We have actually used our company, which is a large one, and we are using multiple Securonix Next-Gen SIEM technologies. For the on-premises environment, we are using Securonix Next-Gen SIEM, and for cloud, we are using Sentinel.

We primarily use Securonix Next-Gen SIEM to detect policy violations, firewall detection, and other basic parts for the on-premises system, but we primarily focus on the cloud solution because cloud is the scope of our work and we are moving to cloud slowly.

The other SIEM solutions lack an option for big data analysis, whereas in the Securonix Next-Gen SIEM, we have this option, so considering the scope of the project we planned, we chose Securonix Next-Gen SIEM over other vendors.

We utilize user and entity behavior analytics in the Securonix Next-Gen SIEM.

The reporting in the Securonix Next-Gen SIEM is very good, and the dashboard is great.

We have a separate dashboard for MTTD and MTTR. Compared to the previous solution we used, Securonix Next-Gen SIEM has many advantages on the MTTR part, as the containment and alerts automations are feasible from the response point of view.

The customization in Securonix Next-Gen SIEM is more difficult compared to other solutions. At the operation level, we are not facing many challenges with automating things using Securonix Next-Gen SIEM, but at the admin level, we have many challenges where log parsing is causing issues and compatibility is not present.

The primary technology challenge we have is not at the security tools level. For example, firewall Cisco and others are capable. However, specific to product, for SAP, we are using certain products, and developing custom connectors for each product, especially the internal applications, is difficult, and Securonix Next-Gen SIEM is not up to the mark.

I have been working with Securonix Next-Gen SIEM for almost one and a half years, and we have undergone a major migration. Earlier, we were an individual company, but we have now merged with MBD, so the bank scope has been widely spread, and we have migrated to Securonix Next-Gen SIEM.

We had an individual product before we purchased Securonix Next-Gen SIEM, having separate SOAR and SIEM solutions, along with separate tools for each activity. Securonix Next-Gen SIEM has built a centralized environment where we can perform all these tasks without any dependency on a separate SOAR solution for containing alerts' action items, and the big data plays a major role, allowing a large setup of datasets to be parsed into Securonix Next-Gen SIEM without issues.

The stability of Securonix Next-Gen SIEM is based on the events we are processing. For certain solutions where not much log is generated or stored, it handles tasks efficiently, but where a large number of logs are generated in a short time, it keeps them as a cache and releases them as an event, which takes some time. It is stable, but only at a certain level.

I do not face any challenges regarding scalability. I can rate it around eight to nine, and it is very scalable and capable of handling tasks, especially for the on-premises product.

For technical support, I can rate it as seven. They also have the same issues other vendors are facing. They are good at resolving issues but not all of them. When we reach out to someone, we often wait for the right person with the right skills to come and fix the solution, which is the major challenge.

We validated ArcSight, Securonix Next-Gen SIEM, and Splunk while considering suitable SIEM solutions. Before using Securonix Next-Gen SIEM, we used ArcSight, where the integration created many issues, particularly data integration, because most end-of-life service systems are not supported in ArcSight, and regular content updates are not up to the mark. Securonix Next-Gen SIEM provides both options, which made us switch from ArcSight.

We also considered Splunk, and we noticed the customization in our organization is not at the level we need. We tried providing some applications to develop a custom parser, but we do not think Splunk is capable of handling such complexities.

As I mentioned, it has been hardly a year. We have a premium subscription with the vendor for Securonix Next-Gen SIEM implementation and related activities, and so far, we have never faced any issues since the vendor support is available. It may become a challenge in the fourth year if we do not renew as a premium license and go with an operational license.

It does take some time to get there.

I would rate Securonix Next-Gen SIEM as six to seven out of ten.

From my perspective, it changes based on the organization using it. If your scope focuses on big data, I recommend going with Securonix Next-Gen SIEM. If you plan to maintain the same level of scope in the on-premises environment without any advanced technology, then I would suggest going with better SIEM solutions.