What is most valuable?
The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it.
It's good at security logging in our infrastructure but not really application logging.
For how long have I used the solution?
We have been using Exabeam for a few months.
How was the initial setup?
We had RSA earlier, we were a mature client, we had a big bang kind of start. Exabeam was really prepared there. We had some issues that we were able to sort out. They sent very experienced engineers to help us with the issues we had. Now we have a technical account manager. We are very pleased with it. Now, it looks much better but it's a large implementation. If you have a large implementation with lots of data you can expect a few issues and problems. If you start off with a small implementation then it would be a different story. We started off with loads and loads of data that we wanted to ingest. After a couple of months, things look a lot better.
Which other solutions did I evaluate?
We did a POC with Splunk, IBM QRadar and Securonix and we came to the conclusion that Exabeam was the best option for us. Everybody knows that Splunk is the top product but it's very expensive. The price model is based on the volume of logs of data that you process in the system. It's very unpredictable and expensive compared to other products.
What other advice do I have?
We reviewed four different vendors but before we did the evaluation, we took a deep look at our use cases to understand our requirements so we would know the expected use cases and requirements on the system. It's important to know what you want to use it for. For us, it was about security use cases. If you are a new customer, you should think of the use cases that you have. All of the vendors we evaluated were good but Exabeam has a very good price model. That's where they win when they compete with Splunk, for instance. With Exabeam, you're not restricted to the log volume. You can add as much as you like. The only limit is the hardware. At some point, you may need to extend the hardware. We have plans to increase usage.
I would rate it a seven out of ten.
We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with. That's where they could try to improve their services. We had some issues. Some of it was due to our own load balancing problems that caused a few issues. But if they had had their expert guys on-site they would have found the error much earlier. They didn't have their best experts so I think we lost a big of implementation time. I would've expected more attention on their side. They created tickets but that wasn't the way to work. When you start a large implementation, they need to have their experts on-site as opposed to opening regular tickets. They need to be on-site to fix the issues. They sent very good technical experts after a few months and it only took them half a day to figure out the issues and after that, it worked very well. Our account manager is very senior and we are very pleased with him.
They've been very professional during the POC. We had ongoing commercial discussions.
Which deployment model are you using for this solution?
Find out what your peers are saying about Exabeam, Splunk, Securonix Solutions and others in Security Information and Event Management (SIEM). Updated: June 2021.
509,820 professionals have used our research since 2012.