked the artificial intelligence aspect of Awake with its behavioral modeling. And second, honestly, was the price. It was cheaper. We were impressed by them at the RSAC Innovation Sandbox. That's where we initially made contact with them.

ExtraHop is a standard network security appliance. The machine-learning within Awake is what sets it apart.

What other advice do I have?

Make sure that you have a strong networking team in place before you buy the product, because otherwise you may have issues with the TAP aggregation. The product itself will go in quickly and easily.

We don't have the solution's encrypted traffic analysis in place because we aren't doing the decryption at the edge. But it does allow us to see the size of data, and allows us to detect external exfiltration pretty easily.

As for the false-positive rate, I haven't done the math. It's decently high because our network situation is a bit weird. But it would be about the same on any other solution.

We have one person, our Security Engineer, servicing it and maintaining it on our side. Awake maintains it on their side as well. In our environment, we have between 2,500 and 3,000 people, usually.

I would rate it at about eight out of ten. It's a matter of scale. For me, ten means it pretty much mitigates all risks for you. So it would be next to impossible to get a ten, from my perspective.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Try Awake Security

Schedule a Demo and See it in Action

Add a Comment
Guest
Sign Up with Email