We looked at a product from Lockheed Martin which was very analyst-centered. It produced a lot of CSV files as output and required having an analyst who could really pull together Excel spreadsheets and do a lot of manual work. 

We had looked at Securonix for a couple of years at trade shows and we knew we liked the concept of an UEBA. But then when we did a demo with them in a bake-off with the Lockheed Martin product, and the Securonix user interface was hands-down better and the event correlation and the behavior analysis pieces were what really sold us. We have a number of static, pure analysis rules built for behavior analysis, but now that we've had it in place for a few years, it's far more sophisticated in the dynamic behavior analysis, through the machine-learning the system does. That has been far more beneficial to us than the static rules.

In those respects, they were hands-down better than the other product we put them in the bake-off with. Quite honestly, it has worked so well in the six years we've had Securonix in here that I haven't gone back into the market to even looked at what the competition has. It saves me a lot of stress. 

Looking for a new product and evaluating takes so much time and there's so much cost in swapping them out. For example, if you had invested in a server infrastructure and have to take that down because it doesn't match up, there's a cost to that. There's software licensing. There's also the fact that my team has five years of experience in navigating the Securonix user interface. With a new product, they'd have to start from scratch, learning something new.

We tried to evaluate some of the other products, but we decided to go with Securonix for the business part. It was easier for us to meet the needs of our clients related to calculations.

We evaluated LogRhythm. The first problem that we faced with LogRhythm was that it would have been pretty difficult for engineers to handle in terms of the user interface. As compared to Securonix, it was also very expensive. Securonix had most of the features or functionalities that we were looking for. We also evaluated Exabeam, and we had the same problem with the price and features.

My team had definitely looked at other tools, but I was not involved in the PoC. 

In my market and environment, I compete with Splunk, QRadar, and IBM. I've also heard about Hexabeam, but it's not a major competitor here in Brazil. Another one we're considering, which has posed some challenges, is Google Chronicle. However, the two biggest competitors for me are Splunk and QRadar.

When comparing Securonix to Splunk, one issue is the pricing; I believe even Securonix is on the higher side. However, in terms of working with cloud environments, Securonix has an advantage as it performs exceptionally well in the cloud. Unlike Splunk, which struggles in cloud setups, Securonix handles it perfectly. Additionally, in terms of crunching work in the database (DB), Securonix performs better and more efficiently than Splunk, making it a better choice for such tasks.

Other products seem to have a more established market presence, and people are familiar with them, but they might not be as acquainted with Securonix. However, I am confident about the quality of Securonix, and when I get the chance to demonstrate how it works, people tend to like it.

Furthermore, in comparison to IBM, I don't encounter any technical problems with Securonix. The quality of Securonix is solid, and I have no issues discussing its capabilities. When it comes to pricing, Securonix offers a more competitive solution. Even if it's only ten percent better than Splunk in some aspects, the overall value makes it a better option in the end. If the price difference is not as significant, it's more likely that customers will choose Securonix over other options.

We were thinking about Splunk, QRadar, and Rapid7. One of the drawbacks of those systems would be the infrastructure. Many of the other platforms, including McAfee, need boxes or deployment servers in our infrastructure or our clients' infrastructures and, in many cases, the infrastructure is growing continuously.

With Securonix, that does not happen. It is a cloud solution that only requires a small deployment server with low resources, depending on how many events are received. And all that information is stored in the cloud as well.

The cost, compared to other solutions, is better.

Compared to other platforms, it is very simple yet, at the same time, it is very efficient because it packs information into a glance. After that, it gives you the option of hunting threats and that can be initiated on the dashboard.

It is very intuitive. A person who has a certain notion of cyber security can move quickly since it gives you information about any attack. It gives you a summary and it gives you links to receive information. And if you don't have much knowledge of the tool, you can always take the courses that are free on the web. Doing so helped us understand the solution.

We did evaluate other options. The main competitor was Exabeam. My manager was the one who did a lot of the investigation of the various tools.

At the time, the competitor's system was extremely limited in the number of data sources it could read in, whereas Securonix had a lot of pre-made connectors. In our cases it had out-of-the-box connectors to the two data sources that we needed. We had to write our own query, but it could at least connect directly into the logs that we had.

The other thing that Securonix had, and the other one didn't, is incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it. Since it was all integrated, it was extremely helpful. That was one of the things that we liked. 

Also, at the time, Securonix was the most mature in the user and entity behavioral analytics, among the groups which offered that kind of functionality and software.

This is one of the best tools that I have seen.

We did evaluate other options before choosing Securonix. As an MSSP we use many products. It all depends on the kind of requirements we get from the customer. We evaluated QRadar and Splunk. As an MSSP, we use a combination of tools.

The major difference between Securonix and the rest is that their security data-link is very open and the hosting of that platform is much simpler compared to other vendors.

Because there is no proprietary thing involved here the log management should be much easier compared to others.

Securonix is very easy and very intuitive compared to the other platforms. At the access level, it is much more practical. However, there are other platforms with better research levels and data ingestion than Securonix.

We evaluated Splunk, which is very similar to Securonix. We went with Securonix because we wanted to understand more about UEBA and enrichment, and for financial reasons.

In terms of threat investigations and onboarding, versus previous solutions that we have used, having access to UEBA allows you to analyze threats based more on behavior. But if you were to manually model, in other SIEMs, all the use cases that Securonix has, they would be very similar. Something that Securonix has in its favor is the enrichment prior to those threat detections. It took us about three to four weeks to get all the sources into the Securonix platform.

The Securonix interface is very intuitive. McAfee had some good features and we have only been with Securonix for a short time, but it has not presented us with any problems. It seems to us much better compared to McAfee, in terms of event correlation and case tracking.

Securonix is very user-friendly and intuitive. In terms of nomenclature, it is very easy to understand where the information you want is located. Compared to other platforms, there are several UI qualities in favor of Securonix. It puts everything at your fingertips and the options tab is very accessible.

In terms of reducing false positives, we have not seen much difference between Securonix and other platforms at the moment.

I don't find a lot of difference between solutions. Everybody tries to improve their product over time. I do free testing for multiple products, and they are basically copying each other's functions.

I like Securonix because I am familiar with it and can do threat hunting in 10 minutes instead of the 30 minutes that it might take if I used other solutions.

We piloted Exabeam but we didn't go forward with them. We looked a little bit at LogRhythm's UEBA capability as well. At the time they were in the beta stages, so we didn't feel comfortable going with them. 

One of the things that we really liked about Securonix was that it is very open-platform, where we have the ability to tune and tweak and create new policies as needed. With Exabeam, everything required us to go through their Professional Services to make some of those changes. The real benefit that we liked with Securonix over Exabeam was the reporting capabilities. Exabeam pretty much removed almost all their reporting and threat-hunting capabilities. I think there was some bug that was taking place. The other thing that Securonix does that I really like is that they give you the raw log message so you can see all the details. Exabeam was only providing parts of the log message, parts they thought were relevant for an investigation, but they didn't provide everything.

LogRhythm versus Securonix is not one-to-one. We're using LogRhythm for our SIEM, long-term retention, being able to look at things over a 90-day period of time. We're using Securonix more just for the UEBA capabilities. Based on how we're using them today it would be difficult to say the pros and cons of either one. We've had some challenges with LogRhythm support and some of their feature enhancements. Some of the things they've rolled out don't necessarily work as expected or we've experienced a lot of bugs with their product. We haven't had the same issues with Securonix.

We did a PoC between two solutions and we chose Securonix. The other solution was Exabeam. One of the reasons we went with it is that someone had used Securonix at a different company. The scalability, the interface, and the results that it provided were also factors in our decision to go with it.

The only other solution that I believe we looked at was Splunk's UBA. It wasn't Splunk at the time and it wasn't mature enough at the time.

Rapid7 was one we looked at because it is also cloud-based. From a SIEM perspective, it was not where we expected it to be. We also looked at Splunk but it was too expensive. Capability-wise, Securonix was far ahead of them.