We performed a comparison between Arctic Wolf Managed Detection and Response and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two SOC as a Service solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable features are the SIEM and the ticketing function; the latter is very smooth and easy to read and understand. We don't have any issues looking at the ticketing information when we're trying to identify what's going on."
"Among the valuable features are the agent, continuous reporting, and dashboard. It has all the features we need and we haven't had to customize it, other than turning on certain features that we wanted."
"The most valuable part of Binary Defense is its team of cybersecurity analysts. Their analysts filter out the noise and only forward the critical threats that require a response instead of false positives."
"Binary Defense has a human service department that provides live monitoring for our systems."
"One of the main benefits of Binary Defense MDR is the ability to easily meet with their support team to discuss any issues we encounter."
"The case interface is Binary Defense MDR's most valuable feature."
"The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed."
"Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done."
"The product provides integrations with several different SaaS applications."
"This service makes answering audits much easier since it covers so many security best practices."
"They have a portal where you can evaluate and mitigate any vulnerabilities that you and your network might have."
"The agents give pretty good visibility into what is happening at the endpoint."
"Arctic Wolf is our eyes and ears 24/7 because we can't possibly watch all of our alerts. We may see all of these alerts, but our attention is distracted because we're working on other things."
"The tool's most valuable feature is its ease of implementation."
"The most valuable aspect of this solution is the managed detection and response component."
"The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"Expediting incident response is really great."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"The current reporting system could benefit from improvement."
"We found that an earlier version of the agent had high memory usage and that was a bit concerning, but we raised the concern with their support team and they immediately replied that they had noticed the same thing and had a candidate fix already available... it totally fixed the issue."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR."
"I would like to see more frequent check-ins with our security status."
"The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English."
"The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements."
"It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test."
"The implementation process could be a little more streamlined."
"I would like to see them build the ability to co-sell an EDR platform, manage an EDR or manage the actual response, potentially from the issues that are coming up from the security risks."
"It would be great if the whole process of determining vendor risk could be simplified by Arctic Wolf."
"While it isn't a regular occurrence, there have been some gaps in response to some support questions. Questions get answered, yet there are times it takes longer than I'm comfortable with."
"More integrations with various security tools to improve data ingestion would be beneficial."
"It's nitpicky; however, if it could integrate with more of our products, like our CRM, that would be ideal. They may only integrate with Salesforce. We use a different mid-market CRM."
"We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things."
"In the future, I would like to see a summary report."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
More Arctic Wolf Managed Detection and Response Pricing and Cost Advice →
Arctic Wolf Managed Detection and Response is ranked 1st in SOC as a Service with 17 reviews while Netsurion is ranked 3rd in SOC as a Service with 24 reviews. Arctic Wolf Managed Detection and Response is rated 9.2, while Netsurion is rated 8.4. The top reviewer of Arctic Wolf Managed Detection and Response writes "Very good support, excellent visibility, and useful security bulletins". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". Arctic Wolf Managed Detection and Response is most compared with CrowdStrike Falcon Complete, Huntress, Red Canary MDR and Microsoft Defender Experts for Hunting, whereas Netsurion is most compared with CyberHat CYREBRO and Wazuh. See our Arctic Wolf Managed Detection and Response vs. Netsurion report.
See our list of best SOC as a Service vendors and best Managed Detection and Response (MDR) vendors.
We monitor all SOC as a Service reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
