We had a company that did some network monitoring, but we were unsatisfied with their detections, and they were not responsive. 

We used a competitor, Tripwire, to Netsurion for a few years prior to moving over. We found it very difficult to configure and maintain for doing in-house work. This was prior to managed services.

We switched from Tripwire to Netsurion because of cost and complexity. Tripwire was a good bit cheaper than Tripwire. With Tripwire, we needed a third-party that helped out with making changes to it and adding additional endpoints. It just was a very complex system to set up and watch, so we made the change after being with Tripwire for a few years.

We initially just did log management within, watching the logs ourselves. They set up the system for us. We were getting reports out of it every day and trying to look at what we thought was important, but ultimately it just proved to be too much for us internally with a staff of three.

In our case, it was almost like we had an event management platform before with Tripwire, but we still didn't fully understand what could be done with it. You couldn't come ask me what I want to do with it. I don't even know what it did because we are just general purpose IT people here. We are not experts in this field.

We did not have a previous SIEM. That was a very big push for us. We realized how little we had in the way of eyes on all of our products, unless we did a manual, individual triage. And even then, it was pretty limited. We knew we had a huge blind spot by not putting in a SIEM. It's been phenomenal for some of the small incidents that we've had crop up. It's been fantastic.

I did not previously use a different solution. I jumped to this product right off the bat.

We had an antivirus, firewall, and malware previously, but we didn't have a threat management system before Netsurion. 

The 24/7 monitoring and alerting has been a huge step up, given that we didn't have anything before. This was our first step into having an enterprise-level security threat monitoring system in place, which was a huge step forward as they provide actionable threat intelligence. The next step would have to be something that can take some sort of action.

The MITRE ATT&CK Framework wasn't something that we were aware of when we started with Netsurion. Our remote management system has MITRE scanning and mitigation measures as well. While Netsurion hasn't identified anything, it is still nice that it is there.

We were collecting event logs into our RMM product that we used to patch and maintain our systems, so we received alerts that way. However, it was all emails, and we'd have to sift through it to decide where the problems were and what was happening. It was more reactive compared to what we're doing today with Neturion. We can be more proactive because we know where the patterns have been in the past. We know what we're seeing, we have a better idea of where to place our assets strategically, and we know how to protect those assets.

We did not have a previous solution. We do annual audits, and the lack of a SIEM showed up in one of our audits as a piece that we needed to start investigating, four or five years ago. We knew that issue was coming. We were too busy dealing with some other things, but when it showed up in the audit, we pushed it up the priority food-chain. We weren't really having any issues by not having a SIEM, but having all the logs in one place sure makes troubleshooting a whole lot easier. if there was an Achilles heel, that was it.

We were looking for an easy-to-manage SIEM that provided the functionality that we needed. Since we're a relatively small IT staff, the part that really made EventTracker stand out to us was the run-and-watch service (SIEMphonic), where they are an active partner, reviewing the data that we get, so we don't miss anything. They're acting as a backstop to us.

Before EventTracker, we did use another solution. I think it was a Symantec SIEM, but they discontinued it. So, we were looking for a different solution. 

We did not use any other solution previously.

At a previous company, we used a different tool. It was a much more encompassing tool that does a bunch of different event monitoring, correlation, and aggregation. It was a management suite that did things like backups as well. I know when we implemented it at Intel, it was atrocious. The problem was the process. We had tens of thousands of servers and we implemented the tool and we turned everything on. Events scrolled by the screen so fast, you couldn't even see them. We had to say, "Well, wait a minute. Let's dial this back a little bit." They also didn't do a good job of aggregating or correlating. 

The main difference between that tool and EventTracker is the ease of use. That tool was all CLI based. Everything was command-line based. The syntax that you had to use with that CLI was very challenging and very specific. If you thought you were doing the right thing but something did work and it wouldn't warn you that you didn't do it right.

We did not have a solution in place prior to EventTracker. Prior to this, in a company I had been at just before I got here, we used IBM's QRadar and, although we did look at that product here, I found that EventTracker was more appropriate for us.

I don't think that QRadar offered the same robust integration opportunities with logs and it did not offer the same correlation capabilities that EventTracker does. Also, we get a much better licensing structure and pricing structure. It's a much better value for the dollar with this product.

Using Netsurion has not meant we have consolidated cybersecurity technologies. We haven't eliminated anything. We added Netsurion into the environment, because nothing catches everything. We were not even looking for something that would replace everything else we had. We wanted the enhancements that we would get from a managed SIEM, versus keeping everything in-house.

Additional layers and different technologies are looking for different things. Netsurion deploys a technology and algorithms that we didn't already have. And the 24/7 monitoring with the SOC was another reason to add it to our environment.

We did not have a previous solution.

We did not use another solution prior to EventTracker.

We did not have a previous solution. They had already purchased this product before I came into the organization. There are a couple systems out there where people have reached out to me throughout the years and said, "Will you do a demo or evaluate our system?" But in my opinion, there's nothing that really stands out that would make me want to leave EventTracker. 

Even cost-wise, if somebody is cheaper - and I don't believe that they are - it's not significant enough to make that change and go through that whole design and implementation process again, just to save a little bit of money. We are familiar with EventTracker and we're getting the good service that we expect. We really don't have any desire to go with any other vendor at this time.

For the compliance, this is probably one of the first product that we got for our Windows side.