CyberValken Posted November 12, 2022 Share Posted November 12, 2022 On 11/9/2022 at 12:24 AM, lost-troll said: Securonix is my latest and I'm not sold on it yet. I don't really trust it, I feel like something is always broken, but it's never the same thing twice. You’re the first one I see mention “the Gartner leader”. Securonix has been painful for my organization. You’re right. Something is always broken and don’t get me started on their detection policy logic. Their policies are riddled with typos and poor logic. Data parsing issues, ingestion issues… it’s just a mess. I feel like it has potential but it is no where near the level it sells people on. I’ve worked with Qradar, InsightIDR, Sumologic, and Securonix. Sumo is pretty great depending on your organization size. InsightIDR wasn’t bad if you subscribe to the Rapid7 agent model (but my experience was a small org with that one). Link to comment Share on other sites More sharing options...
fosec Posted November 12, 2022 Share Posted November 12, 2022 3 hours ago, CyberValken said: You’re the first one I see mention “the Gartner leader”. Securonix has been painful for my organization. You’re right. Something is always broken and don’t get me started on their detection policy logic. Their policies are riddled with typos and poor logic. Data parsing issues, ingestion issues… it’s just a mess. I feel like it has potential but it is no where near the level it sells people on. I’ve worked with Qradar, InsightIDR, Sumologic, and Securonix. Sumo is pretty great depending on your organization size. InsightIDR wasn’t bad if you subscribe to the Rapid7 agent model (but my experience was a small org with that one). I am in 100% agreement! Securonix is ALWAYS broken. I have used them for 3 years and it has gotten worse. We are in the process of migrating to Sentinel and are loving the stability. Not to mention the SOAR capabilities with LogicApps is great. Link to comment Share on other sites More sharing options...
synackbar Posted November 12, 2022 Share Posted November 12, 2022 (edited) I've used Qradar, splunk, splunk es, sentinel, elk, securonix and exabeam (though i put them in their own ueba siem bucket). I love ELK because of the speed and scalability that doesn't cost the GDP of a small nation (i'm looking at you spunk). KQL is easy to learn and teach others and Kibana makes it easy to create dashboards. Qradar is solid but is kinda the old guy on the block with nothing that stands out. Exabeam is neat but has some growing pains to overcome with scaling out for large customers securonix didnt get past poc in our shop. it was awful splunk was cool but isn't keeping up with the field in regards to tech (snowflake/cribl/tine stack works much better in my experience than the splunk es, phantom, dsp stack) Hunters.ai is the new hotness, but haven't gotten enough stick time with it to make a judgment call around it yet. Sentinel is awesome minus the ridiculously murky costs once you start integrating all the things into it. Don't even think about exporting out unless you want to pay out the nose. Our azure ad non-interactive audit logs were going to cost 30K a WEEK to store and analyze in Sentinel. Edited November 12, 2022 by synackbar spelling Link to comment Share on other sites More sharing options...
lost-troll Posted November 14, 2022 Share Posted November 14, 2022 On 11/11/2022 at 10:07 PM, fosec said: I am in 100% agreement! Securonix is ALWAYS broken. I have used them for 3 years and it has gotten worse. We are in the process of migrating to Sentinel and are loving the stability. Not to mention the SOAR capabilities with LogicApps is great. Are you using on-prem or their hosted with Securonix? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now