Most Helpful Review
With a lot of data in one console, the time we require to investigate alerts and threats has decreased
Enables us to collect data from multiple different sources to be able to use it to prevent damages proactively
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at.
The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together.
The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case.
One of the most valuable features it has is the thread chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before.
The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do.
[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it.
The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus.
Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks.
The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them.
The most valuable feature is the ability to search through a large amount of data.
It is a solution that helps test and measure customer satisfaction.
A helpful feature would be an event export. A way to create more substantial summary reports would be nice.
Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along.
One of the things they can improve on a little bit is the usability side, to make some things simpler... The tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it.
We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that.
The initial setup was complex because some of the configurations that we required needed customization.
It could be easier to scale the solution if you are using it on-premise, not in the cloud.
There are occasional bugs.
Pricing and Cost Advice
We have an annual license. We pay $200,000 for the base licensing and we pay another $50,000 for the software as a service.
We have a license from our 5.0, so that license just continued. We paid them the extra cloud-hosting costs for a year which were about $300,000.
We went in on a three-year agreement which has an annual licensing fee, based upon the number of people that we're monitoring. There have not been any additional costs to the standard licensing fees.
There are additional costs associated with the integrator.
My biggest complaint is the way they do pricing... You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly.
I hope we can increase the free license to be more than 5 gig a day. This would help people who want to introduce a POC or a demo license for the solution.
out of 30 in User Behavior Analytics - UEBA
Average Words per Review
out of 30 in User Behavior Analytics - UEBA
Average Words per Review
Compared 20% of the time.
Compared 17% of the time.
Compared 12% of the time.
Compared 19% of the time.
Compared 16% of the time.
Compared 13% of the time.
Also Known As
|Securonix||Caspida, Splunk UBA|
SNYPR is a next-generation security analytics platform that transforms big data into actionable security intelligence. Built on a Hadoop big data security lake, SNYPR combines an open data model, log management, security incident and event management (SIEM), user and entity behavior analytics (UEBA) and fraud detection into a complete, end-to-end platform that can be deployed in its entirety or in flexible, modular components.
|Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics â for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.|
Learn more about Securonix Security Analytics
Learn more about Splunk User Behavior Analytics
|Dtex SystemsPfizerWestern UnionHarrisITG||8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia|