We just raised a $30M Series A: Read our story
2021-07-23T09:35:00Z

What SOC product do you recommend?

75

Hi community members,

I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.

Based on your experience, which SOC tool/solution would you recommend and why?

ITCS user
Guest
1214 Answers

author avatar
Top 5LeaderboardReal User

I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module.


The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?

2021-07-26T03:13:53Z
author avatar
Top 5LeaderboardReal User

Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).

2021-08-10T21:08:09Z
author avatar
Real User

For tools I’d recommend: 


-SIEM- LogRhythm


-SOAR- Palo Alto XSOAR


Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.


Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.


If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.

2021-07-27T14:45:26Z
author avatarEvgeny Belenky
Community Manager

@Jack Callaghan do you also have any good recommendations for an XDR product? 

author avatar
Top 5LeaderboardReseller

I have no experience with Rapid 7 or InsightIDR. 


IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement. 


Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.

2021-07-26T09:03:14Z
author avatar
Real User

@Evgeny Belenky, ​ I found Stellar to be quite intriguing. 


I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.

2021-07-28T06:02:02Z
author avatar
Top 5Reseller

COMODO MDR 

2021-07-28T05:11:54Z
author avatar
Top 20Real User

Disclaimer: ICE Consulting offers SOC as a Service to our Clients.


For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.


Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix. 


Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.


Make sure training for the use of the service is included.  We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.


Good Luck!

2021-07-26T19:06:05Z
author avatar
Top 5Reseller

COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports. 

2021-07-26T05:52:39Z
author avatar
Top 5Reseller

I prefer the COMODO SOC solution because it is a very good and easy to deploy product.

2021-07-26T05:26:09Z
author avatarEvgeny Belenky
Community Manager

@Ishan Kukreti, can you please be more specific about it: what features/ other aspects are positive about it? Thanks.

author avatar
Real User

We are using LogRthythm SIEM complete case management and offer SIEM/SOC as service.

2021-07-26T05:04:26Z
author avatar
Vendor

If you are a small and medium-sized business, I recommend UTMStack; this free SIEM (a free community option) includes all essential cybersecurity services, including SOC, at a low price. https://utmstack.com/

2021-08-09T10:08:21Z
author avatar
ExpertModeratorReal User

Splunk, ELK, AlienVault. depending on the requirement, outcome and budget.

2021-08-07T12:29:50Z