For us, there are several valuable features.
- The ability to correctly parse the most number of products comparing to its competitors;
- The ability to create very complex scenarios to detect security risks and anomalies;
- Very stable system components (connectors, logger and correlation engine) combined with satisfactory vendor support; and
- The ability to create parsers for all kinds of applications and systems is an important differentiator.
Improvements to My Organization:
It greatly changed our work habits in the organization allowing us to not only trace back security threats, but also to generate usage trends, discover anomalies and so many other usages. It quickly became an indispensable tool.
Room for Improvement:
They can definitely provide faster search response and offer larger on-the-box storage support. The predefined correlation ruleset can be improved to cover more security alerts and more products.
There is also still room for improvement for processing speed. An easily accessible documentation such as reference architectures does not exist, more guidance can be provided to customer for such a complex product.
We've had no issues with deployment.
We've had no issues with stability.
We've had no issues with scalability.