Secureworks Taegis ManagedXDR's query language and stability need improvement. Additionally, its price could be better as well.

With SecureWorks, we have an incident retainer. So if there's an event, they bring in people to handle a formal incident, and we have a certain amount of hours we can use. Sometimes, it feels like they're milking the retainer a little bit. They tend to involve people who don't necessarily need to be part of the incident or call it for false positives now and then. It hasn't cost us anything, so it's just a minor issue. We've never exceeded our retainer amount. But, it seems a little bit inefficient sometimes.

Secureworks's support integration is really nice. Secureworks's integrations are quite good. So, in future releases, reporting could be a little bit better in terms of what has happened, but we're able to get what we need out of it. It's just that it's not as far along as it could be.

The deployment could definitely be improved. We still have some of the RedCloak agents. They don't have a remote-controlled uninstall. You have to manually connect to every machine to remove it. Taegis, that's not an issue with Taegis. Taegis actually does work that way. You can remove it. We push it out from Intune. But the RedCloak has tied it even after supposedly running the uninstall; it's still there.

In future releases, if Taegis could come with bundled AV. It would be a great feature, which was actually one of the reasons why we moved to CrowdStrike because of the bundled solution.

The integration would look better with other products, with other EDRs, with other firewalls, with other older versions of firewalls, and the versions of software and hardware. 

Then, basically, it's compatibility. For example, having an old infrastructure and deploying SecureWorks can sometimes be a hassle. So, that's an area of improvement.

Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. 

They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured. 

We did a PoC of their next-gen antivirus product, but it wasn't ready yet. It was underdeveloped and caused a lot of issues. We'd like to move away from Carbon Black, but they said that it's probably still not to a point where we'd be happy with it. Carbon Black and RedCloak seem to work fine for us. 

Dell Secureworks could improve its integration with other third-party solutions. 

In terms of what could be improved, I really don't have anything to add to that. The client probably has a perspective on that but I don't.

I didn't deal with all aspects, just the set up, implementation and the tuning. But when it gets into what the licensing was and the cost, I wasn't involved, so I don't have any feedback on that.

The solution could work on its simplicity. 

Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions.

They do provide an engineer for the first few weeks to help you get things implemented, however, there's a lot of bells and whistles with Dell Secureworks. That's a disadvantage for smaller customers. With a lot of the other easier solutions available to smaller customers, you just stick a box in there and set it and forget. With Dell Secureworks it's more hands-on.

This solution could be improved with a higher degree of automation such as automated emails, triggers and defining the severity of the cases. It would be beneficial if this solution could predict future outcomes based on what is happening on the servers. There is a degree of automation on the back-end but not the front-end. 

The tool’s dashboard could be more user-friendly.

The integration with the Carbon Black sensor could be better. ManagedXDR doesn't seem to know how to extract the forensic data from an endpoint that was quarantined by Carbon Black. 

Log integration should be improved. If they can add SIEM, the event monitoring, then that would be great.

Scalability is an area that needs to be improved.

In the next release of this solution, I would like to see file integrity monitoring. I also hope that they will provide threat intelligence scripts for free.

GUI for resolving tickets is terrible. Non-intuitive, offering a dizzying array of options, often none of which made sense even for common problems. I ended up choosing "Other" way more than I should have had to, to categorize an issue resolution.