We just raised a $30M Series A: Read our story

Netsurion Managed Threat Protection OverviewUNIXBusinessApplication

What is Netsurion Managed Threat Protection?

Complete managed security service and platform to predict, prevent, detect, and respond to threats across your entire business.​

Managed Threat Protection with EventTracker®

EventTracker, our flagship managed security platform, is architected to scale with organizations of any size and any stage of maturity. Whether you need a targeted supplement to your existing capabilities and staff or a complete outsourced solution, the EventTracker platform is uniquely customizable to your needs. EventTracker's “snap-in” architecture lets you enable capabilities such as endpoint protection, SIEM, vulnerability management, threat hunting and more all within one centrally managed console. All of this technology is combined with our ISO-certified security operations center (SOC) staffed by experts protecting your business 24/7.

Pricing Advice

What users are saying about Netsurion Managed Threat Protection pricing:
  • "We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
  • "Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."

Netsurion Managed Threat Protection Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Randy Carr
VP of IT Systems at Carteret-Craven Electric Cooperative
Real User
Takes the load off of our systems administrator from having to manage, vet, and analyze logs

Pros and Cons

  • "When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
  • "I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."

What is our primary use case?

Our main concern is IT security. We are looking at it from a point of view of making sure that we are fully PCI compliant. PCI is the compliance driver for us above all others. The log management, event management, and managed services are all fairly pricey services for a small business like us, but we felt the need to be able to take all the logging traffic that we are storing, then make some sense out of it. We needed someone with that expertise because we don't have a dedicated, trained security professional in our organization or in our small group. We turned to Netsurion for that service and have been happy with it.

How has it helped my organization?

It takes the load off of our systems administrator from having to manage, vet, and analyze logs. Even though they come out in a good format and we have reports from them, there is still an incredible amount of data moving through that system. 

When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with.

The solution provides 24/7 monitoring and alerting. When we have third-party security assessors come in and do our annual pentest and security review, they have ranked us as being a very mature small business compared to others that they deal with. So, we rank fairly high in terms of cybersecurity maturity compared to other small businesses with 75 employees, such as ourselves.

We don't do a lot of network analysis, but it certainly meets all of the correlation requirements that we have so we can be able to spot logins at unusual times. Or, I just got a report, not 30 minutes ago, and called one of my guys, saying, "Hey, go check on this PC because it is showing 15,000 incorrect password attempts to get to the file server. What is going on?" Obviously, it's not necessarily an indication of a breach of any kind. It is an indication of some kind of software malfunction. So, we were able to look at that and get those reports, and say, "Hey, we have something that needs our attention. I have one user account hitting a file server from one PC, and we know that a password was changed on the day that started, but we also know that the password is not locked out. This helps us analyze what the real problem is, then we are able to eliminate that it is not an Active Directory problem nor a Windows problem. We know what caused it, and it's not an intrusion attempt. However, this narrows down all those issues so we can focus on where the problem might really be.

What is most valuable?

We found the EventTracker product to be so much easier versus our previous solution with our limited experience and expertise to be able to install and get our logs, at least to meet minimum compliance. So, we appreciate the ease of use of it. 

When it comes to threat detection and response, it is done well. When we have our annual network penetration tests, they often will find things that are questionable and report on those things, usually within a weekly update report. So, we will normally see the events that took place. There have been instances where they have contacted us right away, but those have been fairly limited. We haven't had incidents that rose to the level of needing immediate attention very often, but they do confirm what we expect to be confirmed, which is that we have somebody doing things on our network with our permission who notifies us about it.

What needs improvement?

I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events.

For how long have I used the solution?

We have been on their managed services for a little over two years.

What do I think about the stability of the solution?

It has been very stable. We have had no major problems with it. We might need to put in one or two calls because of an issue logging into the software. I think we had a problem one time with a disk partition filling up, which hauls a lot of data in and out. So, that is something where you just have to be aware of it, but they have always been very responsive. There have been a few times when we might have had to go in and re-enable their remote access. They always notify us when they are going to be on that server, so we are able to tell when that outside third-party is accessing the server. So, stability has been good.

What do I think about the scalability of the solution?

We are at a terabyte of data that we are holding right now, and we have been on for two years. We have grown to the capacity that we expect to maintain unless we begin adding more endpoints to manage or watch. We don't manage every endpoint in our environment, only the ones that we consider touch anything dealing with business security. So, it is as scalable as we need it to be, but we really haven't tested that beyond the one terabyte of disk storage.

We may increase usage as we get down the road a little bit, depending on our circumstances and what changes. Right now, we are not looking at increasing it, but that could change.

How are customer service and support?

There is a dedicated team available to us. I don't call a number or leave an email, then have to deal with unknown people. Instead, it is the same folks whom I talk to every three months that host a call with us. I am grateful for the fact that these are people whom I speak to often and know our situation. They know what things are important to us. They have helped us out with some specialized reporting along the way. So, I find this gives an extra level of confidence to us that we are being looked at by people who know what is important to us.

There have only been a few times when we have needed to address a question to the SOC, but usually those have been dealt with immediately or within the day. There have been a couple of times when we have asked for custom reports and those have gotten done. Sometimes, there is a little back and forth to really understand what it is I am asking for and have them explain to me what the capability is from the logs that they are receiving from a device. However, they have been very quick and responsive to our needs, even when it is not a priority security event.

They are very familiar with our network and company. We have spent almost a year tuning the SIEM managed service. Since that time, we have continued to meet quarterly and talk about if there are modules that need to be installed or other products that we need to consider. We ask questions like, "Is there a way for you to be able to deliver this type of report to me?" They are very upfront about "yes" or "no".

We have an assigned team, so they are not sending something into a help desk then hoping it goes to the correct tech, i.e., Level 1, Level 2, or Level 3. We know their team. Anytime we send something in, we copy the supervisor for that team who will make sure it gets dealt with. So, they have been very responsive with good customer service.

Overall, I am going to give the product an eight (out of 10). It could be bigger and more mature, but then it probably would be in a niche that would have ruled them out for us. From my point of view, they are meeting our needs well. I think they are continuing to develop the product and expanding their portfolio, which is all good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a competitor, Tripwire, to Netsurion for a few years prior to moving over. We found it very difficult to configure and maintain for doing in-house work. This was prior to managed services.

We switched from Tripwire to Netsurion because of cost and complexity. Tripwire was a good bit cheaper than Tripwire. With Tripwire, we needed a third-party that helped out with making changes to it and adding additional endpoints. It just was a very complex system to set up and watch, so we made the change after being with Tripwire for a few years.

We initially just did log management within, watching the logs ourselves. They set up the system for us. We were getting reports out of it every day and trying to look at what we thought was important, but ultimately it just proved to be too much for us internally with a staff of three.

In our case, it was almost like we had an event management platform before with Tripwire, but we still didn't fully understand what could be done with it. You couldn't come ask me what I want to do with it. I don't even know what it did because we are just general purpose IT people here. We are not experts in this field.

How was the initial setup?

It is complex because we didn't really get that involved in the initial setup. They were the ones who called us, and said, "Okay, we're going to have this meeting. In this meeting, we are going to ask you a series of questions and whatever you tell us is what we are going to take care of." For example, what do you want your normal workday hours to be so we can tell that if an employee logs in at a certain time, which employees should be logging in after hours, and what systems should be talking over the weekend. They guided that discussion. It was a very easy discussion to have because they talked to us in terms of our business, not in terms of SIEM events. So, that was very good.

The initial deployment was 90 days. We signed on in August, then there was a 90-day period where we had to make sure that everything was operational. We knew this upfront. Next, we scheduled a few meetings after that. We used those next few meetings to tune the SIEM. So, we got everything in there that we expected to have over a period of weeks. They went through everything. It wasn't like drinking through a fire hose.

They were able to guide us, not giving us more information than we could handle. After we got past the initial setup period, we were able to start seeing reports. The first ones didn't make a whole lot of sense to us. However, over time, we were able to ask questions and the reports became more valuable because they were more tuned to our real environment. They began to suggest, "We now need to add in the connectors to SQL and Active Directory." We run an IBM i system, which is not a typical syslog or Windows event system. We were able to get that system set up and tuned with some reports so we could really look at our most critical systems from a security perspective. All of that happened over a period of time, yet it wasn't too rushed nor was it too slow.

What about the implementation team?

When I started looking for a managed SIEM, consultants looked over the specs and compared us with some of the bigger players. They addressed concerns that they had to me, then we dealt with those concerns in the early days of installing the SIEM. Knowing that I have a seal of approval from those consultants was very important to me, and Netsurion rose to the level of getting that approval from them. They seem satisfied with what they have seen in terms of our ability to meet all of our compliance requirements and general security needs.

The vendor’s assistance in the onboarding process helped with the product’s time-to-value and return on investment.

What was our ROI?

It enables us to devote our time to other projects that demand more of our attention. We are saving about an hour a day. 

The fact that I can walk away from this network and know that not only have I got a managed intrusion prevention system with another vendor who is looking at the edge of our network, but now I have a system which looks at the internal devices on our network. So, I have two sets of SOCs looking at what could go wrong. Between those two and our endpoint solution, I am much more comfortable thinking that if one thing misses it than another one will pick it up. So, they are part of that trifecta of products that I would expect to find a bad actor in my network. We have several other security components, but those three large products are really key to our comfort level, with being able to say, "I don't believe there is anything bad going on in my network today. If something bad did start happening, we would see it within a matter of hours, if not minutes."

We were very careful and slow to get into this world because it is fairly expensive, but I do not regret at all being there today. I just did a presentation for our board of directors on what we do for security. That was last night. I got quite a few questions from our board. One of the topics that we discussed was event management and logging. The question that came back to me was, "What else do you need to do in order to be more secure?" So, I felt that they understood what we had done and how we had done it. They were very supportive of any other features that we needed to take advantage of. Sometimes, it is just making sure that the people in management understand the risks and what is going on in the real world. That is how you sell it to them.

What's my experience with pricing, setup cost, and licensing?

We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us.

Which other solutions did I evaluate?

This was a lower cost solution for us. That was the main reason that we looked in this direction. When I bought a lower cost solution, I didn't expect it to deliver even the value that we are getting out of it. I talked to some of my counterparts and other utilities, who were using it, and they were very happy and satisfied with it. So, I haven't really looked outside of that box very much.

Tripwire and LogRhythm were the two vendors who had support for an agent that could watch an IBM i system server, which is a mid-range platform server. When we went to EventTracker, we looked around at some others, but EventTracker was the only other one that we found later on that supported that integration. 

LogRhythm would probably have been a good solution as well. However, after talking to some of my counterparts, I decided that EventTracker would be a very good solution because they spoke very highly of it. They had been very pleased with its service as well as their managed SIEM service as well.

Netsurion Managed Threat Protection is more small business-friendly. It has been good to have a company who suggests things along the way without pushing things on us. For example, they will say, "Here is something that you want to do, but ask your auditors." My auditors can't tell me what we should be logging or watching. They can't tell me that. Maybe a Fortune 500 company's auditors can tell them that, but our auditors don't tell us that. We pay a lot of money to auditors every year, but they don't come in, and say, "Are you watching for every disabled login?" They don't give us that level of detail. Instead, I need people who understand a small business and the realities of working with a small business budget and are able to guide us on the number one, two, or three priorities, then tell me why those are priorities. After that, I can then take it back to our security auditors and financial auditors, and say, "Okay, here's what we are doing. Are we doing enough? Is there something that we are leaving out?" 

It has been good to be able to work with people who are not high pressure on sales. They are not here to tell us that you need to do it a certain way. The door is open to whatever we want to do. Where we don't have the knowledge or experience with it, they have filled in those gaps.

The market is moving to where vendors are trying to be the single vendor who does it all for you. Frankly, I'm not comfortable with that. I'm okay with a vendor who doesn't do every piece of my security stack, because I don't really want that company. Other people may be looking for that, but I am not one of them.

What other advice do I have?

It doesn't matter whether a solution is outside or inside the US. When we look at our firewall logs, most of our spam and ransomware attacks are coming from inside the US. That is where the majority of that traffic is coming from. We shut down everything from the outside that shouldn't have access. We determine who gets on our server and when they get on it. We control it as well from the outside as we would from inside the country. There doesn't seem to be any national barriers that seem to have anything to do with whether you are really secure or not anymore. Certainly, there is a lot of risk from certain rogue countries, but vendors are vendors, you just have to vet the vendor as well.

Everything in life is a risk. You need to determine what your risk tolerance is. In our case, we take the risk of not logging every single device on our network. We don't log the laptops of the guys who work in the field all day, then come in just to do payroll. We don't care what goes on their PCs, but we do care once it touches another server somewhere. Therefore, we log those servers. It is all about risk tolerance. At the end of the day, you need to balance your budget one way or another.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JW
Cyber Security Specialist at a financial services firm with 11-50 employees
Real User
Allowed us to consolidate cybersecurity technology but there's a steep learning curve for onboarding and deployment

Pros and Cons

  • "I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
  • "The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."

What is our primary use case?

I manage 13 companies that have 300 to 400 companies underneath them altogether. We're a private equity company, so we manage one company, and they control 10 to 20 companies themselves. Our operations are decentralized, so there aren't many existing products suitable for our use cases. 

When we initially deployed, Netsurion didn't seem like a particularly robust solution. We had the reporting, and if I told them to look for something specific, they could look for it and report on it. We haven't given them anything outside of the box to look at. It tells us everything that you see. We haven't whittled it down to specific events yet.

Netsurion is on the endpoints. You install it, and it speaks to a web server. We have it on workstations and servers on AWS, Google Cloud Platform, Azure, and everything else. We're using it as a decentralized SIEM product, and it's one of the only ones out there. We use Netsurion for things like log forwarding, and we deploy it on every workstation. It's a manual process. There is an installed agent, and as long as it has internet connectivity, it goes and talks to the centralized server, and Netsurion's SOC monitors the logs for all those devices.

Because we don't have a centralized enterprise network, there are a lot of different companies involved, and they could be anywhere. They could be working from home, or there could be several employees in a coworking space. The Netsurion agent has to be installed on every endpoint and allowed to communicate directly to the internet.

How has it helped my organization?

We don't have the security staff needed to monitor log data constantly. It's too much data. You have to send it to a third party like Netsurion that specializes in that, and they have a 24/7 security operation center. We don't have the in-house staffing or the time, so we offloaded the task to a third party, and they only report on critical incidents. Then they have reporting criteria, so if it's urgent, they call us. If it's not so critical, then they email us. We don't have the capacity to do that ourselves.

Netsurion has allowed us to consolidate cybersecurity technology, including SIEM and network traffic analysis. It's not a decisive factor, but it's important. Having multiple tools keeps it centralized.

What is most valuable?

Netsurion's security operations center is critical for us because they provide 24/7 monitoring. We've never had another company meet the same need in the past. It's a valuable tool to have. Netsurion provides us with a lot of actionable threat intelligence. Their security people don't come in, but they know who to call. We tell them specifically who to call for a specific event or certain companies and they're good at that.

What needs improvement?

The product is based on an agent initially intended to talk internally, and they've simply tweaked it to talk externally. It's inside of a network versus talking on the internet. If they redeveloped the product to use internet options that are part of the operating system, it would add more security. Netsurion would keep pace with the computer as it updates and the technologies change. 

If it were to talk using the internet options inherent in the operating system, the communication would be better and more frequent. It would be part of the operating system. It would work like opening a browser and hitting the internet rather than being a standalone solution. I've suggested redeveloping the application to work more fluidly with current technology instead of working as an old solution in a new application.

For how long have I used the solution?

We've been using Netsurion for about a year or so now.

What do I think about the stability of the solution?

Netsurion is highly stable. I haven't had any issues. However, the agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically. I'd like to know if it has errors or issues to support that. Otherwise, local people need to uninstall and reinstall, and it's very time-consuming to maintain the installed product. This should be automatic. We shouldn't have to deal with that on a routine basis.

What do I think about the scalability of the solution?

I think Netsurion scales well. We've gone from a small number of agents up to thousands. I would imagine that it would continue to scale. I don't see any issue with that.

How are customer service and support?

Our SLA with Netsurion doesn't require them to respond immediately. But I haven't had any issues with them from a communication perspective. They've been very good at communicating. If we're talking about the entire process from onboarding to scaling operations, I will give their support a six out of 10, and I'm only giving them a six because they're one of the only companies that provide this service. The installation and customer care at the beginning of the process have a lot of room for improvement.

The fact that Netsurion's SOC is outside the United States hasn't been an issue for us. Most IT labor is offshored, but the communication server and the information are warehoused within the United States on Azure, I believe. I can't recall exactly what they have, but I know it is located in the US. The data itself is still housed domestically, and the third party monitors it. So I don't have a concern with it, and I think over the last 10 or 15 years, the IT industry has pretty much gone that way for the labor component.

How would you rate customer service and support?

Neutral

How was the initial setup?

The onboarding process was complex. There was quite a learning curve, and few of our technical staff knew what they were talking about on the Netsurion side. But we were expected to do all the work. There were issues with the installers and the availability of people who could work through the code. I had a lot of concerns about what was being installed and how it was communicating online. It was not communicating securely.

I was hoping Netsurion could meet my expectations and have their developers fix the application to work more smoothly. Unfortunately, it took quite a bit longer than it should have to onboard. I have five companies that have a bunch of subsidiaries. Those five are using this product on probably a thousand endpoints total. We started with the first one about this time last year, and we've only just finished onboarding. The onboarding should have taken less than a month or two, but it ended up taking a year. That was a problem that we had with them, and it could potentially impact future business.

After we onboarded the first company, the learning curve went down. I found most of the cybersecurity issues in the initial deployment and would not move forward until we resolved them. That took a few months of our time. Netsurion showed some organization from a project management perspective, but there should have been more of a technical push from their side. 

As the customer, we had to provide many technical solutions, and I believe the onboarding would have gone faster if Netsurion had provided more technical resources, not just project people. The project people would push things to the next week instead of scheduling a technical person to fix that issue specifically. They were just logging hours rather than helping us move forward.

We expected that we would be fully deployed on all the discovered devices discussed before the start of the project within 90 days after we signed the contract. Things happen, so I wouldn't expect it all to get done in 90 days, but it should've been mostly done. You need to be at 80 to 90 percent before going to the SOC level and getting reports. That should've happened in under 90 days. Regardless of how many endpoints there are, there should be a real push to bring everything in within the first 90 days.

I think that's a short deadline. At 90 days, I would expect to have the devices onboarded at a minimum. At between 90 and 120 days, I expect to start seeing reports, even if they're very generalized. I expect to see what's talking and what's not. And If we're talking about the total maintenance, it's split. I would hope that Netsurion would be managing their web server, which is the receiving server that takes all the logs in. I'm doing some sorting that allows the agent that's installed to talk back. 

What was our ROI?

It saves us from hiring someone to do the same thing. IT is a cost center, so we don't make money. We spend it. But in terms of a return on investment, it's cheaper than hiring an employee and it's providing actionable results about threats like ransomware that could be costly if we don't catch them in time. That's a kind of savings, but it's theoretical. It's not something that was accrued. It's a potential for loss. I would say that there's a return in that sense. 

I don't have a hard number because there wasn't a pre-existing solution to compare it to. But to manage the logs the same way that Netsurion does, we would need someone working at least 40 hours a week. To hire someone at the SOC analyst level, you would have to pay an annual salary of between $70,000 to $100,000. However, paying a full-time analyst 40 hours a week still wouldn't give us 24/7 service like Netsurion.  

What's my experience with pricing, setup cost, and licensing?

Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that. I believe they have a good niche where they're the only ones providing this type of service that we specifically need in our business model. 

Which other solutions did I evaluate?

We tried out a couple of competing solutions, including Comodo and Arctic Wolf.

What other advice do I have?

I'd rate Netsurion six out of 10. I'm only going above the five because there aren't a lot of other products in that niche for a decentralized SIEM product. To anyone skeptical about the need for managed security services, I would say that they need to look at whether they have the resources to provide the service themselves. I think most don't, and I believe that the cost of hiring even temporary personnel to provide that function doesn't make business sense compared to bringing in a third party like Netsurion. Cost savings, management, and 24/7 monitoring — you can't get all that for the same price.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
AY
Lead Security Analyst at a leisure / travel company with 1,001-5,000 employees
Real User
Top 20Leaderboard
Provides us with detailed search responses and concise alerts that are not overwhelming

Pros and Cons

  • "We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
  • "The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."

What is our primary use case?

We use it for security incident and event management, and we use Netsurion's hosted SOC service, meaning their SOC team also assesses our events.

The solution is on-premises. We have the agent running on our Windows systems, and we have the Linux systems pumping the syslog data to the Netsurion server.

How has it helped my organization?

The 24/7 monitoring and alerting have positively affected our security maturity because now we have people with eyes on our security events 24/7. They are monitoring our security incidents and alerting us to any incidents that need action on our end. Overall, the SOC component of the Netsurion solution is very important because without it we would need to hire more people internally to do that work. With the hosted SOC, we don't need to have a large team on our side. While their SOC doesn't know our company and what is unique about our environment entirely at this time, they are learning it now.

What is most valuable?

All the features are valuable, so far. Some examples are the detailed responses that you find within the searches. The alerts are also valuable because they're concise and not overwhelming. The dashboard layout is also a feature I like, because it's very clear. It's not cumbersome.

When it comes to threat detection and response, Netsurion is very good. They're good at incident detection and responses. For example, they found some tools that are used by hackers, tools that were running on a system, and they immediately alerted us to that fact. We investigated it and it turned out it was an administrator using that tool. But it was a good process.

Managed Threat Protection also provides actionable threat intelligence. For example, when there was a vulnerability in the Exchange platform, they alerted us that this new threat had become known, and we were able to take action by patching our Exchange servers to secure them.

We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places.

In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats. While it hasn't yet helped to identify threats we might have missed without it, we're still early on in our deployment, but eventually, once we are more mature, it will. And I believe it has helped with the time it takes Netsurion's SOC to identify and understand sophisticated threats.

What needs improvement?

The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports.

For how long have I used the solution?

I have been using Netsurion Managed Threat Protection for about 10 months.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Scaling it would be slightly complex because you would need to consciously keep track of the ports where the logs are being ingested. Scalability is not as straightforward as it could have been.

We are using it to monitor about 2,500 endpoints and we have two analysts within our organization's security department who work with the solution.

How are customer service and support?

Some of the technical forethought for the deployment was not as good as I would have expected. Some of the technical blocks that can exist in an organization of our size, issues that needed to be thought about, were not taken into account at their end. That required more input on our side, so that is why I would rate their support at eight out of 10 overall. But regarding the product itself, their technical skills are a 10. It was more when it came to the difficulties in a more complex environment that they were slightly lacking.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was straightforward. They provided us concise instructions on how to deploy the agents. They provided us packages that we could then deploy within our package deployment mechanisms, and they supplied us with the necessary tools to be able to deploy the agents quickly and easily.

Netsurion's support during our deployment process was very good. They were very helpful and attentive to us as customers. Their assistance in the onboarding process certainly helped with the product's time-to-value because we were able to deploy the agents in a short period of time and to start getting actionable intelligence pretty quickly.

Within a couple of weeks of their providing us the packages, we started deploying agents and, within a couple of months, we already had enough logs being ingested to have at least some initial, actionable intelligence.

The implementation strategy was, first of all, to have enough collectors around our network to ingest the logs from the sources, and enough log source ports to be able to handle the quantity of log sources coming in. After that came the preparation of the agents and the mechanism through which the agents were to be deployed. This strategy helped to make the deployment faster and easier.

What about the implementation team?

It was handled internally by our IT operations.

What was our ROI?

We have seen ROI in the fact that we had actionable intelligence within six months of deployment.

What's my experience with pricing, setup cost, and licensing?

The amount we pay for the service that we get is good. If it were to be much more expensive, it would not have the same value for the money.

Which other solutions did I evaluate?

We evaluated McAfee Managed Detection and Response, Splunk, and Rapid7 against Netsurion Managed Threat Protection. The biggest difference was the cost.

What other advice do I have?

If you're concerned about Netsurion's SOC being located outside of the US, I would say that location of the SOC is irrelevant. Rather, you should evaluate the skills of the SOC and the SOC management.

And if someone at another company said they are not sure that they need managed services, I would say to them that they had better make sure they have enough money to have their own internal team.

My other advice would be to make sure that Netsurion gives you a good deal compared to the other vendors.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate