A helpful feature would be an event export. A way to create more substantial summary reports would be nice.

The incident response area should be improved.

It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult.

When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

The solution could provide more automation. There should be proactive creation of use cases specific to particular hospitals. What we get out of the box is not necessarily good enough. We have to build the use cases as a service provider. There's room to improve the use cases provided by Securonix.

It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud.

When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated. 

One of the things they can improve on a little bit is the usability side, to make some things simpler. Maybe it's because of their customer base, but the tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it.

I work in Brazil, and the solution is not very well known here. The market for technology in Brazil, not related to the quality of the product, is not very favorable yet. I see this as a challenge. We need to invest more effort in raising awareness and educating people about the product's capabilities. 

Additionally, one aspect that could be improved is the pricing of the product in Brazil. It is reasonable, but when compared to similar tools or products that are more common in Brazil, it tends to be a bit higher.

Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities. Other products have machine learning and AI algorithms that can trigger alerts automatically. This is a key feature that Securonix Next-Gen SIEM needs to be improved.

Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence databases that they use. The idea is that they share what threats they are detecting.

It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process. 

Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source. That should be updated on a regular basis.

In some of the policies, the geographical location for a single IP is from a specific country, but the IP doesn't match. For instance, if the log is from China, the actual location of that IP will be from somewhere else, not China.

Sometimes, there is instability in the data in terms of the customization of the time. They should work on stability on tool. However 6.4 jupiter version is much more stable.

Customers may plan their next year's budget. If customers find that they haven't derived value from the solution, they might think about the prices, and then they would reevaluate the solution, after which they choose another solution.

The technical support of the solution is an area with shortcomings and needs improvement. My customers didn't face any issues regarding support from the solution's vendor, but it could be from the partner or from those providing support for the solution. Support could be more flexible, and they can delegate the support part of their operations to partners.

It's tough in some cases for the solution to do it, but we have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that. That's a difficult problem to solve because it's very application-driven and very user-driven, based on what the user's role is.

Sometimes, the injectors lag and are not loading. It would be nice if that could be improved.

Securonix Next-Gen SIEM is good for helping us ingest all our log sources when investigating threats. However, there is a glitch where we can't get it up and running. They are working on this issue, which is good.

As far as what can be improved, again it is the pricing. I'm not sure how they are proceeding with the identity-based pricing compared with DB pricing which most of the vendors are using today. Some of them are dealing with EPS based pricing.

The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static.

Also, the Autonomous Threat Sweeper is very enriching but, that being said, the threat detection report lacks a little context. The feature to sweep autonomously is good. The way they could improve the ATS would be to use more awareness and communication with the user. They don't give us much detail in the threat detection report. It would be very helpful if they explained the impact to us.

We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform.

It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail.

The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They should allow me to make changes according to my scalability. I would like a little bit more changes in the analytics and visual views that they already have out-of-the-box in the platform. They are working on this, but I have not heard from them for a while. I'm satisfied with the visualization that they have, but I would like to get some more out of it. For example, I am taking the report and manually making changes. I want all those changes already integrated and automated, so they are automatically done in the product.

I would not say its threat hunting is easy or difficult to use. It is medium because it totally depends on the data that is coming to you. It does not depend on the platform. It depends on whether you can find the correct attribute that you need to look at, then you can go further on that. They are working on this. They are introducing more features, e.g., they have a couple of updates pending at this time. They are working on it to cut down the steps. If I am doing 28 steps right now just to onboard our data, then they are cutting those steps down. They are also putting more automation in the solution. While they are working on these improvements, it is just a matter of time. 

It ingests 85% of all our log sources already built into the product when investigating threats. If the data sources have the functionality, Securonix will create a custom parser for us on a request. If the functionality is not there in the product, then there is a difficulty, but we can still ingest it through the file base, etc. However, I am not a big fan of the file base because a user is creating a file per day for data that was generated the day before. Specifically for activity that has already taken place, we can prevent it, but we cannot stop the activity.

Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things.

Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along.

I think they have fixed the encryption piece and they have supposedly fixed training. I haven't seen the new training modules yet. The reporting and metrics will be improved in the next release, from what I understand.

There is room for improvement in the product's integration with ServiceNow and in the reporting features.

We thought they were going to be a great product, however, they're actually not great at all as an MSP.

The integration is very bad.

The initial setup failed in both use cases.

The technical support is terrible and completely unhelpful.

The product itself needs a lot of work; it's very immature.

The stability isn't great.

There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process. We would like to partner with different teams that can implement and deploy it faster, whose only job is just to go to the client's site and deploy. Just do it. That's one improvement, based on my experience, that would definitely help them go a long way. Because the way they are expanding they need to focus, because the first impression is the last impression. During the initial one to two months of deployment, that momentum and that support you provide a client is very important. That first two months after a client buys it, how the deployment goes, leaves a long-lasting impression on the client and the team.

The UX could be simpler. I know they're working on it. I would like to have one dashboard that has everything in it. We have compliance needs. We have investigation needs. And we have situations where an analyst needs to look at threats. These three things require a different view of how they look at the threats. What would be good is to have Securonix create three different views of their Security Command Center so that, depending on the persona of the person logging in, they'd get the relevant data they need and not see everything.

We would like to see better integration with other products.