Securonix Next-Gen SIEM Reviews

Name: Securonix Next-Gen SIEM
Brand: Securonix Solutions
Rating: 4 (27 reviews)

4.3 out of 5

27 reviews
96% willing to recommend

1,858 followers

What is Securonix Next-Gen SIEM?UNIXBusinessApplication
Price:

Securonix Security Analytics SNYPR is a next-generation security analytics platform that transforms big data into actionable security intelligence, enabling you to take care of so much more than simply your SIEM (security information and event management) needs. In addition, it contains all of the tools that you may need to enable your organization to successfully handle both log management as well as UEBA (user and entity behavior analytics)-related tasks. The SNYPR management platform gives users the ability to combine security orchestration, automation, and response, security information and event management, network traffic analysis, and user and entity behavior analytics. This single technical environment does away with your need for multiple security, management, and analytics solutions.

Get the Securonix Next-Gen SIEM Buyer's Guide and find out what your peers are saying about Securonix Next-Gen SIEM, Splunk Enterprise Security, Microsoft Sentinel and more!

Securonix Next-Gen SIEM is the #4 ranked solution in top Identity Threat Detection and Response (ITDR) solutions and #7 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Securonix Next-Gen SIEM an average rating of 8.6 out of 10. Securonix Next-Gen SIEM is most commonly compared to Splunk Enterprise Security: Securonix Next-Gen SIEM vs Splunk Enterprise Security. Securonix Next-Gen SIEM is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Buyer's Guide

Securonix Next-Gen SIEM

March 2024

Get the report

Helped 767,319 peers since 2012

Featured reviews

Ibrahim Albalawi

SOC Leader at a tech consulting company with 51-200 employees

Jul 31, 2022

The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

Read full review

RajivSingh

Sr.Vice President & Head - Global Cybersecurity Business at Tech Mahindra Limited

Jul 11, 2023

The initial setup is easy. I don't see that as a challenge. All the features are user-friendly, and anyone with basic training should be able to install and get it started. Generally, government clients or large enterprises prefer the product on-premises. Around 20 to 30% of our clients prefer to have it on the cloud. Most of our clients have installed it on-premises because they are very large companies. Fortune 500 companies would prefer to have it in their own environment and not on the cloud. However, Fortune 2000 or Fortune 5000 companies would be more interested in a cloud environment.

Read full review

Rafael-Barrios

Cybersecurity SE at HP

Jul 27, 2022

When we have an endpoint threat, we have to move very quickly. We detect it through another tool that is associated with Securonix, and automatically the endpoint is isolated from the network. We also get some information for investigation and forensics allowing us to understand the type of threat. We get to know whether it is related to the endpoint or user behavior. We can get information on web-application firewalls and other solutions connected to Securonix, which allows us to understand the depth of the threat for a specific use case. It provides actionable intelligence on threats related to our use case. After the alerts, we can isolate the endpoints and make some modifications. We can also do some searches about the related IP on the internet and intelligence platforms. That's very nice. This actionable intelligence is pretty important. When we integrate different platforms, Securonix provides a lot of visibility and allows us to see the whole environment, not just a part. I have been working mostly on the endpoint side, but other people who are working on wider use cases can see all the dashboards and improve the security posture with Securonix. Its analytics-driven approach to finding sophisticated threats and reducing false positives is very important. With other similar tools, we have to work a lot to reduce or manage false positives. We have to improve the rules and integrations because there are a lot of false positives. With Securonix, we have fewer false positives, and there is also automatic recognition for false positives allowing us to move very quickly. It adds contextual information related to the use cases. My use case is very specific, but my partners and other teams get a lot of contextual information related to the whole company. It provides a lot of analytics related to a threat in terms of user behavior, environment, and target applications, such as databases, which is very important. It has saved a lot of investigation time. As compared to other solutions, it has saved more than 50% time. It has improved the threat detection response and reduced noise from false positives as compared to our previous SIEM solutions. The improvement in the response time is dependent on the scenario, but generally, it is about 40% more effective. When it comes to false positives, it is about 60% more effective. It has been helpful in detecting advanced threats faster and lowering response times, but I don't have the metrics.

Read full review

Securonix Next-Gen SIEM market share

Product category:

As of March 2024, the market share of Securonix Next-Gen SIEM in the Security Information and Event Management (SIEM) category stands at 1.4%, marking a decrease of 45.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Key learnings from peers

Valuable Features

The most valuable features of Securonix Next-Gen SIEM are its:

- reporting capacity graphics

- UEBA analytics

- autonomous threat sweeper

- ease of searching with the Spotter tool

- integration of all types of data sources

- enrichment capability

- user interface

- policy violation feature

- user behavior and event rarity detection

- and threat-detection reduction.

Reviews also highlight the value of the solution's UEBA functionality, actionable intelligence, flexibility in customization, and analytics-driven approach. Also notable is the tool's ease of use, console configuration, app integrations, risk scoring, and customer-centric approach to accommodating requests and adding features.

Room for Improvement

Improvements needed include:

- better visualization of log sources and loss of logs

- a more dynamic concept for threat detection reports with more context

- additional face-to-face training options

- improved stability in data customization

- increased transparency regarding indicators of compromise and cyber-threat intelligence databases used

- resolving glitches with injectors

- faster generation of Spotter reports

- regular updates for parsing and geographical location accuracy

- enhancements to the incident response area for easier use by new engineers

- faster performance when multiple tabs are open

- more administrative options for security purposes

- minimizing downtime during upgrades or patches

- allowing customization of graphical reports

- automated changes to reports and visual views

- streamlining the onboarding process

- optimizing data ingestion functionality

ROI

Users have experienced a positive return on investment (ROI) using Securonix Next-Gen SIEM. ROI is visible in terms of metrics obtained from Securonix and the ability to sell its services. The biggest ROI is in the time and manpower saved, with one engineer with expertise being enough to speed up investigations and free up other administrators.

It takes a month for the benefits of the solution to be realized. Users have been able to prevent multiple threats and improve analysts' efficiency by using the contextual information provided by Securonix, resulting in a time savings of about 30%.

Securonix Next-Gen SIEM has become the go-to tool for checking and verifying issues, saving around four to five hours a day. The cloud-native platform of Securonix has minimized the need for infrastructure management, reducing the manpower required. It has also added contextual information to security events, saving significant time compared to using a generic system.

Pricing

Securonix Next-Gen SIEM's pricing is considered good, affordable, and competitive compared to other brands in the market.

Some reviewers mentioned that the licensing can become more complex when adding more features while still maintaining that the pricing remains reasonable. There are no additional costs outside of the standard licensing fees, except for an initial installation service charge.

Securonix's pricing is pretty good compared to other products like IBM and Splunk, offering clients the opportunity to implement a solution at half the price of other companies. The pricing may vary depending on the model chosen, such as an MSP or a single tenant.

"I rate the pricing an eight on a scale of one to ten, where one is cheap, and ten is very expensive. It is a pretty expensive tool."
"Compared to other known brands in the industry, the overall cost of the licenses is a bit higher than what customers expect."
"The pricing is good, but by adding more things, the licensing becomes more complex because an EPS license fluctuates a lot. This licensing concept is going to be problematic in the long run."

Popular Use Cases

Securonix Next-Gen SIEM's primary use case is for event correlation in cyber SOC services. It is used for security event correlation, behavior-based analysis, and monitoring attempted malware attacks. It is also used for monitoring firewalls, operating systems, active directories, and solutions in the cloud. The deployment of Securonix is on the cloud, with integration with platforms such as Microsoft Azure, Amazon, and the Google Cloud Platform. Additionally, it is used for user-behavior analytics, data loss prevention, and data acceleration. Customization of the platform is done to benefit the organization's specific needs, such as failed access attempts, network issues, and allowed/blocked activities.

Deployment

The initial setup for Securonix Next-Gen SIEM was generally described as simple and straightforward. The implementation process involved following an interactive manual provided by Securonix and onboarding the necessary sources, which was not considered a complicated task.

The number of employees required for the implementation varied but generally ranged from three to five individuals. Securonix provided guided training and assistance to address any queries or issues during the implementation. Maintenance responsibilities were primarily managed by Securonix, with minimal involvement required from the users.

The cloud-native platform of Securonix was highlighted as a valuable feature, as it helped minimize infrastructure management and allowed for easy platform management from anywhere. The involvement of Securonix's team during the implementation process was appreciated, with their continuous support and updates being mentioned. The duration of the implementation varied, ranging from three weeks to four months, depending on the specific circumstances.

Scalability

Securonix Next-Gen SIEM is highly scalable and flexible. It offers unlimited scalability in a cloud environment, allowing for easy integration of larger data sources without any difficulties.

The solution can increase its capacity and processing level as needed, making it suitable for taking on new clients. It can seamlessly handle the integration of multiple log sources with the available connectors, and if a connector is not available, integration is not possible, which is a common limitation for all SIEM tools.

The solution also allows for easy scaling by increasing the EPS or allocating more resources to the RIN server, especially in cloud environments. It is considered an excellent option for scalability both for internal users and clients.

That said, in certain situations with heavy investigation and multiple tabs open, the solution may become slow or get stuck, impacting performance.

Stability

Securonix Next-Gen SIEM is highly stable and reliable. There are minimal problems and no major issues with the platform. It has consistently performed well in terms of ingesting log sources and has not caused any access or performance problems.

The tool is praised for its ability to detect configuration mistakes and its value in providing analytics. While there have been occasional instances of instability or slowdown, they are not frequent or significant. The solution has undergone improvements over time, enhancing its stability and functionality.

There's general confidence in the reliability and dependability of Securonix, and the support provided by the vendor has been prompt and effective in resolving any issues.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Securonix Next-Gen SIEM Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

12%

Government

Manufacturing Company

Comms Service Provider

Educational Organization

Energy/Utilities Company

Retailer

Construction Company

Real Estate/Law Firm

Healthcare Company

University

Insurance Company

Legal Firm

Media Company

Hospitality Company

Wholesaler/Distributor

Non Profit

Transportation Company

Logistics Company

Performing Arts

Outsourcing Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Marketing Services Firm

Compare Securonix Next-Gen SIEM with alternative products

Learn more about Securonix Next-Gen SIEM

Securonix Security Analytics SNYPR’s unified platform can be scaled up to handle up to one million security events every second. While this load may seem heavy, SNYPR handles it with ease. It is able to reduce incidents of false security positives by 60%. The access certification workload that IT administrators and managers need to deal with can be reduced by as much as 90%.

The model that this platform uses is based on a machine learning algorithm. This model gives Securonix Security Analytics’s SNYPR platform a number of extremely valuable capabilities. The platform gathers many different types of data and applies what it learns to threats as they arise. The system assigns threats risk values to determine where the areas of highest need are. Machine learning also allows you to respond to slow acting threats by using historical data to inform your response.

All of the data that the system gathers is stitched together and used to create a complete picture of the risks that the system faces. Any blind spots that may exist are exposed by the collaborative UI that compiles the system data in a single location. This also increases your ability to monitor advanced application threats.

Key Features

Some of Securonix Security Analytics’s SNYPR platform’s key features include:

The ability to enrich all data that the SNYPR platform collects. When SNYPR gathers information, it applies relevant data which can be used in the future to gauge whether or not a particular event is a threat.
The ability for data redundancy to automatically take place. All of the data that is gathered, analyzed, and processed by SNYPR is automatically copied and distributed across the system. If there is a failure in any particular part of the system, the information will still be preserved.
The ability to track historical issues and use that information to help deal with current threats. The SPOTTER feature allows analysts to look back at both old data and the contextual information that is attached to it. They can then use that data to inform their responses to similar threats that they are currently dealing with.

Reviews from Real Users

Securonix Security Analytics SNYPR platform stands out among its competitors for a number of reasons. Two major ones are its ability to significantly reduce the number of false positives that administrators have to deal with and the way that it incorporates contextual information into security events to reduce the time spent finding solutions to problems that arise.

Peerspot users note the effectiveness of these features. One user wrote, “Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine-tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.”

Another user noted, “The way that a Securonix is able to put a lot of the contextual information into the events is very helpful. That has reduced the amount of time required for investigating, ‘Hey, this might be something I need to look at,’ and then doing further research. It puts all of those violations in one event or case, so that you can look at different types of violations that all correlate. That has reduced the amount of time for researching some of those cases. It's dependent upon the scenario, but in some cases it could save an hour of going out and doing a bunch of individual searches.”

Securonix Next-Gen SIEM was previously known as Securonix Security Analytics.