Continuous monitoring has improved threat detection and reduces incident response time
What is our primary use case?
Deepwatch is my main platform for managed detection and response across cloud and hybrid environments, providing 24/7 SOC monitoring. It helps with real-time threat detection, incident response, and log analysis, improving security posture and reducing response time in operations.
For example, using Deepwatch, we detected suspicious login attempts in a cloud workload via real-time log analysis. The platform triggered alerts and guided response actions, allowing us to quickly isolate the account, enforce MFA, and prevent a potential breach, reducing response time significantly.
Additionally, with Deepwatch, we use it for continuous monitoring of cloud logs, such as AWS CloudTrail and Azure Monitor, to detect anomalous activity and policy violations. It also helps in incident correlation and automated response playbooks, improving SOC efficiency and reducing mean time to detect or respond.
How has it helped my organization?
Deepwatch has positively impacted my organization by improving security posture and response efficiency through providing continuous monitoring and faster incident detection. It has also reduced SOC overload, workload, and alert fatigue, allowing teams to focus on critical threats instead of manual log analysis, improving overall operational efficiency.
With Deepwatch, I have seen a 40 to 50% reduction in MTTR due to faster detection and guided response playbooks. False positives have also dropped significantly by 40 to 50% through better correlation and risk scoring, which significantly reduced SOC workload and improved analyst efficiency.
What is most valuable?
Some of the best features of Deepwatch include 24/7 MDR plus with AI plus human expertise, providing continuous threat detection, investigation, and response across cloud and hybrid environments.
The most valuable feature for us in Deepwatch is its 24/7 managed detection and response with AI plus human expertise. This ensures us continuous monitoring, proactive threat hunting, and rapid incident response, significantly reducing the MTTR and alert noise while improving detection accuracy.
One additional outstanding feature in Deepwatch is its context-driven alerting and risk scoring with prioritized real threats instead of generating alert noise.
What needs improvement?
Deepwatch could improve with more granular customization of detection rules and alert tuning to better fit specific cloud workloads and use cases. Additionally, it can be improved by enhancing the dashboarding.
It should also support deeper cloud-native integrations such as AWS, Azure, and GCP, which would further improve operational efficiency and control.
Regarding the support, I would say that the support team should be more responsive because ideally, the response time of the support is quite long, which is sometimes frustrating. However, I do agree that for easy issues, they respond within the expected time, but for complex issues, they do take time to respond.
For how long have I used the solution?
I have been using Deepwatch for three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Deepwatch is scalable from smaller enterprise to large enterprise without any challenges.
How are customer service and support?
The customer support is good, and the response time is still not good but can be improved.
Which solution did I use previously and why did I switch?
We previously used traditional SIEM setups like Splunk with an in-house SOC operation. We switched to Deepwatch for managed detection and response to reduce operational overhead, improve threat detection accuracy, and get 24/7 expert-driven monitoring without scaling internal teams.
How was the initial setup?
Overall, the pricing for Deepwatch is premium, but it provides high value, especially for organizations replacing or augmenting an in-house SOC. The setup cost generally is low to moderate, and the onboarding can be as quick as less than one hour. However, tuning and integration add more effort.
What was our ROI?
There is a clear ROI observed with Deepwatch, both in operational and cost savings. In the operational part, we have seen a 40 to 50% reduction in incident response time and a significant reduction in analyst workload due to automation and expert-led triage. We have also seen an 86% reduction in event response cost and savings equivalent to multi-FTEs.
Which other solutions did I evaluate?
We evaluated several other options before selecting Deepwatch.
What other advice do I have?
I would recommend going for this product, and I would suggest asking the sales team for discounts because they do provide discounts. It is necessary to ask them and get the best deal out of it. My review rating for this product is 8.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazing Security Operations with Expert Guidance and Continuous Monitoring by Deepwatch.
What do you like best about the product?
Deepwatch manages our Security Services by enhancing organization security operations and providing continuous monitoring. Deepwatch's team acts as true security guider rather than just a service provider. They deliver actionable insights clear communication and strategic guidance that helpping us stay ahead of upcoming threats also in out automation platforms like Torq Hyperautomation to orchestrate faster response workflows and reduce manual effort.
What do you dislike about the product?
We observed the documentation could help us a lot if the smoothness was better in transition. When we had big amount of log data than Splunk searches can be slow and this really depends on how driven the query is. In last if integrated partner systems have limitations can cause constraint to Deepwatch's performance and visibility.
What problems is the product solving and how is that benefiting you?
The team at Deepwatch was knowledgeable and able to help us negotiating some problems on our side which is awesome. They were very organized and able to provide adhere to a project plan. Even the team was willing to help us when we added more servers.
Reliable and Advanced AI Driven Cybersecurity With Deepwatch Nexa.
What do you like best about the product?
Deepwatch has provided a reliable and consistent service and deepwatch has collaborated with us to deliver a robust solution and has surpassed our expectations in addressing complex security issuse.The evaluation and contract negotiations were smooth at the right time.The transition went superior to anticipated and with what we would consider typical challenges.
What do you dislike about the product?
Initial on boarding and fine -tuning may take time for complex environments.Faster UI performance and more flexible integrations with niche security tools would also improve the overall experience and maintenance of the different service components has been a bit difficult.
What problems is the product solving and how is that benefiting you?
We recommend it for all Cybersecurity Company Organizations because Deepwatch Nexa Agentic AI is designed to solve and automate threat detection investigations and responses to help our teams reduce risk improve efficiency and corporate data being sold on the (DWMR) Dark Web Monitoring and response provides takedown services.
Strong MDR provider with experienced engineers and analysts working with Splunk
What do you like best about the product?
Deepwatch employes a skilled team of engineers, analysts, and CSMs who are able to assist with implementation of new log sources and alerts. The team is able to respond to security events quickly and effectively, while providing additional support if needed.
What do you dislike about the product?
Deepwatch's core competencies are currently focused on leveraging the Splunk SIEM but are expanding to MS Sentinel.
What problems is the product solving and how is that benefiting you?
Deepwatch is able to serve as an extension of the security team by serving as an MDR leading the offsite SOC for the organization. Deepwatch also helps manage the vulnerability management practice for the organization allowing us to outsource some of the workload.
Deepwatch for SIEM hosting and Tier 1 alert review
What do you like best about the product?
Tier 1 alert review is fairly scripted and escalated cases provide sufficient detail. Very few system outages as part of hosting. Responsive to tuning and engineering requests.
What do you dislike about the product?
Some growing pains as Deepwatch expands offerings. Challenges with following off-hours escalation trees.
What problems is the product solving and how is that benefiting you?
We are unable to staff a tier 1 alert review team 24x7. Having Deepwatch host our SIEM negates the need for us to staff SIEM administrators ourselves. We do staff content developers for SIEM who QA Deepwatch alerts and log parsers.
Erlanger DW
What do you like best about the product?
I'm a fan of how many technicians they have in several areas of expertise for the Splunk platform, specifically. I can always go to them and ask questions to find possible solutions.
What do you dislike about the product?
Nothing comes to mind at this time, to be perfectly honest. Caroline is very attentive, and all the technicians are very helpful.
What problems is the product solving and how is that benefiting you?
Deepwatch fills the gap of keeping a vigilant eye on our organization. They have technicians to manage alerts after regular business hours, and they provide automatic alerts for things happening that we wouldn't notice in a timely manner.
Responsive and Reliable Support
What do you like best about the product?
Deepwatch has been a highly responsive and collaborative partner. When they escalate alerts, they are truly critical with no false positives. We have a strong working relationship between our SOC teams, and their customer success manager stays closely engaged. They help us fine-tune alerting, answer questions quickly, and ensure we are aligned on priorities. This partnership has improved our operational efficiency and confidence in our detection strategy.
What do you dislike about the product?
While Deepwatch is highly responsive through their ticketing system, their Slack channel tends to be quiet and not ideal for real-time escalation. That said, this hasn’t impacted support quality, as tickets remain the most effective and reliable way to engage their team. It’s a minor concern, but worth noting for teams that prefer more interactive communication channels.
What problems is the product solving and how is that benefiting you?
Deepwatch is helping us address the challenge of integrating and monitoring new log sources efficiently. They are thorough in onboarding new data and quick to implement tailored alerting based on those logs. This has strengthened our visibility across the environment and improved our ability to detect and respond to threats in a timely and effective manner. Their proactive support has been a key factor in enhancing our overall security operations.
Great Experience - very professional team
What do you like best about the product?
Working on MDR with Deepwatch is an amazing experience for myself. The whole team is flexible, responsive, knowledgeable, and professional. I reach out to DeepWatch on a daily basis; whether it's a member or an issue/improvement on hand.
We have a success manager assigned to us, Caroline G. We have a bi-weekly call to discuss issues, roadblocks, future implementation, and status updates. We often communicate over email & slack outside the bi-weekly calls. Caroline is consistently available for us outside of her work hours; Sick day, PTO, and off hours. She is a very joyous person to be around with; which allows customers to approach her easily, feeling open to reach out to her.
I worked with a few MDR engineers; Chase C., Steven L., Titi O., Kane H., Larry S., and more. The team is very knowledgeable; very capable of addressing our initial setups, troubleshooting log ingestions, defining alerts, and provided solutions for improvement. The knowledge base articles written by a few of the engineers were very helpful; very easy to read and understand. I don’t know who managed our log ingestion applications but they are performing an excellent job; we are up to date with our OS and application version. The detection engineers provides very well defined alerts; which provides activities we may not be aware of.
We had a false alarm, but at the time an admin was unable to verified their actions within the network. Deepwatch was there, treating the scenario as a possible intrusion. All hands on deck, Deepwatch were there, performing their duties as much as they possibly can. That to me is the key - Deepwatch was there for us during a possible instrusive situation.
I hope to keep to continue having Deepwatch’s support. Caroline G and the MDR engineers really deserve a raise, promotion, and award. Very dedicated, intelligent, and professional team.
What do you dislike about the product?
I don't have any complaints or dislike. I enjoy working with the DeepWatch. It's a great experience.
What problems is the product solving and how is that benefiting you?
Initial Setup. We all know when we first purchase a tool, we have to learn how to use the tool first. The issue sometimes is we may not have the knowledge or time to learn the tool. Deepwatch solves that issue. The engineers are experts in their field and can easily solve an issue within a simple call.
Continuous Support. Whether the network change, a bad firewall policy implemented - the team pulls through to assist with basis troubleshooting. Deepwatch provides defined alerts for us to monitor the network activities. We have discover a bad actions performed by a few admins using Deepwatch's alerts.
Vulnerabilities and Patching. We recently discovered we had a Linux OS that will be EOL at the end of 2025. We started to plan to upgrade our OS across the board to ensure support services can be continue. I reached out to DeepWatch and discovered that the OS they managed were already updated. Our log ingestion applications were upgraded consistently; we are up to date. Updates are important as new vulnerabilities are discover each day.
Simplifying Cybersecurity -DeepWatch MDR
What do you like best about the product?
DeepWatch Managed Detection and Response is a highly cutting-edge technology leverages advanced machine learning and Artificial Intelligence technologies to detect potential threats and automate response actions helping organizations to respond quickly and effectively to incidents. It includes On-Prem and cloud-based systems providing continuous monitoring and automated response capabilities. Deepwatch is a highly effective option for organizations looking to improve their security posture.
What do you dislike about the product?
As MDR is a premium product, the cost associated with implementing this solution can be pretty high for small enterprises with limited budgets. We may face some implementation challenges as Deepwatch MDR integrates with various security technologies and challenges with compatibility issues with legacy systems. Rest DeepWatch offers exciting Technical aspects to improve security standards.
What problems is the product solving and how is that benefiting you?
Deepwatch provides managed detection and response; we can automate some processes by making Machine Learning Inclusions to set down resouces. Deepwatch MDR leverages advanced technologies like machine learning and AI to detect and respond to these advanced threats, providing a higher level of protection than traditional security solutions.
