Continuous monitoring has improved threat detection and reduces incident response time
What is our primary use case?
Deepwatch is my main platform for managed detection and response across cloud and hybrid environments, providing 24/7 SOC monitoring. It helps with real-time threat detection, incident response, and log analysis, improving security posture and reducing response time in operations.
For example, using Deepwatch, we detected suspicious login attempts in a cloud workload via real-time log analysis. The platform triggered alerts and guided response actions, allowing us to quickly isolate the account, enforce MFA, and prevent a potential breach, reducing response time significantly.
Additionally, with Deepwatch, we use it for continuous monitoring of cloud logs, such as AWS CloudTrail and Azure Monitor, to detect anomalous activity and policy violations. It also helps in incident correlation and automated response playbooks, improving SOC efficiency and reducing mean time to detect or respond.
How has it helped my organization?
Deepwatch has positively impacted my organization by improving security posture and response efficiency through providing continuous monitoring and faster incident detection. It has also reduced SOC overload, workload, and alert fatigue, allowing teams to focus on critical threats instead of manual log analysis, improving overall operational efficiency.
With Deepwatch, I have seen a 40 to 50% reduction in MTTR due to faster detection and guided response playbooks. False positives have also dropped significantly by 40 to 50% through better correlation and risk scoring, which significantly reduced SOC workload and improved analyst efficiency.
What is most valuable?
Some of the best features of Deepwatch include 24/7 MDR plus with AI plus human expertise, providing continuous threat detection, investigation, and response across cloud and hybrid environments.
The most valuable feature for us in Deepwatch is its 24/7 managed detection and response with AI plus human expertise. This ensures us continuous monitoring, proactive threat hunting, and rapid incident response, significantly reducing the MTTR and alert noise while improving detection accuracy.
One additional outstanding feature in Deepwatch is its context-driven alerting and risk scoring with prioritized real threats instead of generating alert noise.
What needs improvement?
Deepwatch could improve with more granular customization of detection rules and alert tuning to better fit specific cloud workloads and use cases. Additionally, it can be improved by enhancing the dashboarding.
It should also support deeper cloud-native integrations such as AWS, Azure, and GCP, which would further improve operational efficiency and control.
Regarding the support, I would say that the support team should be more responsive because ideally, the response time of the support is quite long, which is sometimes frustrating. However, I do agree that for easy issues, they respond within the expected time, but for complex issues, they do take time to respond.
For how long have I used the solution?
I have been using Deepwatch for three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Deepwatch is scalable from smaller enterprise to large enterprise without any challenges.
How are customer service and support?
The customer support is good, and the response time is still not good but can be improved.
Which solution did I use previously and why did I switch?
We previously used traditional SIEM setups like Splunk with an in-house SOC operation. We switched to Deepwatch for managed detection and response to reduce operational overhead, improve threat detection accuracy, and get 24/7 expert-driven monitoring without scaling internal teams.
How was the initial setup?
Overall, the pricing for Deepwatch is premium, but it provides high value, especially for organizations replacing or augmenting an in-house SOC. The setup cost generally is low to moderate, and the onboarding can be as quick as less than one hour. However, tuning and integration add more effort.
What was our ROI?
There is a clear ROI observed with Deepwatch, both in operational and cost savings. In the operational part, we have seen a 40 to 50% reduction in incident response time and a significant reduction in analyst workload due to automation and expert-led triage. We have also seen an 86% reduction in event response cost and savings equivalent to multi-FTEs.
Which other solutions did I evaluate?
We evaluated several other options before selecting Deepwatch.
What other advice do I have?
I would recommend going for this product, and I would suggest asking the sales team for discounts because they do provide discounts. It is necessary to ask them and get the best deal out of it. My review rating for this product is 8.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazing Security Operations with Expert Guidance and Continuous Monitoring by Deepwatch.
What do you like best about the product?
Deepwatch manages our Security Services by enhancing organization security operations and providing continuous monitoring. Deepwatch's team acts as true security guider rather than just a service provider. They deliver actionable insights clear communication and strategic guidance that helpping us stay ahead of upcoming threats also in out automation platforms like Torq Hyperautomation to orchestrate faster response workflows and reduce manual effort.
What do you dislike about the product?
We observed the documentation could help us a lot if the smoothness was better in transition. When we had big amount of log data than Splunk searches can be slow and this really depends on how driven the query is. In last if integrated partner systems have limitations can cause constraint to Deepwatch's performance and visibility.
What problems is the product solving and how is that benefiting you?
The team at Deepwatch was knowledgeable and able to help us negotiating some problems on our side which is awesome. They were very organized and able to provide adhere to a project plan. Even the team was willing to help us when we added more servers.
Reliable and Advanced AI Driven Cybersecurity With Deepwatch Nexa.
What do you like best about the product?
Deepwatch has provided a reliable and consistent service and deepwatch has collaborated with us to deliver a robust solution and has surpassed our expectations in addressing complex security issuse.The evaluation and contract negotiations were smooth at the right time.The transition went superior to anticipated and with what we would consider typical challenges.
What do you dislike about the product?
Initial on boarding and fine -tuning may take time for complex environments.Faster UI performance and more flexible integrations with niche security tools would also improve the overall experience and maintenance of the different service components has been a bit difficult.
What problems is the product solving and how is that benefiting you?
We recommend it for all Cybersecurity Company Organizations because Deepwatch Nexa Agentic AI is designed to solve and automate threat detection investigations and responses to help our teams reduce risk improve efficiency and corporate data being sold on the (DWMR) Dark Web Monitoring and response provides takedown services.
Best tool for secure employee data and compliance
What do you like best about the product?
It is keeping our employee data very safe. The dashboard is showing clear reports of any suspicious activity by staff. It is giving peace of mind that our sensitive HR records are fully protected 24/7.
What do you dislike about the product?
The price is on a higher side for a mid size company budget. Some of the technical words in the weekly reports are simply beyond me (I am not a professional), too. "We need more plain language for the management team.
What problems is the product solving and how is that benefiting you?
We’re using it to protect employee- and salary-sensitive information against hacking. It’s also enabling us to watch for the insider threats. We are now in compliance of data privacy laws and feel a lot more comfortable.
Exceptional 24/7 Security Monitoring with Proactive Human Insight
What do you like best about the product?
Deepwatch brings together top-tier human analysts with smart tools and delivers 24/7 monitoring in a way that really feels like an extension of our security team. Their responsiveness has been excellent and their insight into our environment has helped us improve awareness and detection.
What do you dislike about the product?
One small point: their communication via certain channels (for instance Slack) can feel quieter than we’d like for real-time collaboration. Also, because they’re focused heavily on certain technologies (like Splunk) you might need to check how well your own tool-stack integrates.
What problems is the product solving and how is that benefiting you?
We were facing issues with alert overload, limited internal SOC capacity and stretched resources. Deepwatch stepped in to take on tier-1/2 triage, tune alerting, reduce false positives and bring more clarity to our security posture. That meant our internal team could focus more on strategic tasks, our detection improved and our operational load went down.
Outstanding Detection Improvements and Fast, Responsive Support
What do you like best about the product?
The Deepwatch team has been great! They're very responsive and our requests are processed fast. The improvements in detection engineering from their DRS 2.0 update have been outstanding. Fewer false positives, fewer unnecessary alerts, more detections enabled, etc. They leverage the Splunk platform for the backend, which is great because we've had no issues integrating our log sources. Splunk is well supported, and that's been fantastic to have.
What do you dislike about the product?
This is not a knock on the Deepwatch team. I'm just not a huge fan of Service Now, which is what the DW team leverages for escalations. It works just fine for what it is. I just find other systems like Jira to be easier to use, especially for multi-line comments.
What problems is the product solving and how is that benefiting you?
We have a small internal team, so it's a must to have a provider managing the tier 1 and tier 2 aspects of our SOC. That allows us to operate with a much smaller team, and focus on the most important workloads, and letting the Deepwatch team handle the bulk of the triage, which they do very well.
24/7 Managed Service provides a relief to security teams
What do you like best about the product?
Dynamic risk scoring method versus 1:1 alerting has reduced false positives. Their tooling is fairly easy to use, and wasn't overly cumbersome to implement. The management of Splunk has reduced a lot of workload for our teams
What do you dislike about the product?
Internal team communications among Deepwatch. They have struggled to accomplish simple requests in a timely manner in terms of customer support
What problems is the product solving and how is that benefiting you?
Deepwatch is solving for a need of 24/7 managed service and alerting in terms of security
Wonderful experience
What do you like best about the product?
Customer support and variety of features
What do you dislike about the product?
Not applicable, likea sll the services provided by deepwatch
What problems is the product solving and how is that benefiting you?
Deepwatch security center provides the best security solution for the organization
DW is a well-rounded third-party SOC provider.
What do you like best about the product?
Understanding the need and implementing.
What do you dislike about the product?
They should have more integration option
What problems is the product solving and how is that benefiting you?
Deepwatch is an amazing SOC provider. They truly understand the needs of their customers and put in amazing effort in implementing those needs. They have an amazing support system for the customer and are very responsive.
Strong MDR provider with experienced engineers and analysts working with Splunk
What do you like best about the product?
Deepwatch employes a skilled team of engineers, analysts, and CSMs who are able to assist with implementation of new log sources and alerts. The team is able to respond to security events quickly and effectively, while providing additional support if needed.
What do you dislike about the product?
Deepwatch's core competencies are currently focused on leveraging the Splunk SIEM but are expanding to MS Sentinel.
What problems is the product solving and how is that benefiting you?
Deepwatch is able to serve as an extension of the security team by serving as an MDR leading the offsite SOC for the organization. Deepwatch also helps manage the vulnerability management practice for the organization allowing us to outsource some of the workload.
