We use it for information security.
We use it for information security.
It's helped identify risky and/or malicious behavior that otherwise would probably have been overlooked. An example would be flight-risk behavior, meaning employees who are planning to leave the firm and/or who are possibly exfiltrating data. It has identified alerts or threats that would not have originally been identified.
While I wouldn't necessarily say it has surfaced high-risk events that require immediate action, but it has surfaced events that require action.
The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."
Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.
There is room for improvement in the product's integration with ServiceNow and in the reporting features.
The solution's stability has improved over time. Early on, we had issues with stability, but over the last three to six months, it's been relatively rock-solid.
My understanding is that it's scalable, but I don't get into that piece.
Technical support is fairly good. I meet with them on a weekly basis. I give them any concerns, issues, use-case changes, etc. Usually, the following week, they have fixed whatever needed to be fixed or enhanced things according to my requests. It's an acceptable turnaround time, for the most part.
We did not have a previous solution.
I believe it was Securonix themselves who did the deployment.
We're probably approaching the break-even point.
The only other solution that I believe we looked at was Splunk's UBA. It wasn't Splunk at the time and it wasn't mature enough at the time.
I'm not an engineer, I'm a consumer of the tool. It's doing what it's been asked to do. It's really all about use cases and having the data. You have to have your use cases well-defined and make sure you can feed Securonix the data. You should definitely do a PoC. Never buy anything without checking it out first.
I wouldn't say the solution's behavior analytics has helped to prioritize advanced threats.
Regarding the Hadoop piece, I would compare it to the way I drive a car. I put gas in it and I don't care what kind of engine is in there, how the engine works. I just turn the key and the car starts.
The users are our security operations team, which has about a dozen people. We use it on a day-to-day basis. We'll increase the use cases.