What is our primary use case?
We're utilizing the solution more for security validation, mostly with our data and email measurements. That's really the use we're looking at. Nothing more than that, as their compartments are so segmented so that the usage that we're using for each tool is very segmented as well.
How has it helped my organization?
We were able to validate a lot of our incidents and validate a lot of our data as well as our security instances. We can really wipe out the noise. It allows us to have better, more succinct alerts. It also has allowed us to have to react less. We have to react to fewer alerts due to security validation. Fewer alerts are also triggered.
What is most valuable?
The fact that it was written by Mandiant, which we know is a good company, is very valuable to us.
The solution is constantly updating. Their data and security validation are cutting-edge. Really, it's the driving factor for us. We thought it was a unique tool when we first came across it. We thought it was a value-add - and to this day it still is a value-add in our company. We're very happy with the application.
What needs improvement?
The integration engine needs to improve. We try to integrate it with other tools, especially with Splunk or with the MyDLP engine, and even with Microsoft Exchange. As much as they tried to make it seem like it was easy, it wasn't easy. There was a lot of stuff that we had to do that we ended up having to do via an API or something special for a new case. That's a big issue for me. Integration is daunting. It leaves a lot of room for failure and frustration.
There are just little nuances that make everything difficult. You're supposed to be able to flip this toggle thing here, and you're supposed to be able to get the feedthrough from Splunk. Then, from there everything should be perfectly fine. However, when you find out it is not perfectly fine and you find out that it's because this thing isn't necessarily correct, you have to do an update on it or they have to update their file to make it work correctly.
It's very small, minute things that aren't quite right. It's not something that you can really pinpoint. There's a lot of nuanced issues. It the nuanced technical issues that you would notice once you cross its path. It's not one of those "Hey, this is something I would know off the top of my head." They are very small nuance issues that make you say "Oh, well I guess we've got to go and change this thing now." You get this with certain tools - mostly with Mandiant tools more than anything else in general. It's one of those Mandiant quirks that still carries on and persists to this day - even with this tool.
For how long have I used the solution?
We've been using the product for about a year or so.
What do I think about the stability of the solution?
The stability is perfectly fine. The performance of the tool is perfectly fine. We're not running the full spec. We're running half a spec and we're running perfectly fine. It's stable as long as you maintain it - just like any other tool out there. As long as you're maintaining it, it'll be good.
What do I think about the scalability of the solution?
In terms of the scalability of the solution, the solution should be fine. It's validating based on data. The company I work at, we validate a lot of data. It goes through a lot. Our Splunk licenses are roughly about three terabytes a day right now, and that's being verified. We're getting easily about three terabytes of emails a day and that's been verified, too.
We have a total of maybe four users and three out of four are analysts. One is a manager for MSI.
We don't have plans to increase the usage of this tool. I would say it's quite an extensive usage already as it's going through and seeing a lot of data right now. It's doing a lot of validation right now. I don't plan on moving it forward, however, it's a pretty good tool so far.
How are customer service and technical support?
The solution's technical support is awesome. They are very responsive. Mandiant's technical support is extremely responsive. We never complain about that.
Which solution did I use previously and why did I switch?
We didn't use a different solution previous to this one.
How was the initial setup?
I was not part of the implementation. I was part of the process of thinking of buying it. Once we bought it, the implementation went to a different team.
That said, the integration with other tools would be part of our team, and that's where we run into issues. That part is difficult.
There is very little maintenance on my part. It's mostly whatever the ITT needs to do to keep it maintained and updated.
What was our ROI?
We enjoy the tool a lot. We like it and we're still using it. We're on a year-to-year contract. We are spending every year. We're happy with it. I don't see us ever getting rid of it, so long as they keep on updating it and maintaining the way everything works.
What's my experience with pricing, setup cost, and licensing?
I wasn't involved at the very end when it came to the discussion of pricing. At the time of the pricing of the solution, it's my understanding that the pricing model that they had for this solution was interesting. I thought it was fair. It was market value. What a market would normally say for a normal security tool that does stuff like this. It's expensive, however, in the industry, it's not unexpected.
Which other solutions did I evaluate?
We didn't evaluate other solutions before choosing this product.
What other advice do I have?
We use the SaaS offering for the solution.
There wasn't a primary reason we needed this tool. We saw the tool and realized that it was a value add and we decided to invest.
We brought in the product and we did the POC first. We got to play around with it and our infrastructure and IT teams as well as our CISO and our CTO were very open to making amendable changes.
This solution is a solid seven out of ten. The product has room for improvement, however, it's a solid product. I like it. The feedback it provides is pretty damn good. The way it breaks everything down makes a lot of sense to me. It just makes life a lot easier.