We performed a comparison between Arctic Wolf Managed Detection and Response and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two SOC as a Service solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the main benefits of Binary Defense MDR is the ability to easily meet with their support team to discuss any issues we encounter."
"The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7."
"The most valuable feature is reviewing tickets and the notes added by technicians."
"The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to."
"The case interface is Binary Defense MDR's most valuable feature."
"Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done."
"Binary Defense has a human service department that provides live monitoring for our systems."
"The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed."
"Whenever there is a major thing like Exchange vulnerabilities, it scans our Exchange server for indicators of compromise. It then alerts us and points exactly where we need to go to check for ourselves if it is normal or not."
"Arctic Wolf is laser-focused on providing top-notch customer service."
"The most valuable aspect of this solution is the managed detection and response component."
"The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious."
"They have a portal where you can evaluate and mitigate any vulnerabilities that you and your network might have."
"What's valuable about Arctic Wolf AWN CyberSOC is the cost savings it provides for companies that no longer have to hire a bunch of security people and pay for a SIM."
"We can effectively manage the massive amounts of security data that we receive from various sources such as firewalls, switches, endpoints, and other log sources."
"The product provides integrations with several different SaaS applications."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR."
"The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English."
"I would like to get more reports from Binary Defense about what they're blocking."
"We found a couple of bugs in the user interface."
"It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test."
"I would like to see more frequent check-ins with our security status."
"If I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today."
"We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement."
"In the future, I would like to see a summary report."
"They focus on detecting administrator-level control compromises. Because they're focusing more on administrator-level compromise, they are less able to see if an individual user has been compromised. It is, admittedly, very difficult because they don't know what normal human behavior is. If a hacker compromises a human account and then acts just like the human, how are you ever going to notice, unless you have some inside knowledge of how the company works? For example, they overlook account lockouts on user accounts, whereas in our own alerting system, we do not. We review every account lockout, and if it is bad, we contact the person, whereas they think of that as noise because they're more focused on the administrator-level compromise."
"It can sometimes take up to an hour to get notification of a problem and that's a long time."
"More integrations with various security tools to improve data ingestion would be beneficial."
"We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things."
"They could probably expand on their integration tools. They can integrate with more security tools."
"If you are not in the security field, this can be difficult to figure out from time to time."
"Arctic Wolf Managed Detection and Response's analysis and remediation parts could be improved. It's not bad, but it needs improvement."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
More Arctic Wolf Managed Detection and Response Pricing and Cost Advice →
Arctic Wolf Managed Detection and Response is ranked 1st in SOC as a Service with 17 reviews while Netsurion is ranked 3rd in SOC as a Service with 24 reviews. Arctic Wolf Managed Detection and Response is rated 9.2, while Netsurion is rated 8.4. The top reviewer of Arctic Wolf Managed Detection and Response writes "Very good support, excellent visibility, and useful security bulletins". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". Arctic Wolf Managed Detection and Response is most compared with CrowdStrike Falcon Complete, Red Canary, Huntress, Adlumin Security Operations Platform and Expel Workbench, whereas Netsurion is most compared with CyberHat CYREBRO. See our Arctic Wolf Managed Detection and Response vs. Netsurion report.
See our list of best SOC as a Service vendors and best Managed Detection and Response (MDR) vendors.
We monitor all SOC as a Service reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
