We just raised a $30M Series A: Read our story

Secureworks Red Cloak MDR OverviewUNIXBusinessApplication

Secureworks Red Cloak MDR is the #5 ranked solution in our list of MDR Services. It is most often compared to CrowdStrike Falcon Complete: Secureworks Red Cloak MDR vs CrowdStrike Falcon Complete

What is Secureworks Red Cloak MDR?

An advanced MDR solution should deliver security analytics software, 24x7 support, threat hunting, and incident response in a single solution.

Secureworks Red Cloak MDR is also known as Secureworks Red Cloak Managed Detection and Response, Secureworks MDR, Red Cloak MDR, Red Cloak Managed Detection and Response.

Buyer's Guide

Download the Managed Detection and Response (MDR) Buyer's Guide including reviews and more. Updated: October 2021

Secureworks Red Cloak MDR Customers
RICOH, Owens and Minor
Secureworks Red Cloak MDR Video

Pricing Advice

What users are saying about Secureworks Red Cloak MDR pricing:
  • "Initially, the cost was going to be something around $160 or $170. And eventually, I think they brought it down to $110 and they also threw in some endpoint protection platforms."
  • "The Red Cloak agent is free."

Secureworks Red Cloak MDR Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SC
Security Consultant at a consultancy with 51-200 employees
Consultant
Top 5
Good for managing alerts, has great automatic responses, and is flexible with pricing

Pros and Cons

  • "The pricing is flexible."
  • "Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions."

What is our primary use case?

We primarily use the solution for log monitoring and network traffic analysis as well as alarming for security events. 

What is most valuable?

The solution is great for managing alerts and dealing with them as they arise.

There are some great automatic responses. It will immediately intervene and block malicious IPs and can quarantine systems. It's very good at keeping our systems safe. 

The pricing is flexible.

What needs improvement?

The solution could work on its simplicity. 

Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions.

They do provide an engineer for the first few weeks to help you get things implemented, however, there's a lot of bells and whistles with Dell Secureworks. That's a disadvantage for smaller customers. With a lot of the other easier solutions available to smaller customers, you just stick a box in there and set it and forget. With Dell Secureworks it's more hands-on.

For how long have I used the solution?

I've been dealing with the solution for two or three years so far. It hasn't been too long.

How are customer service and technical support?

The team sometimes had to wait for alarms to be triggered when we're running tests. We found that it took a while sometimes for the alarm to trigger an incident and then for the engineers to raise the flag. Sometimes there's a lag time and that can be several hours, or even up to a day. They eventually do catch it. It could be faster, however.

How was the initial setup?

The initial setup isn't really straightforward. It's quite involved and rather complex as the solution has a lot of bells and whistles. 

What about the implementation team?

Dell provides an engineer for the first few weeks to assist with the initial setup.

What's my experience with pricing, setup cost, and licensing?

At the end of the day, Dell came down to our budget. Initially, the cost was going to be something around $160 or $170. And eventually, I think they brought it down to $110 and they also threw in some endpoint protection platforms. They threw in some antivirus capabilities as well. We ended up getting a pretty good deal.

What other advice do I have?

I'm not sure of which version of the solution we are using.

While my company doesn't have a relationship with them, our client who went with the Dell solution did have a pretty strong relationship with Dell already. They were able to leverage that relationship, and bought Dell hardware and so on. They were able to get some good people to demo and to discuss the MSSP solution for them.

It's an internal tool, it was developed internally. My sense is it's still got a ways to go in terms of having a shrink-wrap capability. If you want a shrink-wrap capability, you need to go with something smaller and something that's been out there on the market for a while. Red Cloak is more for internal Dell consultants. 

Overall, I would rate the solution at an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MK
Cyber security manager at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
Provides visibility and control, shows only important things, but needs tamper protection and more visibility across endpoints

Pros and Cons

  • "It provides more visibility and more control over endpoints. It reduces the noise. It clears things and only shows things that are really important. It only shows those things that need to be looked at or need to be investigated further. Other similar solutions give you a lot of alerts and other things, but Secureworks gives you a defined or less noisy view so that you can work or focus on things that are important in terms of investigation, response, and remediation."
  • "Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured."

What is our primary use case?

We are using it for detection and response and alerting and monitoring. We have its latest version.

What is most valuable?

It provides more visibility and more control over endpoints. It reduces the noise. It clears things and only shows things that are really important. It only shows those things that need to be looked at or need to be investigated further. Other similar solutions give you a lot of alerts and other things, but Secureworks gives you a defined or less noisy view so that you can work or focus on things that are important in terms of investigation, response, and remediation.

What needs improvement?

Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. 

They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured. 

For how long have I used the solution?

I have been using this solution for three to four months.

What do I think about the stability of the solution?

It has been stable so far. We have been using this solution for only three to four months.

What do I think about the scalability of the solution?

It is scalable. Currently, we are just doing the POC and evaluating it. We have around 50 endpoints and four or five admin users. Its usage and expansion will depend on the performance and the compatibility with the existing infrastructure.

How are customer service and technical support?

I have not seen a need for technical support. I didn't require technical support.

How was the initial setup?

Its installation is quick and easy. If you are a new customer, you just need to create an instance. It is easy and smooth. The cloud deployment takes five to ten minutes.

What about the implementation team?

I have installed it myself, and I have also got support from other team members.

What's my experience with pricing, setup cost, and licensing?

The Red Cloak agent is free.

Which other solutions did I evaluate?

I am evaluating a couple of options.

What other advice do I have?

I would recommend this solution. I would rate Secureworks Red Cloak MDR a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Find out what your peers are saying about Dell EMC, CrowdStrike, SentinelOne and others in Managed Detection and Response (MDR). Updated: October 2021.
542,029 professionals have used our research since 2012.
RG
Solutions Architect at a computer software company with 51-200 employees
MSP
Top 5Leaderboard
Good reputation with easy setup

Pros and Cons

  • "The initial setup was very straight forward."
  • "In terms of ROI, I'd be surprised if there is any investment return on the SIM."

What is most valuable?

My client selected Secureworks Red Cloak MDR. I can't tell you why they chose this one over another solution. We presented two different solutions: Secureworks and Splunk, and they made the selection. They chose the one they felt more familiar with. My guess is probably the dashboard was better so that if and when they get queries, it was something that they were more familiar with. I know Splunk, so I'd have probably gone the other way, but that's just because it's what I know.

What needs improvement?

In terms of what could be improved, I really don't have anything to add to that. The client probably has a perspective on that but I don't.

I didn't deal with all aspects, just the set up, implementation and the tuning. But when it gets into what the licensing was and the cost, I wasn't involved, so I don't have any feedback on that.

What do I think about the stability of the solution?

In regards to maintaining the SIM, Dell does all of that. We were involved in helping them get the feed scan, helping them get set up, helping them do vendor selection. That was all when it came to the SIM. We have a lot more going on, other elements, but Dell provided a lot of those other services and we didn't have to get involved in that.

What do I think about the scalability of the solution?

In terms of scalability, we didn't scale it very large. We're three business units, 13 sites, and around 2,500 users, so not a real huge company. I assume it's more scalable than that. It's not something we're concerned about here, and even with growth or percent growth, I didn't sense that there's any limitation on that. I would be surprised if we're anywhere near where we'd be concerned about scalability with them.

How was the initial setup?

The initial setup was very straight forward.

What was our ROI?

In terms of ROI, I'd be surprised if there is any investment return on the SIM. They had no SIM before, so there's reputation and security and that they need to adhere to some kind of a framework. So they are moving that way.

What other advice do I have?

On a scale of one to ten, I'd rate Secureworks Red Cloak MDR an eight, because it's been really good. I don't know everything about it yet.

The deployment was easy. We just put on some of the end points, so we're still talking about what's going on there. But to my knowledge, there's been no issues with it. It has a good reputation, so I don't really have a lot of insight to give you detailed feedback.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
Buyer's Guide
Download our free Managed Detection and Response (MDR) Report and find out what your peers are saying about Dell EMC, CrowdStrike, SentinelOne, and more!