We looked at Splunk, LogRhythm, and SolarWinds. We may have evaluated some other solutions, but those were the main players. We chose Netsurion after consulting with other organizations in our industry. Netsurion is a highly respected company with a good reputation. They also seemed more than willing to adjust to our environment. With some of the larger players, you have no choice in how to utilize their product. Netsurion was accommodating to all our requests. 

Obviously, pricing was a factor. They weren't the cheapest or the most expensive. Ultimately, it came down to how they could help us. It felt like they wanted to work with us to enhance our security posture and get us where we needed to be versus just selling us a service and a product. They wanted to work with us.

We tried out a couple of competing solutions, including Comodo and Arctic Wolf.

This was a lower cost solution for us. That was the main reason that we looked in this direction. When I bought a lower cost solution, I didn't expect it to deliver even the value that we are getting out of it. I talked to some of my counterparts and other utilities, who were using it, and they were very happy and satisfied with it. So, I haven't really looked outside of that box very much.

Tripwire and LogRhythm were the two vendors who had support for an agent that could watch an IBM i system server, which is a mid-range platform server. When we went to Netsurion, we looked around at some others, but Netsurion was the only other one that we found later on that supported that integration. 

LogRhythm would probably have been a good solution as well. However, after talking to some of my counterparts, I decided that Netsurion would be a very good solution because they spoke very highly of it. They had been very pleased with its service as well as their managed SIEM service as well.

Netsurion Managed Threat Protection is more small business-friendly. It has been good to have a company who suggests things along the way without pushing things on us. For example, they will say, "Here is something that you want to do, but ask your auditors." My auditors can't tell me what we should be logging or watching. They can't tell me that. Maybe a Fortune 500 company's auditors can tell them that, but our auditors don't tell us that. We pay a lot of money to auditors every year, but they don't come in, and say, "Are you watching for every disabled login?" They don't give us that level of detail. Instead, I need people who understand a small business and the realities of working with a small business budget and are able to guide us on the number one, two, or three priorities, then tell me why those are priorities. After that, I can then take it back to our security auditors and financial auditors, and say, "Okay, here's what we are doing. Are we doing enough? Is there something that we are leaving out?" 

It has been good to be able to work with people who are not high pressure on sales. They are not here to tell us that you need to do it a certain way. The door is open to whatever we want to do. Where we don't have the knowledge or experience with it, they have filled in those gaps.

The market is moving to where vendors are trying to be the single vendor who does it all for you. Frankly, I'm not comfortable with that. I'm okay with a vendor who doesn't do every piece of my security stack, because I don't really want that company. Other people may be looking for that, but I am not one of them.

At the time, EventTracker was one of the few that did a bit of that behavioral analysis. There was another one, the name escapes me right now. But it was the only other product that I felt was in the same quadrant, as far as feature sets and the behavioral analysis go. We did not evaluate very many.

I did evaluate other solutions, however, I cannot recall which ones as so much time has passed. Many may not be on the market anymore. 

We had a bunch of data security incidents with staff clicking and opening things that they weren't supposed to. We started a security awareness program in 2021. We got a fair bit of traction, which was good and has helped, but we still wanted to pursue some type of threat management system. We looked at three different systems: Netsurion, Trustwave, and LogRhythm. Netsurion was the only one where we could get a good demonstration and quote that was close to our budget. That is why we ended up going with it.

We looked at other solutions, but nobody had a comprehensive SOC and fine-tuning like Netsurion. I had even used some other solutions before this in some trials when we were getting ready for a tool like this. As far as I know, I may have found one or two later after we implemented this that offer some of the same features, but I still think this is the best solution for the money.

I don't know the reasons why they put this in right away, because we were in a three-year contract — but at the end of that three years the price was going up. I don't know that we had done the math on it before, and we thought, "Whoa, wait a minute."

So I actually did look at AlienVault, which was a good competitor technically, but I could never find anybody who could give me any decent price to help with that managed service. So either I was going to have to pay a lot more, and sometimes upwards of double what I'm paying Netsurion, or I was going to have to hire an FTE to do it. There's no way that that would work out financially. When they heard that we were shopping other products, we negotiated with them and they came back and agreed to put a cap on the price. We've been thrilled with that. It's worked out really well.

Compared to others, Netsurion also has even more services. We have bi-monthly calls, reviews of what happened in the last 2 months, including things that might still be outstanding. They've reported things to us and we'll say, "Hey, we need an update on this." Or, "Are we closing this issue?" They bring those things up every other month. There are a lot more things that we could license if we could afford it. We would love to license all of our workstations. It's not that they're trying to price-gouge, it's just the size of the environment. And you have to determine what other tools, besides a SIEMphonic-type tool, you want. We've been pretty happy with what we've been able to deliver.

One thing that differentiates Netsurion is that they have the total package, or as much as you want. They can run the thing for you, as they do for us. They can offer all kinds of different services beyond just the SIEMphonic services. They're also a much more robust company and one that offers a lot more than somebody who's competing for just any single item that they offer.

When we were negotiating the price, we had bought more licenses than we really needed for our servers. But you can slice and dice and change things up. Even within the managed services, they can run the weekly reports for you or not. They can do the upgrades for you or not. They can do the bi-monthly calls or not. There are all kinds of different things they can do. So we right-sized those services and "trued-up" our licenses to what we really needed, with a little bit extra for growth. We came to a good agreement. It was a bit of a win for them. We gave up a few things that we didn't really need anyway and we were able to maintain our level of service that we had had and had come to expect.

When we acquired EventTracker, we went through an assessment process, reviewing five or six different manufacturers of SIEMs. The frontrunners were the typical players: Splunk and LogRhythm. There were a couple of freeware options out there, but what really set EventTracker apart was their SIEMphonic. That was the big differentiator. We were able to get much more value for our money, and it met all the requirements that we had set out when we started the research.

There weren't really major differences between EventTracker and the other players. Ultimately, SIEMs do the same things. They collect logs, they index those logs, and they make them searchable. There's not really a difference on the surface.

We looked at a handful of different solutions out there. When we were looking at SIEM solutions out there, we were looking to replace Symantec. We were looking at Arctic Wolf, EiQ Networks, Secureworks, and Trustwave.

The primary reason we went with EventTracker and the SIEM Simplified service was the CIO wanted something that was a 24/7 monitoring type of thing. That's why we went with that service. But, when we found out at the time it really wasn't 24/7, and we wanted 24/7 monitoring from more of a SOC/NOC type of thing. The EventTracker support said, "We do have that." However, that wasn't necessarily the case. It was primarily an eight to five type of thing. Supposedly, in the last couple of years, they have changed it, and it is more of a SOC/NOC type of thing. 

This was one of the reasons: We were looking for a hybrid approach. Basically a SIEM that we could have on-premise where we could have someone else monitor when I was not in the office. EventTracker was able to create the different alerts and stuff like that. So, when I'm not in the office, I get alerts generated. However, we wanted some more active monitoring type stuff.

We looked at a couple of solutions.

We looked at a few solutions but we narrowed it down quickly to Netsurion. The features offered by the various solutions were pretty close in parity, but Netsurion, at least at that time, had an edge on pricing, and we liked the initial conversations that we had with them.

Netsurion didn't integrate the MITRE ATT&CK Framework when we brought it on, but it was added afterward. But as MITRE solidified into a pretty important framework, I reached out to Netsurion and asked when it was coming, and it was coming in the next release. They were on top of it. 

We evaluated McAfee Managed Detection and Response, Splunk, and Rapid7 against Netsurion Managed Threat Protection. The biggest difference was the cost.

I was doing a cursory review of different things by doing a web search, like a Google search, and looking at different options. I came across Netsurion, who are local to us, and I knew the VP of Sales, and I always like to work with people who I have a relationship with.

I've looked at AlienVault. That's the only one that I can recall looking at extensively. But cost-wise it really wasn't worth it to us to switch to that system. It might have had a few more features, but EventTracker has done really well on constantly adding features and changing their UI and adding dashboards and getting more data on there that you want. I have no reason to make a switch.

We are always evaluating new tools. We decided on Netsurion because of its UI and ease of use. My team agrees that the solution is reliable and easy to use.