Securonix Security Analytics Valuable Features

JM
IT Project Manager at a manufacturing company with 10,001+ employees

The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects, files from either the engineering or the homegrown application. It's very easy to see people's patterns, what they typically do. The system might identify somebody who is engaging in anomalous behavior. Especially with the product's rev 6, there are a lot of tools to go in and do investigations, even without talking to the person, to try to determine what were they doing. Is it a case that they normally don't do something but this looks like a legitimate action, or is it something we need to investigate? That is pretty neat.

View full review »
AV
Chief Technology Officer at a tech vendor with 51-200 employees

When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases.

Our number-two criterion comes from the fact that we are a cloud-first company, so we needed a solution that would work in the cloud and work with the cloud. Working in the cloud means it would be a service, a SaaS offering. And working with the cloud means it would integrate with our cloud applications and monitor our cloud environment. Their product was the most-ready SaaS product in the industry.

The solution's cloud-monitoring functionality is the only thing we use, because we are a cloud company. Our Office is Office 365, our HR system is BambooHR. Everything we use is hosted in the cloud. So cloud monitoring is the number-one use case for us. In addition to those applications, the solution monitors Salesforce, which our sales team uses, Concur, which is our time and expense system, and it monitors our own application that we use for providing service to our customers. And finally, it monitors our AWS environment.

They have done a great job building the API-based connectors so they can automatically pull data from these applications. They have packaged use-cases that they provide us and, in certain applications, those use-cases are still a work in progress. But I feel confident that the content they have is good and they're improving on it continuously. There's a lot of development that happens on the cloud front. For example, Office365 changes every three months. Cloud applications are new so there's a lot that goes on with these applications. So vendors have to keep updating their content to align with where the cloud application is. Securonix is doing a good job of staying abreast with the latest and greatest developments on the cloud-vendor side and updating their content. A lot of their competition is very poor. We had QRadar in our environment but it couldn't even connect to Office365. From there to where we are today, it's a huge improvement.

View full review »
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
  • The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. 
  • There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us. 
  • Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us.

In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc.

View full review »
Learn what your peers think about Securonix Security Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
524,194 professionals have used our research since 2012.
CEO/Executive Director at Iconic Engines

One of the most valuable features it has is the threat chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before. 

It also has the ability to detect low and slow stuff. Whenever we've had any dormant issues or dormant malware - dormant processes which get executed much later - it has tremendously helped us with that.

View full review »
VP Engineering at a financial services firm with 501-1,000 employees

The most important feature is for it to be reliable and scalable so it is able to ingest the amount of logs we need in a timely manner, and then make those logs available to us for search in a very quick, reliable way.

Also, since it is capable of doing UEBA — the anomaly detection, with easy-to-create rules — as we build those rules, in some products we've used in the past, they would cause performance issues. But with Securonix that hasn't been an issue. So the ability to create rules and alerts in a viable way is also very important.

View full review »
Cyber Security Team Lead at Avalara

I see Securonix as a full-featured SIEM. I was looking for a SIEM tool that has traditional SIEM as well as UEBA, and found Securonix to be a good fit for our company, Avalara.

Another good thing is that I was looking to move away from tool management. I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available.

View full review »
Practice Head-CyberSecurity at a tech services company with 1,001-5,000 employees

The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors.

View full review »
HB
SVP Insider Threat at a financial services firm with 10,001+ employees

The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."

Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.

View full review »
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

View full review »
Learn what your peers think about Securonix Security Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
524,194 professionals have used our research since 2012.