Netsurion Benefits

John-Berry - PeerSpot reviewer
Information Technology Manager at ProfitSolv

Netsurion's additional data source integration provides a unified view of our security posture. This makes it easy to track and see what's happening at a glance. We can also see our security status in real-time, without having to find an all-in-one security platform. Instead, we were able to choose the data sources that we wanted and integrate them into a single platform.

Integrating with our existing security tools was easy. Netsurion did all the work making it so easy for us.

The integration of Netsurion and our security tools gives us a unified view of our threat landscape.

The integrations that extend our detection and response capabilities are now easier to use. I no longer need to flip through the Azure or Office 365 admin centers to view our security alerts, and I don't need to go into Xcitium to see the security issues there. I can simply go to Netsurion's dashboard to see everything in real-time.

Netsurion's SOC does a good job of alert monitoring and threat hunting.

Netsurion's SOC has helped to eliminate recurring false positives. When they occur, we discuss them. If the investigation shows that it is a false positive, we will discuss how to prevent or suppress those types of false positives in the future.

Netsurion's SOC is effective at expediting incident response. I have worked with them on a few real incidents, and they have been outstanding. They handle a lot of the documentation for us, which is helpful. This way, we can refer back to it and what they were able to show us about our problem.

Netsurion takes care of platform management, which makes my job much easier. As a one-person IT department, I don't have the resources or budget to hire more staff to monitor cybersecurity incidents. Netsurion is like having a team of security experts on my side, at a much more reasonable price than hiring even one more person.

Netsurion allows me to focus on other tasks. In previous positions, I did not have this level of automation. I would spend two hours every morning going over logs, or X amount of time every hour checking things to make sure there were no problems. Now, I can focus on all of my other duties because I know that Netsurion will alert me if anything pops up.

Netsurion helped us boost our security operations productivity by decreasing the tedious security operations management tasks.

Netsurion has helped reduce our time to detection.

Netsurion has helped us improve our ability to remediate security incidents. In the past, we had to manually collect logs and analyze them to identify the source of an incident. Netsurion has simplified this process by providing us with pre-analyzed logs and after-reports that help us track down and remediate incidents more quickly.

Netsurion takes a holistic and proactive approach to security. They are proactive in that they give us advance notice of potential threats, such as when they have patches available. They recommend that we apply these patches immediately, rather than waiting for our regular patch day. They also notify us of other security-related matters. Additionally, they take a holistic approach by helping us with all of our systems.

View full review »
Kevin Lohan - PeerSpot reviewer
Head of IT at a venture capital & private equity firm with 11-50 employees

One of the primary benefits of using Netsurion for our organization is that, due to a mandate from our regulator, we are required to have robust monitoring platforms in place. We now possess our own monitoring platforms, which allow me to oversee various aspects. Moreover, we have implemented a 24/7 monitoring platform, ensuring complete compliance with regulatory standards.

Netsurion offers a flexible solution that assists us in safeguarding our entire IT environment. This has significantly enhanced its robustness over time because they have been able to identify trends. Subsequently, we can adjust settings. Initially, when we implemented the product, we noticed more issues that, with time, would turn red or become more critical. These included instances where certain activities were not being blocked or when excessive permissions were granted to users in terms of access rights and similar matters. By analyzing trends over time, we have been able to refine the network, thereby achieving a higher level of overall security based on the insights provided by their monitoring.

The way the SOC service operates is by providing us with a dedicated team. This team usually consists of around four to five individuals participating in monthly calls. Essentially, this team, which is assigned to various companies, including ours, remains consistent. The individuals we interact with are familiar with our environment, and over time, we establish a rapport with them. Their contributions are highly valuable. It's akin to having a specialized team solely dedicated to handling our security concerns. Unlike a situation where we would interact with random support personnel for each inquiry or ticket, these individuals possess a deep understanding of our company as they consistently work with us. This arrangement eliminates the need to repeatedly transfer knowledge. They are well-versed in our history, the current state of our environment, and the specifics of our network. This setup operates 24/7, ensuring that meetings and communications align with my schedule. Furthermore, we receive updates even outside of regular working hours. This SOC service is available to us, and in my opinion, it's an excellent setup. The continuity of interacting with the same group of professionals allows us to establish relationships, not only with the individuals themselves but also with the company as a whole. This dynamic significantly enhances the trust we place in their services.

The SOC handles alert monitoring and threat hunting extremely well.

Reducing false positives is a crucial aspect of the tuning process we engage in. At the outset, we receive alerts for all activities, treating everything as a potential issue. However, we gradually refine this approach. For instance, we develop custom applications for our company. In collaboration with Netsurion, we've integrated their system to whitelist specific processes associated with our proprietary applications. To Netsurion, some of these processes might seem suspicious, such as activities involving the SQL database, potentially appearing as hacker activity. Nevertheless, this is not the case, and these actions should be permitted since they originate from our authorized service. It's highly beneficial to maintain this collaborative relationship. This allows us to fine-tune our system, minimizing the occurrence of false positives.

The SOC plays a crucial role in incident response. When issues arise, they are promptly prioritized. We have a specific prioritization process that feeds directly into our service desk. This enables us to initiate our incident response testing promptly. Additionally, the SOC identifies other potential concerns. For instance, we are currently investigating a situation involving suspicious DNS queries originating from specific IP addresses. Presently, we are actively examining this issue. While it appears suspicious at the moment, it has not been confirmed as an exploit or an actual event. Our standard procedure involves thoroughly investigating the matter and documenting all actions taken. Any actions we take become part of our response protocol. If the situation warrants, it might be escalated to the IT committee. Regardless, all actions and findings are meticulously logged in our service desk for future reference.

I appreciate that the SOC handles platform management. It's pleasant not to be directly involved with managing the tools themselves. Essentially, what we do is utilize an agent. This involves configuring an agent that is deployed universally. Additionally, they handle the configuration of SysLog services and similar tasks. Apart from these aspects, they take care of everything else. They provide the server and are responsible for updates, including those related to the internet. When it comes to integrations, they've established connections with our firewalls, antivirus, and email security gateway. This facilitates the retrieval of logs and security details, which they collaborate with us on. I'm relieved that I don't have to concern myself with updating their software. In our monthly meetings, they discuss new exploits they've come across, often with amusing names like "monkey dine," and their efforts to identify telltale traces of potential threats within systems. This proactive approach is commendable. Their management of these aspects allows us to concentrate on using the platform. For me, it's comparable to owning a car. When I buy a car, I can operate it, but I don't need to understand its engine intricacies. In the same manner,  Netsurion Managed XDR has been a boon for us. It has consistently proven beneficial across the various companies I've worked with. Unlike setting up our own monitoring systems, which can be time-consuming, Netsurion Managed XDR's implementation is relatively swift. While there's an initial learning curve, within a few months, the value becomes evident. The insights provided are exceptional. Certain reports are even presented to the IT committee I report to, serving oversight purposes. These reports are also instrumental for compliance and audits.  Netsurion Managed XDR is a third-party solution, impartial in its reporting. They provide compliance reports alongside their software tools. From my perspective, it's one of the essential tools. Over the course of my professional experience, there are a handful of products and services that I've found indispensable, and Netsurion Managed XDR is one of them. I used to use the Netsurion Managed XDR in my previous company, which was a relatively larger company.

The SOC has enabled us to fully concentrate on everything else that we need to do. Knowing that the segment, the monitoring, the event tracking, and the alerting are taken care of by someone else gives us the confidence that if something happens, we will be notified. This allows us to focus on tasks that are more aligned with our experience and the size of our IT departments. If an issue arises and it's critical, I will receive prompt notification. If it's not critical, I will receive an email from them the following day, or it will be included in an observation report. It will definitely be discussed in the monthly review meeting.

If we didn't have Netsurion Managed XDR, I would be looking at logs, and we'd be relying on antivirus and our own monitoring to see if something was untoward. We just wouldn't have the insight and visibility we have now. And I didn't have it before. We had monitoring, but nothing as in-depth as we have with Netsurion. So has it decreased the amount of time we spend on it? I would say it would have if we'd been able to do some of the stuff that they do, but we really couldn't do it. We didn't have the time. We didn't have the tools to do it. For us, it's been a total value add in terms of the capability, rather than the time saved because we were unable to do the tasks before.

View full review »
JD
Manager of Security and Networking at Shenandoah Valley Electric Cooperative

Netsurion provides us with information that we never saw before. The solution helps us see it, capture it, bring it together, report on it, and derive analytics from it. They've provided visibility that we've always wanted but never had. When I'm speaking to the board information from Netsurion helps me provide them and senior leadership pertinent security information from within our environment. We provide a visual map of where potential bad actors are trying to connect from. We can see which applications attackers are trying to exploit. It drives dialogue that helps increase security awareness. It also enables us to justify our security budget.

Extending our detection and response through integration is something we're exploring. We have various products that we currently integrate into Netsurion. Our organization typically takes a best-of-breed approach for software selection. We will explore more integrations to see if there are efficiencies to be gained or if we can achieve quicker reporting and remediation.

Netsurion offers a flexible solution that covers our entire IT environment. They're another resource for us and act as an extension to our existing security resources. Netsurion isn't just monitoring our environment, reporting on it, and letting us take care of it. We bounce questions off them, and they help us dig deeper into incidents as they happen. 

They provide us with the necessary information to make business decisions based on some of these events. Netsurion is more than just a vendor to us—they are truly a partner that has changed how we approach security.

Their SOC is going above and beyond. They're our first MDR. Netsurion prefers to label itself as an XDR, but we've never had a managed response at that level. We had someone watching our perimeter firewall before, and we would run unannounced penetration tests against our environment. That organization was not able to detect the anomalous activity.

When we ran tests with Netsurion, their SOC investigated things and pinpointed exactly what was going on within two minutes. We've been able to verify the work they're doing. It's nice to have an organization watching my back while I'm trying to do what I need to do.

We like to investigate and find any anomalies. Whether we or Netsurion see activity taking place, they have the resources to monitor logs and do the investigations that we are too strained to perform. They can identify the activity causing the incident. By seeing the whole picture, it has helped us make decisions that reduce our false positives.

As an example, we requested specific logs from our web filter, and the response of Netsurion's SOC was above and beyond what the contract specified. Not only did they provide the data requested, but they also modified the visual presentation to our specifications.

Using Netsurion's SOC has freed me up to focus on other tasks. Initially, my role was purely focused on day-to-day security. My role has transitioned into
managing half of our IT department. I have less time to focus on day-to-day tasks. Most of that work has been transferred to the SOC. We have utilized them far more than we ever expected.

When we signed an initial contract three years ago, we wanted to see what we could get from the service. As we get ready to renew the contract this year, we're looking for more ways to utilize their services because budgets are getting tighter. We are exploring ways to take advantage of the SecOps management features.

Our time-to-detection has decreased exponentially, but I don't know how to quantify it because we weren't seeing the things that they're reporting. We knew they were there, but that level of visibility wasn't there. They notify us in under five minutes about issues we never would have known about before.

The remediation time has also improved exponentially. We can't remediate an issue unless it's known. As soon as an incident is detected, they notify us within a few minutes. We've remediated most issues in under five minutes.

View full review »
Buyer's Guide
Netsurion
March 2024
Learn what your peers think about Netsurion. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
JW
Cyber Security Specialist at a financial services firm with 11-50 employees

We don't have the security staff needed to monitor log data constantly. It's too much data. You have to send it to a third party like Netsurion that specializes in that, and they have a 24/7 security operation center. We don't have the in-house staffing or the time, so we offloaded the task to a third party, and they only report on critical incidents. Then they have reporting criteria, so if it's urgent, they call us. If it's not so critical, then they email us. We don't have the capacity to do that ourselves.

Netsurion has allowed us to consolidate cybersecurity technology, including SIEM and network traffic analysis. It's not a decisive factor, but it's important. Having multiple tools keeps it centralized.

View full review »
RC
VP of IT Systems at Carteret-Craven Electric Cooperative

It takes the load off of our systems administrator from having to manage, vet, and analyze logs. Even though they come out in a good format and we have reports from them, there is still an incredible amount of data moving through that system. 

When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with.

The solution provides 24/7 monitoring and alerting. When we have third-party security assessors come in and do our annual pentest and security review, they have ranked us as being a very mature small business compared to others that they deal with. So, we rank fairly high in terms of cybersecurity maturity compared to other small businesses with 75 employees, such as ourselves.

We don't do a lot of network analysis, but it certainly meets all of the correlation requirements that we have so we can be able to spot logins at unusual times. Or, I just got a report, not 30 minutes ago, and called one of my guys, saying, "Hey, go check on this PC because it is showing 15,000 incorrect password attempts to get to the file server. What is going on?" Obviously, it's not necessarily an indication of a breach of any kind. It is an indication of some kind of software malfunction. So, we were able to look at that and get those reports, and say, "Hey, we have something that needs our attention. I have one user account hitting a file server from one PC, and we know that a password was changed on the day that started, but we also know that the password is not locked out. This helps us analyze what the real problem is, then we are able to eliminate that it is not an Active Directory problem nor a Windows problem. We know what caused it, and it's not an intrusion attempt. However, this narrows down all those issues so we can focus on where the problem might really be.

View full review »
RT
Network Manager at a energy/utilities company with 51-200 employees

It's come in tremendously handy. We've had small incidents crop up that we've been able to isolate immediately or dig further into because of this. Without that "full-glass" look at everything we've got going on in our environment at a particular time, we would be chasing our tail a little bit: "What's happening here? Do I need to go look here? Do I need to go look there?" The ability to pull those logs in from not only all of our desktops, all of our servers, all of our appliances, but from anything else that could be logging an event, has been tremendous for us.

It has limited the time that I've had to spend combing through any device and syslogs. For example, firewalls: I'd be looking through events to try to find out if anything looks abnormal. EventTracker not only does centralized tracking, but it does a fair amount of behavioral analysis as well. It tells us: "Hey, here are events we haven't seen before." It even calls to my attention processes that are new, including unsigned processes that we need to be aware of in our environment. We also utilize their Snort plugin on the front-end. It indicates traffic that's coming in that we might want to be aware of.

We tend to start blacklisting and block-listing a tremendous amount of external IPs based upon things that the solution sees on the outside. Those could just be events hitting our firewall, but unless I'm sitting there watching my firewall on a continuous basis, I'm probably going to miss a lot of them. EventTracker is collecting that and pulling it all into a quick and easy notification. On a daily basis, I get that report to rehash: "Did you see these things? Are these acceptable? Here's behavior that we haven't seen before from this particular user." It makes me aware of things so that I can validate. It gives me a good check and balance on what we have going on in the environment and what they're seeing through a collection of event logs.

Because we've been using it for so long in our environment, I've pushed my daily duties onto other things. I've moved into other areas since I don't have to constantly monitor this equipment or the logs or check back on things. It's probably cut down 50 percent of my workload, in terms of tracking and watching and trying to play a little bit of triage after the fact. It's giving me heads-up notifications immediately. Then, as we hash back through things, either on a daily or monthly basis, we're looking at what it's finding and what we are missing. Are there things that are still cropping up that haven't been taken care of that maybe slipped through the cracks? It's not only cut down a ton of my time but even our staff time which used to be spent watching and maintaining logs on various products.

View full review »
JosephSnyder - PeerSpot reviewer
CIO at a financial services firm with 201-500 employees

The great upside is compliance and regulatory satisfaction. If we say we're using this product and someone wants to report, that's it. There's no question about the legitimacy of the product. They're large enough in the marketplace. Our regulatory bodies know about them and understand what the product is like. That's the number one pro for me. 

It gives me a really good piece of mind. I have a couple of products. This one is not cheap. However, it doesn't have to be. I pay a premium and they give me peace of mind that I don't get with any others.

View full review »
Gene Anderson - PeerSpot reviewer
IT Coordinator at a government with 51-200 employees

Having a managed SOC reach out and contact us when something pops up is useful, since we're not, as IT staff, able to have eyeballs watching for things. We are dealing with staff, devices, services, etc. all the time, so we are not able to watch for things. There is also not the expertise available all the time for all our escalations of threat management. Having someone who can notify us, "This is urgent. I will call (or email) them based on the runbook that we have," and, "I need to follow up in however many days," depending on the urgency of the issue, has been really helpful.

Given that the solution is passive, it hasn't had much impact other than occupying space on our server infrastructure.

They offer 24/7 monitoring and alerting with the understanding that our boots-on-the-ground staff are not 24/7. Being that it is passive, if they are calling us to do something, then depending on the time of day or even the day, our staff aren't working. We don't have a 24/7 rotation, given that there are only two IT staff positions for the entire organization.

Netsurion gathers the logs from our Sophos cloud provider, amalgamating it all into our on-premise SIEM. Then, the SOC is performing all the analysis, reporting, and alerting for us. This is pretty important given that we have very limited staffing, so we need to be able to have that handled for us.

There haven't been a lot of incidents in the last six months, which has been nice. Most of the incidents that we have reported have been false positives in the last few months. It has been quiet since August.

View full review »
BS
IT Director at Global Connections Inc

We've been under attack since the day we opened. Our company has a web base that hosts more than 100 different websites, and we're constantly facing attacks — our mail servers too. Of course, we knew we were under attack, but Netsurion provides excellent visibility into how often it's happening and what services they were using. We had a relatively decent idea of that ahead of time, but it solidified a lot of issues we thought we had and allowed us to tailor some solutions to mitigate those issues a little bit easier than it had been when we didn't have all the actionable intelligence.

You can't protect against what you don't know. My instincts told me certain issues were happening. There were a couple of records of it here and there, but it's easier to zero in on what you need to do if you can see what attacks are occurring and how often. It helps you identify gaps you may not be aware of. Netsurion helped shore up our security posture by verifying that some of the initial steps I had taken to protect us against some of these outside attacks were correct. I don't want to go into it too deeply, but it also showed us the usefulness of some best practices out there that many people aren't following. 

It also gave me some insight into what the attacker is going through. When I looked at the thousands of logins we get a day, and I was surprised to see the different languages attackers were using. I thought that was kind of interesting, but for the most part, it showed that many of the early countermeasures we put in place 20 years ago were still protecting us effectively versus a lot of the threats out there. 

We've been able to consolidate cybersecurity technology for our endpoint security. It's a deny-all policy. We reinforce it with other products behind it to ensure that nothing's getting through, but it was still a paradigm shift for us. Instead of just using signature-based threat protection methodology, it allowed us to really get a better grip on what was running inside of our network. That includes some attacks that aren't even nefarious, but just some chatty stuff. We were able to clean up our network a little bit based on some of the things we had seen.

It helps that everything's in one pane of glass by limiting the number of dashboards we have to look at. Consolidating services really helped us gain C-level buy-in. This wasn't just to monitor logs and check for some malicious entries — it was a complete solution that allowed us to recoup monies in other areas because we could consolidate everything in one product.

Neturion's managed security didn't reduce the amount of time we had to devote to everything else, but it supplemented our visibility, giving us the ability to see more than we could on our own. They also got us up and running in a week, whereas we would've probably spent months trying to get this running with the resources we had at the time. Even if I were fully staffed, this would have been a difficult task for us to pull off on our own. So while I won't say that it freed up my staff to do other tasks, it saved me from having to assign staff or take staff away from current projects they were working on to get this implemented and keep it running. I know it would've taken a lot of my time — at least two to three weeks — plus the time of my techs.

View full review »
JB
Chief Information Security Officer at Samford University

The solution saves me at least half an FTE, some 20 hours a week. If I didn't have the managed services, I would have to have another half an FTE just to do the work that they do for us.

Netsurion has assisted our server administration team as well. If they're having software problems or access problems or the like, they have the ability, with all the logs now centralized in one place, to go to one place and do those searches, rather than to go individually, server by server by server, and try to figure it out. 

It's also tied into our enterprise firewall, which is Palo Alto. It really helps them in their troubleshooting time if they're having an issue. 

There are 3 aspects that Netsurion is very helpful to our organization.  One side is the information security side where it helps us quickly investigate an incident including false-positives. A second aspect is operational efficiency.  It would really take a lot of time to try to figure it out server by server but with Netsurion they can go to one place which has all those server logs. The third aspect is log archives. Once it makes it to Netsurion, they can keep local log storage space pretty low and don't have to burn a lot disk space on the local servers.

I also feel that Netsurion has better integration. Almost any product could integrate with just about anything else, given enough time and resources. But that's part of the managed services that we contract with Netsurion. We have integrations into Sophos (for antivirus), Office 365 (for email) and for our enterprise firewall (Palo Alto), and our Cisco networking equipment. So we've got all the critical infrastructure pieces integrated and all of those were integrations out-of-the-box-that I probably could have figured out if I had enough time. But I tell them what I'm trying to do and either they have a white paper which gives me one, two, three steps to do it, or they actually take over. I give them a service account. They take over, they do it, we do some testing and we go live with it.

Everything we have is a real-time feed. We don't have anything that is just batch and then it reads it in later. Especially on those real-time alerts that I mentioned, I know about each of those literally within minutes after it happens, because it's a real-time feed. The alert fires and sends me an email or a text, whichever I have set up.

We're also very impressed with Netsurion SIEMphonic. That's what they've renamed their SIEM tool. We use it quite a bit now. They've got something called potential insider threats that we look daily. Those are things like account creations and the like. A SIEM tool doesn't necessarily know, just because an account is created, whether it should have been created or if somebody created it to try to hide their tracks. Also, seeing things like logs being cleared on servers has been very helpful to us. We would have no other good way to get visibility into those types of things. An extension of that is the alerts that we talked about. It's really been really invaluable for us to get insight into our environment. There'd be no other way for us to really get that without either SIEMphonic or one of its competitors.

View full review »
JH
Director of Application Development and Architecture at South Central Power Company

Their run-and-watch service (now renamed SIEMphonic) has saved from having to hire at least one FTE. In addition, having an expert set of eyes on things and their assistance with rules has been a huge time saver. They've been a really good partner.

We are logging everything from Windows client workstations through our server stack, through important, critical web and cloud pieces, like Office 365 logs and web server logs. The latter would include IIS and Apache. All of that information is being streamed directly into, and assimilated by, the EventTracker product. It seems to be doing the job quite well. Having that visibility into the data is useful. Their interface is simple enough for us to be able to use but advanced enough that if we wanted to do some more advanced queries — which some of their competitors admittedly do a little better out-of-the-box — it hits the wheelhouse perfectly.

We're signed up for their weekly observations, so if they find something big they're going to notify us immediately. But having a management-level synopsis once a week has allowed us to not only replace the one FTE, but also streamline our prioritization of work, based off that data, as well.

View full review »
JY
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees

We send the Snort IDS alerts to EventTracker, e.g., high level ones like Ransomware and data leak type alerts, we are sending the Snort alerts to EventTracker. For things like ransomware, data leaks, and data exfiltration, we have higher incident reports created, so then it also gets sent to our email and phone. As an example, this Saturday night around four o'clock, we were alerted to an incident from EventTracker. They got a Snort alert about a data leakage or data exfiltration. It was a false positive, and that is good. But, this is just one way we use EventTracker.

View full review »
BB
CIO at a computer software company with 501-1,000 employees

We do not have a security team. By implementing Netsurion, we could utilize an external team to be able to investigate those things where we do not have the expertise or people to do that. That was the number one reason why we went to them and asked for help from them. We purchased their services to monitor all those things.

The integration of Netsurion with our security tools gives a unified view of our threat landscape. It brings everything into one single pane of glass type of view. We can see everything going on in our infrastructure. It is pretty important for us to be able to see everything in a single report rather than going through ten different tools, which can be a bit annoying. Having Netsurion describe everything in detail in one report has been pretty valuable.

Netsurion has been a pretty flexible solution for helping us protect our entire IT environment. For everything that I have asked from them in terms of adding certain SaaS products, devices, or anything like that, they usually had a solution to get them integrated into their product. It might not be the best integration, but they have figured out a way to get our security stuff into Netsurion.

There have been some incidents in the past where we had a scare of a possible virus infecting one of our machines or of possible intrusion. We pushed it up to their SOC team. They did investigative work and came back and told us their findings, such as things being fine on those devices and so on and so forth. Their SOC team has been pretty good in the sense of being able to jump on things and be able to work with us on possible issues that crop up.

Netsurion's SOC is pretty good for eliminating false positives. They have done a pretty good job of going through a lot of the log data that we have. They go through hundreds of tickets in a month, but we only see the reports. They only come up with critical or warning items. We get a handful of those compared to all the tickets that they create on their side that may look like suspicious things on their end. They do a pretty good job of looking and working out a lot of false positives on their end.

Netsurion has helped to boost our SecOps productivity by decreasing tedious SecOps management tasks. They have been able to provide a way of monitoring things so that we do not have to do that. They have been watching the environment and only bringing things to our attention when we really need to. That is something that we did not have in the past. We never had a security team, and we needed someone to watch everything. They are able to watch everything and look through everything that we have on our infrastructure, such as SaaS products and other products. They have shown value by only bringing up the cases that truly need interaction from our side. My team is able to go into a system or one of the SaaS products that we use and take action on certain things. They do the investigative work, and they do the penetration scanning and things like that and notice things. They bring anything they find to our attention. They have steps or procedures to take action on those things. Once we get all that information, our team goes into those devices or services to make changes based on their recommendations for the issues they found. In the case of a security incident, Netsurion has improved our ability to remediate.

View full review »
RE
Network Administrator at a construction company with 501-1,000 employees

Since it is a managed service, they take care of everything for us and just reach out when they have a question, there is an incident, or an important alert. That is the most important part for me because that allows me to focus elsewhere.

It allows us to avoid needing to employ people to stay during evening hours, which is a positive.

The solution provides an embedded MITRE ATT&CK framework. The framework is relatively new. I like that it is a curated knowledge base now. It is very important because it lets everyone know what is going on and being observed in the real world. It definitely helps in the analysis of whatever threat is found. Remediation is already built into the framework.

View full review »
ML
Chief Information Officer at ECRMC

EventTracker enables us to keep on top of our work. We're a hospital, so we're 24/7. We don't have enough staff to do that, so they're able to monitor things off-hours, and then even during hours I get two people from InfoSec. They can't be sitting there staring at a screen all the time, they have to go out and do other things and attend meetings, etc. and so they're able to rely on the tool to correlate and then notify them either via pager or phone call if something comes up that is deemed to be important enough to be notified. That's huge for us because we don't have the budget from a staffing standpoint to have people on-site 24/7.

Back in the day, I used to work for Intel and we had a whole room full of people who just sat there and stared at the screen for events. It was in their data center group. We don't have that kind of staff. The only people half staring at a screen all day long are the call center, and they're the ones who take tickets and talk to end-users but they don't have the time to sit there and monitor the event logs and all of the other things. That's the value the tool gives us. I can have people doing real work and then things that need to be escalated are escalated. It saves us roughly two full-time employees. It cuts my team in half. 

EventTracker also helps us with compliance mandates. The tool helps us document that we're following best practice, that we're identifying issues and tracking them, and that we have logs of what issues were identified. That allows us to be able to show a lot of the documentation that we are really doing best practice. I just don't physically have enough team members to do that. This allows me to be able to provide that 24/7.

It's not just a tool, it's a service. The secret sauce is not the tool. I could buy a tool from a dozen vendors. I have a tool to be able to aggregate and correlate all of these events and send something to a screen. But if I still have to have somebody sitting there staring at a screen all day long, that's valuable but not as valuable as someone that has a team, that is an essential SOC, that is aware of what's going on in the world and is saying "I'm seeing this in seven places, including El Centro, let's get ahold of El Centro so they can start taking action on it."

There's nobody that's dedicated to internal incident management. I have two information security folks and they do everything from internal incident management to designing new implementations, to reviews of existing annual information, and security audits. They do all of that, but they don't sit there all day long, staring at a screen, looking at incidents, and trying to figure out what to do. That's the value that we get out of it. That's the extra value.

View full review »
MO
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees

The result of the reports on activity and the archiving for research has been that the operational teams are more consistent in the usage of standard practice which, from an efficiency perspective, has removed the need for the information security team to investigate issues that are out-of-norm activities. We are no longer doing an internal incident three or four times a week. We may do three or four in a month. That saved us significantly on the incident investigation side. We have pulled back 10 hours a week, on average, just from the security team. I would contend that it's probably also saved time that I'm not able to measure from the operations team because now they're not remediating things that we're pushing to them, and the user community is getting a more consistent experience from the support teams as a result.

There's this downstream value that I don't think people really think of when they look at products like this: What is the cause and the effect that it has on operations? In our case, it was to improve the efficiency and the consistency of the operations which, in turn, resulted in the user community getting a better experience. It's really hard to measure the user community improving its view and opinion of the IT support teams.

View full review »
DW
Network Engineer at a wholesaler/distributor with 201-500 employees

The 24/7 monitoring and alerting is definitely a positive because we don't have to have it in-house. These days, finding security people and keeping them is even more of a challenge than it was two years ago.

Netsurion also provides us with actionable threat intelligence. If an endpoint visits a site that tries to do a download, a "drive-by" type of situation where it tries to run an obfuscated URL through a PowerShell or the like, we'll get an alert from the SOC so we can take remediation actions for that particular endpoint.

Our detection time is shorter than it was, and they're well within the SLA for both detection time and remediation. Since MITRE was added in, we haven't seen anything take longer than it's supposed to. The detection times are short, and alerting times are also very short. And while the addition of MITRE hasn't increased remediation accuracy, remediation accuracy has always been good with Netsurion. When it's already good, if it only gets a little bit better, it's hard to measure that.

In addition, the fact that this is a managed security solution has definitely freed up my time to work on other responsibilities. If we didn't have the managed component, I would probably have to spend most of my day in the SIEM, personally. Now, I only have to turn to it once in a while. It has freed up most of my time to work on other projects instead of managing the SIEM. It saves close to 75 percent of an FTE in our existing staff and we also haven't had to add staff. To get 24/7 monitoring, we'd have to have at least three people with no vacations for those people. That would add up to a whole bunch of FTEs.

View full review »
RT
Senior Director of Information Security at a healthcare company with 5,001-10,000 employees

Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred.

With Netsurion, we've also consolidated a lot of our cybersecurity technology. Case in point, Netsurion can aggregate the log files from a Meraki wireless access point, which correlates that data, so that minimizes the time necessary to investigate. They have already taken care of the heavy work. With Netsurion, I take their data, and I know where to start.

Any security professional will agree that if you don't have a solid understanding of your inventory of assets, it's going to haunt you. In this case, it provided me the opportunity to see what's out there. This is especially crucial given that we have some BYOD devices that are not allowed onto the network. I was able to spot those devices and enable conditional access through our Azure Active Directory.

It has reduced the amount of time it takes to identify and respond to constantly evolving threats. We don't know everything. So we could have something that we've never seen before and it requires research on my part, which can be very time-consuming. I like to have the reference readily available.

The managed security solution has freed up IT staff time to work on other things. Our IT team is tiny. I am the only security person in a company with more than 5,000 employees. I don't have to focus on security 24/7, which frees up a lot of time and lets me have a work-life balance. It's equivalent to saving us the cost of three full-time employees at 40 hours a week. The SOC is an essential component. It's crucial to have those individuals correlating and reporting on alerts or taking care of events that don't need to be reported. That's a lot of manual work.

View full review »
AY
Lead Security Analyst at a leisure / travel company with 1,001-5,000 employees

The 24/7 monitoring and alerting have positively affected our security maturity because now we have people with eyes on our security events 24/7. They are monitoring our security incidents and alerting us to any incidents that need action on our end. Overall, the SOC component of the Netsurion solution is very important because without it we would need to hire more people internally to do that work. With the hosted SOC, we don't need to have a large team on our side. While their SOC doesn't know our company and what is unique about our environment entirely at this time, they are learning it now.

View full review »
BC
Chief Technology Officer at G&G Outfitters, Inc.

It is protecting us from cyber threats.

We get a lot of information security audits from our larger clients. I wanted to be able to have intrusion detection and prevention, vulnerability scanning, and SIEM because those are always the questions, "Do you maintain your logs? Do you look at them? How do you take proactive action?" EventTracker managed service gives me the right answers for all those questions and has saved me time when answering these questions.

View full review »
GF
Information Technology Coordinator at Magnolia Bank, Incorporated

It gives us a real idea of our network environment, VPN access, alerts and more. We are able to identify where we're getting scanned externally from potentially malicious IP addresses. We can react to those a lot quicker than we could previously.

EventTracker has increased productivity and saved us time, absolutely. We would have to hire a full-time person to review logs if we didn't have EventTracker. I get daily and weekly reports that I review within an hour or two, each day, versus having to go look at logs on each machine. It would take me three or four times as long to review all those logs if they weren't all in the same dashboard report or alert.

View full review »
SS
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees

We use those standard reports every day and monitor them. It does save us some time from having to go out manually and pull that information together. With the daily reports that we get, we can easily scan through them and find any anomalies that are occurring. If a system suddenly starts getting thousands of more errors than it did previously, we know we need to look at something on that system.

The solution has also saved us time due to the fact that it's doing the consolidation of the log files for us. It probably saves us three hours a day.

View full review »
ML
Assistant LAN Administrator at a non-profit with 10,001+ employees

It gives us a heads-up about the disk space and any errors in any event logs that we have to look at. There are times where that saves us time.

View full review »
AW
Consulting Engineer at a tech vendor with 10,001+ employees

It was purchased so we would be in compliance. That is our main reason, and it works very well.

The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location.

EventTracker provides a great place to do our searches for certain types of events. We can go there, run the search engine, and it runs extremely fast, especially compared to the version that we previously used. E.g., instead of connecting to each individual domain controller to search events, we can go to one location.

View full review »
Buyer's Guide
Netsurion
March 2024
Learn what your peers think about Netsurion. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.