Securonix Security Analytics Review

Identifies threats that would not have otherwise been identified, but needs better integration with ServiceNow


What is our primary use case?

We use it for information security.

How has it helped my organization?

It's helped identify risky and/or malicious behavior that otherwise would probably have been overlooked. An example would be flight-risk behavior, meaning employees who are planning to leave the firm and/or who are possibly exfiltrating data. It has identified alerts or threats that would not have originally been identified.

While I wouldn't necessarily say it has surfaced high-risk events that require immediate action, but it has surfaced events that require action.

What is most valuable?

The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."

Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.

What needs improvement?

There is room for improvement in the product's integration with ServiceNow and in the reporting features.

For how long have I used the solution?

We've been using this solution for close to two years.

What do I think about the stability of the solution?

The solution's stability has improved over time. Early on, we had issues with stability, but over the last three to six months, it's been relatively rock-solid.

What do I think about the scalability of the solution?

My understanding is that it's scalable, but I don't get into that piece.

How are customer service and technical support?

Technical support is fairly good. I meet with them on a weekly basis. I give them any concerns, issues, use-case changes, etc. Usually, the following week, they have fixed whatever needed to be fixed or enhanced things according to my requests. It's an acceptable turnaround time, for the most part.

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution.

What about the implementation team?

I believe it was Securonix themselves who did the deployment.

What was our ROI?

We're probably approaching the break-even point.

Which other solutions did I evaluate?

The only other solution that I believe we looked at was Splunk's UBA. It wasn't Splunk at the time and it wasn't mature enough at the time.

What other advice do I have?

I'm not an engineer, I'm a consumer of the tool. It's doing what it's been asked to do. It's really all about use cases and having the data. You have to have your use cases well-defined and make sure you can feed Securonix the data. You should definitely do a PoC. Never buy anything without checking it out first.

I wouldn't say the solution's behavior analytics has helped to prioritize advanced threats.

Regarding the Hadoop piece, I would compare it to the way I drive a car. I put gas in it and I don't care what kind of engine is in there, how the engine works. I just turn the key and the car starts.

The users are our security operations team, which has about a dozen people. We use it on a day-to-day basis. We'll increase the use cases.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email