The initial setup was very straightforward. We used Professional Services and we had three meetings a week in the build process. It dropped to two meetings a week as we were migrating from one system to the next. Then we went to weekly and then biweekly break-fix meetings until everything was up and running.

Within two weeks they had it pretty fully in place and then we spent about another two weeks fine-tuning different details, because it processes data differently than the on-prem version. We were up and fully in production on the new system inside of a month.

We created the cloud-based version in parallel and we kept the on-prem solution up and running until we cut over, 100 percent, to the cloud-based solution. We kept them running in parallel for an additional month so that we could check risk scores back and forth between the two systems, to make sure one was not capturing events that the other didn't, with the exception of "net-new." As I said, when we put in the new cloud version, that enabled six more data inputs which, obviously, didn't exist in the on-prem version. But for the things that were identical, we made sure it was up and running and accurate. Then we just cut away from the old one all-together.

We have the cloud license of Securonix. Everything is on the cloud. We only implement RIN on-premises, which is straightforward. You just download the executable, give it permission, and execute it. You provide the information it asks. There are a few packages that you need to install previously, but overall, it is very handy and straightforward.

The initial setup is easy. I don't see that as a challenge. All the features are user-friendly, and anyone with basic training should be able to install and get it started.

Generally, government clients or large enterprises prefer the product on-premises. Around 20 to 30% of our clients prefer to have it on the cloud. Most of our clients have installed it on-premises because they are very large companies. Fortune 500 companies would prefer to have it in their own environment and not on the cloud. However, Fortune 2000 or Fortune 5000 companies would be more interested in a cloud environment.

I wasn't involved in its setup and onboarding process, but I would assume that it is very quick. That's because it is very simple to use for my use cases, and they have nice support and help.

Its maintenance is pretty lightweight. We have another team that is in charge of that. There are most probably two people who take care of SIEM and cybersecurity solutions.

Securonix cloud-native platform helps to minimize infrastructure management. It allows us to focus on threats versus engineering or managing the platform.

We had another engineering team that took care of its deployment. My involvement in its setup was only for providing the type of data that we need to pull into Securonix. Some log sources took a while in terms of the data format that we wanted and accommodating it with the APIs on the Securonix end. We only had issues with a few data sources. It wasn't a very difficult process, but it did take some time. It took about two months.

Overall, its onboarding was pretty smooth because we were on SaaS. In terms of the strategy, we had to provide the data sources that we needed. They were divided into three levels. We first integrated one or two data sources, and when we saw it triggering, we integrated a few more. We also worked on fine-tuning it for false positives with their content team. They trained us on various use cases and algorithms behind those use cases. If there was any incorrect trigger, they explained the reason for it. It did take quite some time to configure it for our own custom use cases. This phase took more time than the initial integration of data sources. It took at least two to three months to onboard all the sources.

Because it was a SaaS solution, they did the maintenance. It didn't require any effort from our end. It minimizes infrastructure management. In case of downtime or outage, they used to notify us and fix the issue. It did not require our intervention, except monitoring and checking if things are running fine.

They provided flexibility in terms of features and patches. If we wanted to stay on a particular patch or have a few features in the next version, they were able to accommodate that. They were able to add our features even when other customers did not need them. 

It was amazing how straightforward the SaaS product was. I did not expect that. The 5.0 that we had deployed was not that straightforward. It took some time and took some back and forth. But the current version was very smooth. All we had to do was spin up a VM and put one of their collectors on it. Somebody from one of our teams reported to me that it took about an hour or so to set it up.

We were able to do the upgrade of the collector ourselves. Their cloud operations team sent a notification letting us know and we just download the file and it was a simple upgrade. When there are issues, of course, we reach out.

With the previous, on-prem version, the 5.0, we used to need a lot more help because there were more steps involved. But in the last one-and-a-half years, we've mostly done it ourselves. Because it's SaaS we don't have to worry about most of the components.

From what I understand, this current version is much faster to set up, when compared to the previous version.

In terms of our implementation strategy, we took the route that most people take: crawl, walk, run. We started off with two very simple use cases: people copying data to USBs, and uploading data over the web. Over time, we matured and kept on adding more sources, cleaning up our data, figuring out how UEBA works. It's been a journey.

I started the process of design and continued with onboarding and implementation. The initial implementation was simple, but we had some delays because we had new solutions and we had to create new templates. But in general, if you have traditional solutions that have a template, it is easy to implement. It would take a week.

As for our implementation strategy, the tool that we had previously had a forwarding functionality, so what we did was deploy information to the RIN and, from there, sent the information to the cloud. After that, we created a pipeline and sent the rest of the events so that we could take the previous SIEM out of production.

The sources took a month to incorporate. It took us a month to get access to the teams because we do not manage certain teams. It was a bureaucratic process.

Securonix does the maintenance. It doesn't require work from us. They send us emails indicating that the system is going to have a brief reboot and it takes a short amount of time. 

I joined after the implementation, but it requires very little maintenance after deployment. We have one or two hours of downtime for quarterly maintenance. 

The solution was already in the mid-stage of implementation when I joined the organization. I mostly worked on fine-tuning the policies.

We have a team that takes care of maintenance updates. The solution needed some updates because the user behavior wasn't working properly for some of the policies. As of now, instead of using user behavior, we use event rarity. After version 6.4 is implemented, the issue will be resolved. There are two or three more issues we have that will be resolved after the update.

When we have a cloud deployment or we take it as a service, we don't get involved in the deployment of the SNYPR application, but we do get involved with on-prem Remote Ingester. So, application deployment is done by Securonix, but the integration with other sources is done by us. We don't have any difficulties with the integration because we have been working with it for a long time. So, we're aware of the backend and how to integrate. It is quite simple and easy. We also have a call with Securonix SME twice a week.

The maintenance is handled by Securonix themselves. They sometimes do the monthly maintenance. We only get the notification, and we know of the maintenance window. After maintenance, we check everything. We just validate that everything is working fine. They also validate from their end, but we also validate. We haven't had any difficulty after the maintenance or upgrade. It always works fine. There are no issues.

The Securonix cloud-native platform helps minimize infrastructure management. We don't need to buy a server. We don't need to manage it. 

As per our technical team, the initial setup was fine. It wasn't really difficult.

I am from the sales department, so I don't get involved in the implementation.

The solution is deployed on-premises.

For me, the system setup, itself, was of medium complexity because, for both applications, there were standard connections into them. We had to write our own queries. We learned from that. Our homegrown system was fairly easy because we just look for objects downloaded. Our other application looks for more than just these download events. So it was more complicated to come up with the query and then for us to come up with use cases to have the system analyzed. 

We find that that process is ongoing. From when we started, we've never really stopped improving how we're trying to get results with the system. From my experience, you don't set it up and you're done. It's very much an evolutionary process. As you learn more, you can help feed that into the system. You can say, "Oh, I thought this was a problem. You're saying it shouldn't be. Okay, I'll take care of that now and I won't flag that. Or I'll make a different peer group to analyze data against." For us, it's very much a continuous process so that we can improve and hopefully minimize what we think are things that we need to investigate.

In terms of how long our deployment took, to me, it is still evolving. If I look at the initial one that we did on rev 5, the system was set up in October and just after Christmas we were, for both sources, doing pretty well. We were getting very usable results. The homegrown one was very easy to implement and we got that one going before Christmas. The other one is a little more complicated and took about three months. We've constantly refined ever since. 

The implementation strategy, initially, was to apply it to these two applications but we didn't necessarily know what we would find, what the typical behavior would be. So we really needed to understand what people are doing, with our various use cases. Our strategy has been to continue to improve, to reduce the amount of time we take to look at data to see if something is an issue. And then, we're looking at a reading in more engineering data sources.

Currently, we're in the process of figuring out the best way to read in from a SharePoint Azure site, to get data from our SharePoint on what people are using for accessing documents. Then we're also looking at what we call data "exfiltration," which is: Did somebody take the data once they downloaded, did they send it to a printer, did they email it out? Did the data go somewhere off the computer of the user to somewhere else? Our strategy has included taking that to the next step.

When we move from rev 5 to rev 6, there are new capabilities, new enhancements, and so it took a few months to get ready. The best way to describe the move to rev 6 is that it's a totally different system. It's a SaaS environment. The one we have now is on-premise. What you do is re-set up the use cases that you are currently using and your policies and then re-ingest data, but from a shorter timespan. Because of what we were doing, it is a little more work. But the Securonix folks helped us with the initial setup and the data ingest. From our standpoint, it was just a matter of validating on our internal system for rev 5, how the data was looking in rev 6. It certainly took some time.

I am just an analyst. I didn't take part in the deployment.

The initial setup is straightforward, it is easy to deploy.

First, we saw how many events we had in the past SIEM. Under that same report, the infrastructure was made in Securonix, the RING was built, the platforms were connected, and then we let Securonix enrich in the system while the platform was configured. After that, the monitoring started.

There were particularities. The implementation of the infrastructure was simple, but the integration was complex due to integration issues in one of the solutions.

It took approximately three weeks until we implemented everything. In terms of staff from our side, there were two technicians, one who was in charge of integrations and another in charge of configurations in the SIEM. My responsibility was more on the strategic approach. Additionally, two integration managers from the Securonix team were involved.

Securonix notifies us when it needs to do maintenance. We only have to take care of the RING since it is local and not part of the SaaS infrastructure.

Securonix is in the cloud. We have a virtual machine that stores certain platform configuration information, and since it is in the cloud, we can manage the platform from anywhere. The cloud-native platform helps minimize infrastructure management. Having everything integrated into one place makes things much easier for us.

I was only involved a little in the implementation of Securonix, but from what I heard, their team was helping our entire company, day and night, to get the implementation out as soon as possible. There may have been some problems in integration, but support cases were created and their team was always there with updates and new ways to connect our sources with their platform. Overall, it was not that complicated.

On our side, we had specialists involved from each department that wanted to be integrated with the platform, such as Windows, networking, security, et cetera. The Securonix staff was always present.

Securonix has provided us with a consultant here in Colombia. We are in contact regarding configuration of the platform to rule out possible false positives and help us focus on events that we must take into account.

It took us four months to incorporate all the sources.

There are no maintenance requirements on our part. They are constantly notifying us of updates and, before making changes, they let us know if there are going to be any interruptions in the service. 

I was involved in a certain part of the implementation that focused on the RING installation. The implementation was simple. They shared an interactive manual with us and there were no problems. Onboarding the sources was not such a complicated process. We needed three to five employees for the implementation.

They also provided guided training in which a representative from Securonix helped us with the queries we had.

Maintenance is mostly managed by Securonix. We are hardly involved in it.

If you follow the documentation, it is straightforward. If you don't want to read, it will be complex. I don't review documentation anymore. I did it twice when I started, then I went in, wrote a batch script, and automated the whole process. Now, I just need to make some changes before running that script.

The deployment takes 35 minutes on the client side.

The initial setup was a little complex, but going into it we knew it's a complex solution. We didn't expect that it would be out-of-the-box. Our expectation was that it was going to take a little bit of time to get it set up and integrated and then to learn different profiles on users. It was somewhat complex, but it wasn't anything that we weren't expecting.

Our case is a unique situation where we aren't using Securonix as our SIEM so we had to send logs from our SIEM over to Securonix. There was some tweaking of the parsing that we had to do; how they were able to normalize the log and stuff like that. That took a little while to get up and running.

Overall, our deployment took about two to three months.

In terms of an implementation strategy, we had Professional Services from Securonix help with the implementation. They did a lot of the heavy lifting for us.

The setup was complex. The data mapping was complex because of our own structure and environment. From start to finish, it took us about three-and-a-half months before we went to production.

In terms of an implementation strategy, we worked with Securonix to develop a statement of work and we followed that. It included development and identification of data sources, implementing or ingesting those data sources, and applying use cases to those data sources as we fed them in.

The initial setup failed. We had to move to a different solution completely. The installation process was terrible. It was not straightforward. 

For the initial setup a team was assigned and a command was set up, so it was pretty straightforward. We had already gone through a PoC. Coming from a SIEM background, I understand the whole architecture and the process that takes place. We were looking at reducing the timelines and, as we go through it, we are seeing that. The log integrations are pretty fast and, as I said, tool management is done at the backend. So, the initial setup is pretty good. We got logins the day we wanted them. They were assigned, and we are proceeding ahead with the deployment, and we're pretty close to it.

The strategy was to shorten the timeline. My COO and our company didn't want to waste time in long processes. So the strategy was to first have a list of log sources, prioritize them, and integrate the important ones, and the ones that could be integrated fast, immediately into the system. The second step was to streamline the rules, to baseline the rules initially. We already had our team to work on the alerts. The strategy was to get it up and running as fast as possible. We're doing it in phases. We have already done the first phase and with the second phase we are almost there. Within the first two months, we'll have most of the SIEM organization done as well as baselining of the rules done.

The initial setup was straightforward for us because it is SaaS. For us, it was just a matter of forwarding the logs to them. Within two days we were able to start seeing our data in their environment. Our previous deployment took us six months. That's what the cloud is. It is so much easier. It's someone else's problem to manage and maintain it.

In terms of our implementation strategy, for us the key was is to prioritize: What was the number-one thing we wanted to start sending and get visibility into? We prioritized our applications and created a multi-phased approach. We specified, in the first three weeks, the three applications that were business-critical which need to be monitored. Then we added some more, then we added some more. Overall, over the course of six months, we had all our data sources integrated, fine-tuned, and ready to go. It was important to follow a phased approach. If we had started to put everything in at once, we would have had too much noise to manage.

The initial setup was relatively uncomplicated. It basically involved operations, with which we had some issues.