Securonix Security Analytics Review

With a lot of data in one console, the time we require to investigate alerts and threats has decreased


What is our primary use case?

Data loss protection and account misuse are our primary use cases. We're utilizing it to help identify and correlate user behavior to identify potential data loss as well as to detect certain types of fraud.

How has it helped my organization?

The behavior analytics of Securonix has helped to prioritize advanced threats for us. We're still working through it, but it has helped. For example, it enables us to customize widgets, risk scores, and dashboards to identify what we want to see and gives us the ability to base the risk score on our business model and what we consider to be a high priority.

While we would have detected the threats that we do without the solution, it helps us have a central point to manage and detect those threats. It would have taken a little bit more work or additional tools to identify them after the fact. For example, it helps us in identifying and detecting fraud in the early stages.

The solution has decreased the time required to investigate alerts and threats because a lot of the data is in one console. We're not having to go to three or four different consoles. It also helps to surface high-risk events that require immediate action, such as identification of penetration testing.

What is most valuable?

The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case.

The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate.

What needs improvement?

Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along.

I think they have fixed the encryption piece and they have supposedly fixed training. I haven't seen the new training modules yet. The reporting and metrics will be improved in the next release, from what I understand.

For how long have I used the solution?

I have been using Securonix for two years.

What do I think about the stability of the solution?

The solution is very stable. We haven't had any issues.

What do I think about the scalability of the solution?

We were able to increase it. It's scalable, but with some work on-prem; we're not cloud. But it is scalable. The issues were mostly from our environment: networking and support.

My team only is the only team that's using it and it's one hundred percent part of our daily functions. We have plans to increase usage, and extensively. We're about 50 percent of the way to where we want it to be.

How are customer service and technical support?

Technical support is excellent.

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution.

How was the initial setup?

The setup was complex. The data mapping was complex because of our own structure and environment. From start to finish, it took us about three-and-a-half months before we went to production.

In terms of an implementation strategy, we worked with Securonix to develop a statement of work and we followed that. It included development and identification of data sources, implementing or ingesting those data sources, and applying use cases to those data sources as we fed them in.

What about the implementation team?

Securonix helped us to deploy the solution. Our experience with them was very good; excellent.

What was our ROI?

So far we have seen ROI. We would like to see even better ROI. 

What's my experience with pricing, setup cost, and licensing?

We pay yearly.

Which other solutions did I evaluate?

We did a PoC between two solutions and we chose Securonix. The other solution was Exabeam. One of the reasons we went with it is that someone had used Securonix at a different company. The scalability, the interface, and the results that it provided were also factors in our decision to go with it.

What other advice do I have?

The biggest lesson we have learned from using Securonix is to start small. Don't throw everything at it. Start with one single use case and build out. Don't throw all the use cases into it at once. Otherwise, it's too much work, you get flooded with too much data, you can't focus on what's important, and you can't clean it as quickly. You can clean it, but it will take a lot of time.

My advice is to go with the cloud solution and, as I said, start small. Don't try to ingest everything at once. And don't create use cases for everything under the sun.

Because we're on-prem, we've had to both focus on threats and on the engineering of the platform. They provide support, but we still have some engineering overhead on our side.

We have five users using it and they're all investigator-analysts. We deployed with the help of four people who are security engineers, and maintenance is pretty much done by the two Securonix support people we have.

Overall, I would rate Securonix at eight out of ten. We're still going through it, developing, learning, and we find issues.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email