What is our primary use case?
We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints.
For some customers, we manage everything, while for other customers we only monitor their critical devices.
We are using an on-premises deployment model.
How has it helped my organization?
This solution helps us to provide services for our clients and integrates well with their other technologies.
What is most valuable?
The most valuable features of this solution are the logging and the dashboards.
This solution integrates easily and very well with other technologies. We are creating custom connectors for some of the technologies that our customers are using.
What needs improvement?
We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version.
I would like to see the Active Response function enhanced.
For how long have I used the solution?
I have been using this solution for about eighteen months.
What do I think about the stability of the solution?
The stability of this solution is good. So far, we have not faced much downtime. The issues that we are currently experiencing, moving versions, did not happen the last time we upgraded. This is really the first trouble that we have had.
What do I think about the scalability of the solution?
This solution is very scalable.
We have four or five customers that we are performing monitoring for. Their user-base varies, with some having fifty users and some having more than one thousand users.
We do plan to increase our usage and have had meetings with McAfee as a partner. We would be offering this solution exclusively to our clients.
How are customer service and technical support?
Technical support, as well as their online knowledge base, has helped us a lot. However, our current issue with respect to not being able to add new data sources was reported two weeks ago and it has not yet been resolved.
I think that technical support can be improved in terms of providing quicker resolutions to problems.
Which solution did I use previously and why did I switch?
We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the customer. Splunk is a little bit expensive.
How was the initial setup?
The initial setup of this solution is easy. There is no problem with it.
Our deployment took about one week. It involved upgrading to the new version and adding the data sources. Integration of the new devices was not complex.
Two people are required for the deployment, with one being from our side and one from the client's side.
What about the implementation team?
We hired consultants to assist with our deployment. We have had a good experience with them and they are still supporting us to deal with any issues or errors.
What's my experience with pricing, setup cost, and licensing?
The cost is dependent on the customer's environment and requirements.
Which other solutions did I evaluate?
We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies.
We spend time evaluating each customer's business model and offer them the appropriate solution.
What other advice do I have?
From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others.
I would rate this solution a nine out of ten.
Which version of this solution are you currently using?
10, Moving to 11.2