There are a number of things that are very useful.

What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at.

The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to go through, using Microsoft Excel and a couple of other methods, to bring data together.

The third feature is the ability to create watch lists that highlight specific predefined events in a separate window - or widget, as they call it. If I want to highlight something of interest without changing the risk score, or affecting any of the threat or risk models that we have in place, I can create a watch list. It moves those events to an area where an analyst will see them, first thing, without changing any scores or any other manipulation of data. I can highlight events that way.

The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions. This was one of the reasons we decided to try or move to Securonix. Other products generated thousands of events, and a lot of them were false positives, which made it difficult for us to handle all the events. For example, we were monitoring a firewall internally, and that firewall generated about five million events per month. The previous product detected almost 1,000 to 1,500 events as positive events, whereas Securonix generates less than 200 events, and most of them are not false positives.

It can integrate with a lot of solutions. Being able to ingest all our log sources when investigating threats is one of the good points of Securonix. After we started to use Securonix, we could integrate a lot of solutions, which we couldn’t do previously. It works with many devices, platforms, and cloud solutions. It is pretty good in terms of integration.

The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry.

Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice. 

It is user-friendly. Its user interface is better than the other tools.

I like the playbook integration. In the beginning, we had a few hiccups because the tool was developing, but after that, the threat intelligence tool that we integrated got more accurate and better. The whitelisting and blacklisting of IPs, domains, or users were also working. 

Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it. 

Securonix accommodates customer requests in the upcoming versions very well. They do their best to bring in the features required by a customer. We were able to have custom widgets for different departments or specific use cases. All tools do not provide such customization. Securonix was good at taking a request, reviewing it, and if it made sense, adding it. We got at least one or two features added. 

One of the most valuable features it has is the threat chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before. 

It also has the ability to detect low and slow stuff. Whenever we've had any dormant issues or dormant malware - dormant processes which get executed much later - it has tremendously helped us with that.

The most valuable aspect is the ability to automate tasks, particularly user behavior analytics. It streamlines processes and makes it very efficient to work with, both for me and the users in my company.

The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features.

For optimization and data analysis, it has a good evaluation engine for repeat offenders and that has helped us to detect, on time, what other basic SIEMs did not detect. Those other solutions needed more time to detect at that same level.

We can customize our use cases with the tools provided by Securonix.

It is an excellent tool that can ingest data in different ways and is very flexible.

The most attractive feature of Next-Gen SIEM is UEBA. The solution creates a user baseline and detects spikes and outliers. Before we started using Next-Gen SIEM, we used traditional signature-based detection. Signature-based detection checks whether a malware signature exists in the database, whereas behavioral detection analyzes all the data.

For example, let's say a given user accessed a device ten times in the last 30 days during regular business hours on weekdays. Next-Gen SIEM will send an alert if the user accesses the device on the weekend or 20 times in a single day. Based on that, we will investigate and email the manager.

The correlation rules and the Spotter carriers are essential in any SIEM. One new feature I like is the Autonomous Threat Sweeper. We will get a notification that a recent attack has entered the environment. They'll provide all the information we need to investigate. It's an excellent feature, but we've only been using it for three to four months. Threat Sweeper does the job in the background whenever we all have some other work. We go through the notifications and decide whether they're essential or not. 

Threat Sweeper is handy. It will clearly show where the anomaly in the data occurs. There is clear information about the IOCs, IP addresses, domain names, etc. We can easily run it in the background and forward the same threat detection report to the other consult teams, like the network and server teams. Another new feature is XDR. I haven't used it, but I've heard it uses signatures and behavioral analysis efficiently.

When I started to use Securonix, I was a little confused, but I could pick it up after a week. Everything is UI-based, and all the information is available on one page, so you don't need to go to different tabs to get what you need. It's very user-friendly. With a click, you can open all the reports you want and generate as many queries as you need. There's no need to use commands.

The most valuable feature is that it works on user behavior and event rarities. Those features are in Splunk too, but they're not as effective. Securonix's customer service is also pretty good.

It's not difficult to use the interface, but there's a lot of documentation to read.

We haven't experienced any performance issues when ingesting log sources and investigating threats. The response is good.

SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable. It is a value-added item. It also has third-party TPI.

SNYPR is valuable for any organization because it is not only a traditional SIEM. It is also a UEBA tool. It does behavior analytics. As a UEBA tool, it has a lot of features. You can see a lot of things in the UI itself. It provides a lot of analytics. You can see how a policy is working and how it is giving you the flags if you want to reduce false positives. You can have all the visibility in the UI itself. You don't need to check anything in the backend for this.

It has a feature called Threat Model to identify a threat. For intelligence, it has a feature called Autonomous Threat Sweep that is valuable. 

The reason why a customer chooses the solution for its features depends on the customer. Customers may choose it based on budget or the features they're looking for, and it varies, honestly.

I am from the sales team and the technical team, because of which I can't speak much about its features.

The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects, files from either the engineering or the homegrown application. It's very easy to see people's patterns, what they typically do. The system might identify somebody who is engaging in anomalous behavior. Especially with the product's rev 6, there are a lot of tools to go in and do investigations, even without talking to the person, to try to determine what were they doing. Is it a case that they normally don't do something but this looks like a legitimate action, or is it something we need to investigate? That is pretty neat.

The policy violation feature is quite interesting. Policy violations trigger before the end of the month and they go into effect.

We haven't seen any security complaints or data breaches, reducing the time needed for investigations by 30%.

The user interface is easy to learn and navigate.

The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors.

The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has. Something to keep in mind is that Securonix needs a lot of initial work to be able to properly enrich itself, but once installed it is very powerful.

It's very good in helping to ingest all our log sources when investigating threats. That is back to the enrichment theme. It's very powerful. When you ingest data to Securonix, what it does is feed back to other sources like your firewall, and antivirus proxy, and vice versa. And the use cases filter data.

The UEBA capabilities are also very valuable.

One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company. It has provided us with a lot of information and research.

Among the most valuable features are its

• reporting capacity
• graphics 
• UEBA analytics.

The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it.

The autonomous threat sweeper also seems very good to me. It is a very striking and productive tool for our business. It's highly important to implement ATS because it allows us to scan for specific events that may happen.

Also, the ease of searching that the Spotter tool offers us is a welcome feature and the data insights have been very useful for our research work.

Features, like Spotter, are the most valuable. Spotter is a wide range of research for any of the incidents that happened under my clients' data. 

They also have a feature that separates violations according to top violators. So, I can go in and see all the use cases that got preserved under them. It is an intensive search type of thing. You can just keep digging in. There are other policies attached to it. There are some remediation steps and recommendations attached to it. 

Securonix’s analytics-driven approach for helping to find sophisticated threats and reduce false positives is pretty good. We are allowed to fine tune according to our requirements and our clients' requirements, which does reduce false positives. In the last 24 hours, the total number of policies with triggers was 233. When I started with this product, the false positives were 561. Therefore, the solution has helped by tuning or reducing false positives.

It helps us find sophisticated threats.

• The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. 
• There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us. 
• Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us.

In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc.

The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case.

The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate.

The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack."

Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good.

There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

I see Securonix as a full-featured SIEM. I was looking for a SIEM tool that has traditional SIEM as well as UEBA, and found Securonix to be a good fit for our company, Avalara.

Another good thing is that I was looking to move away from tool management. I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available.

When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases.

Our number-two criterion comes from the fact that we are a cloud-first company, so we needed a solution that would work in the cloud and work with the cloud. Working in the cloud means it would be a service, a SaaS offering. And working with the cloud means it would integrate with our cloud applications and monitor our cloud environment. Their product was the most-ready SaaS product in the industry.

The solution's cloud-monitoring functionality is the only thing we use, because we are a cloud company. Our Office is Office 365, our HR system is BambooHR. Everything we use is hosted in the cloud. So cloud monitoring is the number-one use case for us. In addition to those applications, the solution monitors Salesforce, which our sales team uses, Concur, which is our time and expense system, and it monitors our own application that we use for providing service to our customers. And finally, it monitors our AWS environment.

They have done a great job building the API-based connectors so they can automatically pull data from these applications. They have packaged use-cases that they provide us and, in certain applications, those use-cases are still a work in progress. But I feel confident that the content they have is good and they're improving on it continuously. There's a lot of development that happens on the cloud front. For example, Office365 changes every three months. Cloud applications are new so there's a lot that goes on with these applications. So vendors have to keep updating their content to align with where the cloud application is. Securonix is doing a good job of staying abreast with the latest and greatest developments on the cloud-vendor side and updating their content. A lot of their competition is very poor. We had QRadar in our environment but it couldn't even connect to Office365. From there to where we are today, it's a huge improvement.