We performed a comparison between Elastic Security and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Securonix has been praised for its effective support and timely problem resolution.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency.
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It has basic out-of-the-box integrations with multiple log sources."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The solution is quite stable. The performance has been good."
"Elastic Security is very easy to adapt."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The stability of the solution is good."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"The performance is good and it is faster than IBM QRadar."
"Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice."
"The solution has proven to be stable so far...The solution is easy to scale up."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"The most valuable feature is that it works on user behavior and event rarities."
"The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features."
"The user interface is easy to learn and navigate."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The solution should allow for a streamlined CI/CD procedure."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"We'd like better premium support."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"This solution is very hard to implement."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"The technical support of the solution is an area with shortcomings and needs improvement."
"When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated."
"Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
"It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. Elastic Security is rated 7.6, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and CrowdStrike Falcon, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Exabeam Fusion SIEM. See our Elastic Security vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.