Sold by: Securonix, inc
Deployed on AWS
Securonix is leading the transformation of cybersecurity with the Unified Defense SIEM powered by agentic AI and built natively on AWS and Snowflake. By leveraging Amazon Bedrock for advanced AI agents and a split-data architecture, Securonix delivers elastic, privacy-preserving analytics that keep telemetry where customers want it while cutting storage costs and accelerating detection. Our platform collects and correlates logs across AWS services and applies behavioral analytics and AI-driven threat models and automates response with built-in SOAR to provide end-to-end visibility for containerized workloads and hybrid environments. Recognized as a 6x Leader in the Gartner® Magic Quadrant™ for SIEM and a 2x Customers Choice by Gartner Peer Insights™, Securonix empowers organizations to move from reactive security to proactive, autonomous operations.
4.1
Overview
Securonix Unified Defense SIEM is an industry leader in agentic AI-powered SIEM built on AWS and Snowflake. It unifies detection, investigation, and response (TDIR) across AWS, hybrid, and on-prem environments without data duplication or migration. With a cloud-native architecture, continuous threat content, and outcome-based analytics, Securonix delivers faster detection, lower costs, and measurable ROI. Security teams gain 360 degree visibility, maintain full control of their AWS data, and achieve compliance with built-in reporting from a single, scalable platform.
Securonix Unified Defense SIEM delivers modern, AI-reinforced threat detection, investigation, and response designed for the scale and speed of the modern enterprise SOC. Built natively on AWS and the Snowflake Data Cloud, the platform handles massive data volumes with single tier, real time analytics that eliminate rehydration delays and deliver 365 days of always hot searchable data. Powered by Amazon Bedrock, Securonix introduces agentic AI to accelerate triage, enrichment, and response, reducing noise by up to 60% and cutting investigation time by 3x. A split architecture design keeps telemetry in your AWS environment, preserving privacy and reducing storage costs by up to 50%. Through 15+ native AWS service integrations including Security Hub, CloudTrail, CloudWatch, GuardDuty, and S3, Securonix enables unified visibility and faster response without data movement. Curated threat content from Securonix Threat Labs, continuous updates, and out of the box detections for AWS environments allow security teams to stay ahead of evolving threats with less manual effort. The platform unifies SIEM, SOAR, UEBA, and TIP capabilities in one cloud native solution to eliminate tool sprawl, lower total cost of ownership, and simplify operations.
As a pioneer in SIEM, Securonix has defined the standard for AI driven security operations, consistently recognized as a 6x Leader in the Gartner® Magic Quadrant™ for SIEM and trusted by global enterprises, MSSPs, and government agencies. The Securonix mission is to help organizations move from reactive defense to proactive, autonomous operations through AI innovation, scalable architecture, and measurable business outcomes.
Key benefits include:
Faster detection and response: Agentic AI and automated workflows accelerate MTTR and improve accuracy.
Full data control: Keep your telemetry securely in AWS for privacy, compliance, and cost efficiency.
360 degree visibility: Unified analytics across AWS, hybrid, and on-prem environments.
Proven ROI: 177% ROI and 30 to 50% cost reduction, validated through independent TEI analysis.
Compliance and assurance: Built in executive reporting aligned to SEC, GDPR, DORA, and HIPAA.
Securonix Unified Defense SIEM helps organizations stay breach ready and board ready every day by delivering elastic scale, data sovereignty, and intelligent automation on AWS.
Highlights
- Unified Defense Architecture: SIEM, UEBA, SOAR, and TIP in one cloud-native platform built on AWS and Snowflake eliminates tool sprawl, reduces costs, and accelerates response.
- Agentic AI for Modern SOCs: Powered by Amazon Bedrock, modular AI agents automate triage, enrichment, and response, cutting investigation times by 3x and reducing alert noise by up to 60%.
- Cloud-Native Scale with 360 Degree Visibility: Open-by-design architecture integrates 15+ AWS Services and 750+ data sources while keeping telemetry in your environment for privacy-first analytics and up to 50% lower SIEM storage costs.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
SNYPR-NxGEN SIEM 1K_ID | 1000 ID Nx-Gen SIEM 1 year of 7Hot, 60Warm, 365Cold storage days | $91,378.00 |
SNYPR-Basic SIEM_1K_ID | 1000 ID Basic SIEM 1 year of 60Warm, 365Cold storage days | $67,331.00 |
SNYPR -UEBA_1K_ID | 1000 ID UEBA + Insider,Cyber,CloudPackages 30 days of report | $48,094.00 |
UDS_Advanced_Bundle_P2 | United Defense SIEM with embedded datalake - 90 Days Hot 365 Days Cold - SW-R-FF-BNDL-UDSP2 | $100,000.00 |
MSSP_Bundle_P2 | United Defense SIEM with embedded datalake - 90 Days Hot 365 days Cold - includes SOAR & ATS - SW-R-FF-BNDL-BNDL-MSSPP2 | $150,000.00 |
Vendor refund policy
No refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Securonix offers a range of Support Services and Professional Services to meet the needs of large enterprise customers. For more information please visit:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Securonix, inc
By SentinelOne
By SIEMonster Inc
Top
50
In Security Observability
Top
10
In Generative AI, Security Observability
Top
10
In Log Analysis, Analytics
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentic AI-Powered Threat Detection
Platform powered by Amazon Bedrock with modular AI agents that automate triage, enrichment, and response workflows, reducing investigation time by 3x and alert noise by up to 60%.
Native AWS Integration
Integrates with 15+ native AWS services including Security Hub, CloudTrail, CloudWatch, GuardDuty, and S3 for unified visibility across AWS environments without data movement.
Split-Data Architecture
Split architecture design keeps telemetry in customer AWS environment, preserving privacy and reducing SIEM storage costs by up to 50% while maintaining real-time analytics.
Unified Platform Capabilities
Consolidates SIEM, SOAR, UEBA, and TIP capabilities in single cloud-native solution built on AWS and Snowflake with support for 750+ data sources.
Always-Hot Searchable Data
Single-tier, real-time analytics architecture with 365 days of always-hot searchable data that eliminates rehydration delays and handles massive data volumes at enterprise scale.
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Region Deployment Architecture
Auto-deployed SIEM solution with multi-region, multi-zone architecture providing built-in redundancy
Endpoint Detection and Response
XDR endpoint protection integrated with threat detection capabilities and SOC playbooks
Security Orchestration and Automation
SOAR functionality for automated incident response and threat management
Event Processing Scalability
Unlimited event-per-second (EPS) ingestion capacity with infinitely scalable architecture
Multi-Tenant Architecture
Multi-tenant infrastructure supporting role-based access control for managed service providers and white-label deployment
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
Customer reviews
Saikumar M.
Correlated Alerts Made Easy, with Fewer False Positives
Reviewed on Feb 17, 2026
Review provided by G2
What do you like best about the product?
You don't need to correlate the alerts , it's already correlated and easy to analyse the alerts, and it reduces the false positives and easy to raise the alerts
What do you dislike about the product?
You cannot analyze much using the securonix , and integration part is not easy and also if you face any error u cannot troubleshoot it
What problems is the product solving and how is that benefiting you?
It reduces the false positives, and saves time for the analyst , it's fully automated to raise the alerts
reviewer2396166
User-friendly interface has improved threat detection through real-time analytics and AI advancements
Reviewed on Jun 25, 2025
Review provided by PeerSpot
What is our primary use case?
We work with CrowdStrike, Securonix Next-Gen SIEM, and other cybersecurity products such as Gurucul. We are a service provider and partner of Securonix Next-Gen SIEM. We operate as a reseller of Securonix Next-Gen SIEM for their customers' cybersecurity as their primary defense mechanism.
What is most valuable?
They are very updated. Their customer responses are great, and they keep using the new AI tools to keep themselves at the edge of the game.
This is very helpful because there are many false positives which keep cropping up, and one of the things that Securonix Next-Gen SIEM does very well is ensuring they don't give attention to false positives. They don't take attention away from the real problems and reduce a lot of noise.
We look forward to more developments from Securonix Next-Gen SIEM in terms of their service turnaround times and staying connected with customers.
What needs improvement?
Given that they have already started improving on the service levels, there isn't much we can recommend at this point. We will wait and see how things unfold.
For how long have I used the solution?
We have been using the solution for about four years.
What do I think about the stability of the solution?
We have experienced no latency issues with the system.
What do I think about the scalability of the solution?
It's fairly scalable. We have not had any customers come back to say they cannot scale at the speed of their business growth. Typically, Securonix Next-Gen SIEM is chosen by customers who are already fairly large. They don't have very small customers implementing Securonix Next-Gen SIEM.
It's certainly meant for large entities and to some extent medium entities who are on a growth trajectory, but certainly not for small ones.
How are customer service and support?
They excel in response times and quick reactions when there's an actual threat. We work with a particular team which is regionally based out of the Middle East, and they have been very responsive, so we don't want to make any changes.
How was the initial setup?
The solution is easily integrable and fairly easy to implement.
What's my experience with pricing, setup cost, and licensing?
The solution is definitely not expensive. It's benchmarked against others in this space, and we haven't received any negative feedback about pricing from customers or prospects.
Which other solutions did I evaluate?
The choice depends on the posture that the particular company would take. If they are more mobile intensive with more endpoints, they would go for solutions from companies such as CrowdStrike. It also depends on which tool the CISO and the rest of their team is more comfortable dealing with.
What other advice do I have?
Automated threat hunting is an evolving space because you can only hunt so many threats, but there are always some that go completely unnoticed. You only know what you know.
The system is pretty robust because it covers all applications and the entire spectrum. There are cycles that you keep going through and review periodically.
Whatever feedback we provide to the Securonix Next-Gen SIEM team, they have been very forthcoming.
I rate Securonix Next-Gen SIEM a 9 out of 10.
reviewer1375044
Centralized environment supports big data while facing integration challenges
Reviewed on May 29, 2025
Review from a verified AWS customer
What is our primary use case?
We have actually used our company, which is a large one, and we are using multiple Securonix Next-Gen SIEM technologies. For the on-premises environment, we are using Securonix Next-Gen SIEM� , and for cloud, we are using Sentinel .
We primarily use Securonix Next-Gen SIEM to detect policy violations, firewall detection, and other basic parts for the on-premises system, but we primarily focus on the cloud solution because cloud is the scope of our work and we are moving to cloud slowly.
What is most valuable?
The other SIEM solutions lack an option for big data analysis, whereas in the Securonix Next-Gen SIEM, we have this option, so considering the scope of the project we planned, we chose Securonix Next-Gen SIEM over other vendors.
We utilize user and entity behavior analytics in the Securonix Next-Gen SIEM.
The reporting in the Securonix Next-Gen SIEM is very good, and the dashboard is great.
We have a separate dashboard for MTTD and MTTR. Compared to the previous solution we used, Securonix Next-Gen SIEM has many advantages on the MTTR part, as the containment and alerts automations are feasible from the response point of view.
What needs improvement?
The customization in Securonix Next-Gen SIEM is more difficult compared to other solutions. At the operation level, we are not facing many challenges with automating things using Securonix Next-Gen SIEM, but at the admin level, we have many challenges where log parsing is causing issues and compatibility is not present.
The primary technology challenge we have is not at the security tools level. For example, firewall Cisco and others are capable. However, specific to product, for SAP, we are using certain products, and developing custom connectors for each product, especially the internal applications, is difficult, and Securonix Next-Gen SIEM is not up to the mark.
For how long have I used the solution?
I have been working with Securonix Next-Gen SIEM for almost one and a half years, and we have undergone a major migration. Earlier, we were an individual company, but we have now merged with MBD, so the bank scope has been widely spread, and we have migrated to Securonix Next-Gen SIEM.
What was my experience with deployment of the solution?
We had an individual product before we purchased Securonix Next-Gen SIEM, having separate SOAR and SIEM solutions, along with separate tools for each activity. Securonix Next-Gen SIEM has built a centralized environment where we can perform all these tasks without any dependency on a separate SOAR solution for containing alerts' action items, and the big data plays a major role, allowing a large setup of datasets to be parsed into Securonix Next-Gen SIEM without issues.
What do I think about the stability of the solution?
The stability of Securonix Next-Gen SIEM is based on the events we are processing. For certain solutions where not much log is generated or stored, it handles tasks efficiently, but where a large number of logs are generated in a short time, it keeps them as a cache and releases them as an event, which takes some time. It is stable, but only at a certain level.
What do I think about the scalability of the solution?
I do not face any challenges regarding scalability. I can rate it around eight to nine, and it is very scalable and capable of handling tasks, especially for the on-premises product.
How are customer service and support?
For technical support, I can rate it as seven. They also have the same issues other vendors are facing. They are good at resolving issues but not all of them. When we reach out to someone, we often wait for the right person with the right skills to come and fix the solution, which is the major challenge.
Which solution did I use previously and why did I switch?
We validated ArcSight, Securonix Next-Gen SIEM, and Splunk while considering suitable SIEM solutions. Before using Securonix Next-Gen SIEM, we used ArcSight, where the integration created many issues, particularly data integration, because most end-of-life service systems are not supported in ArcSight, and regular content updates are not up to the mark. Securonix Next-Gen SIEM provides both options, which made us switch from ArcSight.
We also considered Splunk, and we noticed the customization in our organization is not at the level we need. We tried providing some applications to develop a custom parser, but we do not think Splunk is capable of handling such complexities.
What about the implementation team?
As I mentioned, it has been hardly a year. We have a premium subscription with the vendor for Securonix Next-Gen SIEM implementation and related activities, and so far, we have never faced any issues since the vendor support is available. It may become a challenge in the fourth year if we do not renew as a premium license and go with an operational license.
Which other solutions did I evaluate?
It does take some time to get there.
What other advice do I have?
I would rate Securonix Next-Gen SIEM as six to seven out of ten.
From my perspective, it changes based on the organization using it. If your scope focuses on big data, I recommend going with Securonix Next-Gen SIEM. If you plan to maintain the same level of scope in the on-premises environment without any advanced technology, then I would suggest going with better SIEM solutions.
reviewer2649528
Alerts are effectively managed with auto-incident creation and useful behavioral analytics
Reviewed on Feb 13, 2025
Review provided by PeerSpot
What is our primary use case?
We use Securonix for alert generation by feeding events from different data sources and creating policies. Based on policy violations, we manage alerts. It's essentially a SIEM system for what we do with Securonix.
What is most valuable?
One of the valuable features of Securonix is the auto-incident creation, which was not available two or three years ago. Previously, we had to create incidents manually when a violation was triggered. Now, the process is automatic, reducing our workload. Additionally, behavioral analytics is a useful function, even though it sometimes triggers due to legitimate actions. It requires fine-tuning but correctly detects abnormal behavior.
What needs improvement?
For how long have I used the solution?
I have been using Securonix for the last three years.
What do I think about the stability of the solution?
I would rate stability as an eight out of ten.
What do I think about the scalability of the solution?
I rate scalability as seven out of ten.
How are customer service and support?
The technical support from Securonix is good. If I raise a ticket, it initially goes to the L1 team, but the next level of escalation is really effective. Response times are satisfactory and meet deadlines.
Which solution did I use previously and why did I switch?
How was the initial setup?
Our tech team handles the setup outside of my working hours, and the process is simple.
What's my experience with pricing, setup cost, and licensing?
I'm not sure about subscriptions and pricing as it's handled by others.
Which other solutions did I evaluate?
The main competitors to Securonix are Splunk and QRadar .
What other advice do I have?
If you could improve query stability with large data sources, it would be beneficial.
Overall, I rate Securonix as an eight out of ten.
Yoganantham Theerthagiri
Interactive dashboards and behavior analytics transform security monitoring
Reviewed on Jan 27, 2025
Review from a verified AWS customer
What is our primary use case?
I use this solution for security monitoring and user behavior analytics. Banks, governments, and the oil and gas sector utilize it.
What is most valuable?
The software includes user behavior interactions, dashboards, and training capabilities. These features are interactive, allowing for comprehensive engagement.
What needs improvement?
In terms of improvements, SIEM could have better integration with other technologies.
Additionally, it might benefit from integration with other sources, such as firewalls. It all depends on specific use cases.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
I have found the solution to be stable.
What do I think about the scalability of the solution?
The system is very scalable, and I would rate it around eight out of ten.
How are customer service and support?
I find customer service to be very good.
How was the initial setup?
The initial setup is not very complex, however, it does have its intricacies, and I would rate it around seven out of ten.
What was our ROI?
The return on investment depends on the customer. It typically takes at least a year to realize the value.
What's my experience with pricing, setup cost, and licensing?
Comparatively, it is reasonable when compared to solutions like Splunk and Exabeam . Licensing is based on events per second (EPS), costing between $50 to $60 per EPS.
What other advice do I have?
My rating for the solution would be around eight out of ten.
If organizations are on a journey to move to cloud, I recommend transitioning to Securonix over an on-premise solution due to its ease of deployment in cloud.