Securonix Security Analytics Initial Setup

Greg Stewart
Director of Intellectual Property Protection at a pharma/biotech company with 1,001-5,000 employees
The initial setup was very straightforward. We used Professional Services and we had three meetings a week in the build process. It dropped to two meetings a week as we were migrating from one system to the next. Then we went to weekly and then biweekly break-fix meetings until everything was up and running. Within two weeks they had it pretty fully in place and then we spent about another two weeks fine-tuning different details, because it processes data differently than the on-prem version. We were up and fully in production on the new system inside of a month. We created the cloud-based version in parallel and we kept the on-prem solution up and running until we cut over, 100 percent, to the cloud-based solution. We kept them running in parallel for an additional month so that we could check risk scores back and forth between the two systems, to make sure one was not capturing events that the other didn't, with the exception of "net-new." As I said, when we put in the new cloud version, that enabled six more data inputs which, obviously, didn't exist in the on-prem version. But for the things that were identical, we made sure it was up and running and accurate. Then we just cut away from the old one all-together. View full review »
IT Project Manager at a manufacturing company with 10,001+ employees
For me, the system setup, itself, was of medium complexity because, for both applications, there were standard connections into them. We had to write our own queries. We learned from that. Our homegrown system was fairly easy because we just look for objects downloaded. Our other application looks for more than just these download events. So it was more complicated to come up with the query and then for us to come up with use cases to have the system analyzed. We find that that process is ongoing. From when we started, we've never really stopped improving how we're trying to get results with the system. From my experience, you don't set it up and you're done. It's very much an evolutionary process. As you learn more, you can help feed that into the system. You can say, "Oh, I thought this was a problem. You're saying it shouldn't be. Okay, I'll take care of that now and I won't flag that. Or I'll make a different peer group to analyze data against." For us, it's very much a continuous process so that we can improve and hopefully minimize what we think are things that we need to investigate. In terms of how long our deployment took, to me, it is still evolving. If I look at the initial one that we did on rev 5, the system was set up in October and just after Christmas we were, for both sources, doing pretty well. We were getting very usable results. The homegrown one was very easy to implement and we got that one going before Christmas. The other one is a little more complicated and took about three months. We've constantly refined ever since. The implementation strategy, initially, was to apply it to these two applications but we didn't necessarily know what we would find, what the typical behavior would be. So we really needed to understand what people are doing, with our various use cases. Our strategy has been to continue to improve, to reduce the amount of time we take to look at data to see if something is an issue. And then, we're looking at a reading in more engineering data sources. Currently, we're in the process of figuring out the best way to read in from a SharePoint Azure site, to get data from our SharePoint on what people are using for accessing documents. Then we're also looking at what we call data "exfiltration," which is: Did somebody take the data once they downloaded, did they send it to a printer, did they email it out? Did the data go somewhere off the computer of the user to somewhere else? Our strategy has included taking that to the next step. When we move from rev 5 to rev 6, there are new capabilities, new enhancements, and so it took a few months to get ready. The best way to describe the move to rev 6 is that it's a totally different system. It's a SaaS environment. The one we have now is on-premise. What you do is re-set up the use cases that you are currently using and your policies and then re-ingest data, but from a shorter timespan. Because of what we were doing, it is a little more work. But the Securonix folks helped us with the initial setup and the data ingest. From our standpoint, it was just a matter of validating on our internal system for rev 5, how the data was looking in rev 6. It certainly took some time. View full review »
Chief Technology Officer at a tech vendor with 51-200 employees
The initial setup was straightforward for us because it is SaaS. For us, it was just a matter of forwarding the logs to them. Within two days we were able to start seeing our data in their environment. Our previous deployment took us six months. That's what the cloud is. It is so much easier. It's someone else's problem to manage and maintain it. In terms of our implementation strategy, for us the key was is to prioritize: What was the number-one thing we wanted to start sending and get visibility into? We prioritized our applications and created a multi-phased approach. We specified, in the first three weeks, the three applications that were business-critical which need to be monitored. Then we added some more, then we added some more. Overall, over the course of six months, we had all our data sources integrated, fine-tuned, and ready to go. It was important to follow a phased approach. If we had started to put everything in at once, we would have had too much noise to manage. View full review »
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,538 professionals have used our research since 2012.
Edward Ruprecht
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
The initial setup was a little complex, but going into it we knew it's a complex solution. We didn't expect that it would be out-of-the-box. Our expectation was that it was going to take a little bit of time to get it set up and integrated and then to learn different profiles on users. It was somewhat complex, but it wasn't anything that we weren't expecting. Our case is a unique situation where we aren't using Securonix as our SIEM so we had to send logs from our SIEM over to Securonix. There was some tweaking of the parsing that we had to do; how they were able to normalize the log and stuff like that. That took a little while to get up and running. Overall, our deployment took about two to three months. In terms of an implementation strategy, we had Professional Services from Securonix help with the implementation. They did a lot of the heavy lifting for us. View full review »
Amit Chopra
CEO/Executive Director at Iconic Engines
It was amazing how straightforward the SaaS product was. I did not expect that. The 5.0 that we had deployed was not that straightforward. It took some time and took some back and forth. But the current version was very smooth. All we had to do was spin up a VM and put one of their collectors on it. Somebody from one of our teams reported to me that it took about an hour or so to set it up. We were able to do the upgrade of the collector ourselves. Their cloud operations team sent a notification letting us know and we just download the file and it was a simple upgrade. When there are issues, of course, we reach out. With the previous, on-prem version, the 5.0, we used to need a lot more help because there were more steps involved. But in the last one-and-a-half years, we've mostly done it ourselves. Because it's SaaS we don't have to worry about most of the components. From what I understand, this current version is much faster to set up, when compared to the previous version. In terms of our implementation strategy, we took the route that most people take: crawl, walk, run. We started off with two very simple use cases: people copying data to USBs, and uploading data over the web. Over time, we matured and kept on adding more sources, cleaning up our data, figuring out how UEBA works. It's been a journey. View full review »
Adam Fousek
VP Engineering at Union Bank and Trust
The fact that we're using software as a service, so Securonix is hosting the infrastructure, has been a huge win for us. Before, we managed all of our SIEM on-premise. We had an appliance and we had to perform operating-system patches and upgrades to the system itself. Getting it set up was easy. We had nothing to do. They just told us when it was ready. Then we had to set up all of our log collection to their remote ingestion node and then send that up to the cloud. Setup was definitely easy and we've been able to onboard a lot of our log sources in the first month. It's just a lot of tuning from there. So the initial setup was much easier than in our previous experience. View full review »
Leader - Investigations, Insider Threat at a tech services company with 1,001-5,000 employees
The setup was complex. The data mapping was complex because of our own structure and environment. From start to finish, it took us about three-and-a-half months before we went to production. In terms of an implementation strategy, we worked with Securonix to develop a statement of work and we followed that. It included development and identification of data sources, implementing or ingesting those data sources, and applying use cases to those data sources as we fed them in. View full review »
Cyber Security Team Lead at Avalara
For the initial setup a team was assigned and a command was set up, so it was pretty straightforward. We had already gone through a PoC. Coming from a SIEM background, I understand the whole architecture and the process that takes place. We were looking at reducing the timelines and, as we go through it, we are seeing that. The log integrations are pretty fast and, as I said, tool management is done at the backend. So, the initial setup is pretty good. We got logins the day we wanted them. They were assigned, and we are proceeding ahead with the deployment, and we're pretty close to it. The strategy was to shorten the timeline. My COO and our company didn't want to waste time in long processes. So the strategy was to first have a list of log sources, prioritize them, and integrate the important ones, and the ones that could be integrated fast, immediately into the system. The second step was to streamline the rules, to baseline the rules initially. We already had our team to work on the alerts. The strategy was to get it up and running as fast as possible. We're doing it in phases. We have already done the first phase and with the second phase we are almost there. Within the first two months, we'll have most of the SIEM organization done as well as baselining of the rules done. View full review »
Practice Head-CyberSecurity at a tech services company with 1,001-5,000 employees
The initial setup is straightforward, it is easy to deploy. View full review »
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,538 professionals have used our research since 2012.