Netsurion is easy to scale out. We have grown from 200 employees to 700 total units with no problems.

I think Netsurion scales well. We've gone from a small number of agents up to thousands. I would imagine that it would continue to scale. I don't see any issue with that.

We are at a terabyte of data that we are holding right now, and we have been on for two years. We have grown to the capacity that we expect to maintain unless we begin adding more endpoints to manage or watch. We don't manage every endpoint in our environment, only the ones that we consider touch anything dealing with business security. So, it is as scalable as we need it to be, but we really haven't tested that beyond the one terabyte of disk storage.

We may increase usage as we get down the road a little bit, depending on our circumstances and what changes. Right now, we are not looking at increasing it, but that could change.

We're small. I'm assuming that the scalability would be no problem given all the other feature sets. When we've brought things on board, we've never had an issue. I don't know how large this scales or of any limitations to it. The backend data might be just what you have available. I've never been too concerned with it because we don't scale up really large. We're pretty stable as far as the number of devices goes, internally for us. I don't see that really changing much.

Most of the devices or products that we've talked to folks out there about have syslogs of some sort that we can point back. That's what we plan to do. I don't even know where that's going to go at this point, but I know that as we move into the cloud space, but I want to continue to tie that into EventTracker. I want to make sure I've got eyes on everything that we're communicating with.

The scalability comes down to the server that is on-prem. That would be a problem if you have to pivot scalability. The agents on the servers are not a problem at all. I could deploy more systems. However, the server that gathers the data can be a hog. It would be ideal if they could take that piece out and take everything to the cloud to analyze there. 

We haven't had to scale up. We needed to scale down, but I haven't seen problems scaling this. If we could afford to expand our usage of Netsurion's products, we would. There's another product they offered us called Deep Instinct. It just didn't fit into our budget, but I would love to have it. There's more I'd like to do with Netsurion once our budgets get back intact.

We haven't had any big problem with scalability.

When I got here, we were keeping a year's worth of data. The reason we're now only keeping six months instead of a year is our own backup speeds and/or how much disk space it's taking up. We talked to our CIO and several senior leaders. Everyone was comfortable, as long as we could go back and investigate within the same semester. We felt that reducing from a year to six months was acceptable. That also fixed our backup times which were taking so long and how much total disk it was taking up. It had zero to do with the product. It was strictly a matter that storing so much data was taking that much space and that long to back up.

Today, in our organization, it's used as needed. We may have five security incidents a month. The server admins use it for operational needs once a month or every other month. So we don't have super-heavy use here. Most of my investigations come out of those weekly reports or things that come up within the environment in real-time. There's not a tremendous need to be able to use it more often, because of the real-time alerting and those timely, weekly reports. A lot of those were custom reports that we asked them to build for us. We really get visibility right into what we want to see all the time. So we're able to address situations very quickly and not have to hunt around and figure things out.

We did have a few concerns with the scalability in the beginning. Our initial concerns were about scaling it and, if we blew it out, were we going to run into performance issues with their agent piece using too many resources on the client or running out of space on the server? But those concerns proved to be unfounded. We have 700 or 800 endpoints streaming data into it without any noticeable performance or any other issues.

We're using it almost to its full extent at this point. We're in that 90 percent range. We currently don't have any plans to move away from it. We're utilizing the features that pertain to us. Anytime that there's a patch or release, we look at the new features to see if they're applicable for us.

I know it's been working well for all the different log sources and stuff that we've been throwing at it. The big thing is we just have it on one big virtualized box. So, we haven't really had any instance or need to scale it beyond that.

I'm mainly the only user. My boss will occasionally use it when I'm out of the office, or something like that, but it's either going to be him or me.

We have it pretty much on all of our servers, firewalls, and routers. The big thing is we have a 500 license count. So, we have a number of different other switches and stuff which would be nice to be able to get logs and stuff from. At the same time, we are getting close to hitting up our 500 license count. Therefore, we're trying to figure out where we need to go as far as what systems are a must-have and what systems are a nice-to-have type of thing.

It is pretty scalable. They can handle a pretty large environment if they want to. Our environment is comparatively small compared to other corporate environments out there.

It scales fine.

It is being used throughout all our systems non-stop, so we don't have plans to increase the usage or utilize it in different ways.

One person can maintain and work with the solution.

We haven't scaled it out to anything other than what we had. They've done a pretty good job of implementing it. Since I've been here, we've had a virtual server primarily here and there, but we have not done a lot of scaling out. There hasn't been a discussion about what limitations there would be.

It monitors all of our infrastructure, all of our servers. It's being very extensively used. As we grow those, we're getting ready to open a new building early next year, all of the equipment that goes into that building will be added to it.

We fully implemented it so I don't know that there's a lot other than organic growth that would need to be done.

We've done searches going back in the archives all the way to February when we first started, and it surprised me as far as the performance goes. We're not enormous. We're taking in about 3 million events a day. We're about 3,000 employees, worldwide. I don't know that I can give a good analysis on scaling.

It's meeting our needs really well from a scale perspective. We haven't seen a performance issue associated with the volumes we're running with, and we're almost fully deployed. Of the 300 servers, there are only about 10 now that don't have it. All of the 2,500 end-stations have it. It's taking all of that. We're 90 percent where we want it to be with the log sources and it hasn't changed its performance or behavior at all. It has scaled very well so far for us.

Our plans to increase usage are only as we grow. The company has growth plans associated with it, and as new staff comes on and the machines get provisioned, it continues to increase the systems that are feeding to it. We don't have any plans at this point to be putting in any other log sources, other than those we've already identified. I'm thinking of either homegrown applications or unique applications that might generate log files. We don't have anything on the roadmap today for that.

I'm not concerned about its scalability. It's very scalable. We could grow greatly in size, and it would just continue to work for us. It's now used everywhere, throughout our organization. There are some additional paid features that we don't have, but we're using everything that we have licensed.

With Netsurion, we're covering more than 5,000 endpoints without any real difficulties, and I think we could grow even further with that, so I don't have any concerns with scalability. However, I don't know how far they can go.

Scaling it would be slightly complex because you would need to consciously keep track of the ports where the logs are being ingested. Scalability is not as straightforward as it could have been.

We are using it to monitor about 2,500 endpoints and we have two analysts within our organization's security department who work with the solution.

It has accomplished what I wanted it to accomplish. If anything, I'm downsizing servers by moving it to the cloud. So, I'm not really adding more to what it needs to manage.

A network engineer and I are the two users for this solution. It is currently deployed across all of our desktops, servers, and VMs. I don't have any expectations to expand it, except for if I hire a new employee and put a new desktop in, but I doubt we are going to be putting new servers in.

We are getting on average 1.6 to 1.7 millions events a day.

It's definitely scalable. You can get all the way down to endpoints. They support multiple devices, applications, different firewalls, desktop, laptop. You have the ability to add in those logs. We have chosen not to do that at this time because we're mainly concerned about our servers and our domain, and it captures a lot of those logs. We have some offices that don't have a domain. For them, we just get their firewall logs because we are not too concerned about their individual workstation logs.

In our environment, it works perfectly fine.

I have not seen any issues with it scaling. 

We have close to 40 users in our organization: security administration, help desk, and sysadmins.