Securonix Security Analytics Valuable Features

Greg Stewart
Director of Intellectual Property Protection at a pharma/biotech company with 1,001-5,000 employees
There are a number of things that are very useful. What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at. The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to go through, using Microsoft Excel and a couple of other methods, to bring data together. The third feature is the ability to create watch lists that highlight specific predefined events in a separate window - or widget, as they call it. If I want to highlight something of interest without changing the risk score, or affecting any of the threat or risk models that we have in place, I can create a watch list. It moves those events to an area where an analyst will see them, first thing, without changing any scores or any other manipulation of data. I can highlight events that way. View full review »
ITProjec55d8
IT Project Manager at a manufacturing company with 10,001+ employees
The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects, files from either the engineering or the homegrown application. It's very easy to see people's patterns, what they typically do. The system might identify somebody who is engaging in anomalous behavior. Especially with the product's rev 6, there are a lot of tools to go in and do investigations, even without talking to the person, to try to determine what were they doing. Is it a case that they normally don't do something but this looks like a legitimate action, or is it something we need to investigate? That is pretty neat. View full review »
ChiefTecaa40
Chief Technology Officer at a tech vendor with 51-200 employees
When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases. Our number-two criterion comes from the fact that we are a cloud-first company, so we needed a solution that would work in the cloud and work with the cloud. Working in the cloud means it would be a service, a SaaS offering. And working with the cloud means it would integrate with our cloud applications and monitor our cloud environment. Their product was the most-ready SaaS product in the industry. The solution's cloud-monitoring functionality is the only thing we use, because we are a cloud company. Our Office is Office 365, our HR system is BambooHR. Everything we use is hosted in the cloud. So cloud monitoring is the number-one use case for us. In addition to those applications, the solution monitors Salesforce, which our sales team uses, Concur, which is our time and expense system, and it monitors our own application that we use for providing service to our customers. And finally, it monitors our AWS environment. They have done a great job building the API-based connectors so they can automatically pull data from these applications. They have packaged use-cases that they provide us and, in certain applications, those use-cases are still a work in progress. But I feel confident that the content they have is good and they're improving on it continuously. There's a lot of development that happens on the cloud front. For example, Office365 changes every three months. Cloud applications are new so there's a lot that goes on with these applications. So vendors have to keep updating their content to align with where the cloud application is. Securonix is doing a good job of staying abreast with the latest and greatest developments on the cloud-vendor side and updating their content. A lot of their competition is very poor. We had QRadar in our environment but it couldn't even connect to Office365. From there to where we are today, it's a huge improvement. View full review »
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: September 2019.
371,917 professionals have used our research since 2012.
Edward Ruprecht
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
* The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. * There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us. * Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us. In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc. View full review »
Amit Chopra
CEO/Executive Director at Iconic Engines
One of the most valuable features it has is the threat chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before. It also has the ability to detect low and slow stuff. Whenever we've had any dormant issues or dormant malware - dormant processes which get executed much later - it has tremendously helped us with that. View full review »
LeaderIn0c93
Leader - Investigations, Insider Threat at a tech services company with 1,001-5,000 employees
The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case. The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate. View full review »
SvpInsidd30c
SVP Insider Threat at a financial services firm with 10,001+ employees
The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack." Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good. View full review »
Find out what your peers are saying about Securonix Solutions, Splunk, Exabeam and others in Security Information and Event Management (SIEM). Updated: September 2019.
371,917 professionals have used our research since 2012.
Sign Up with Email