Have seen it working well for Mid Size enterprises in particular. The Pros are
1> Make in India Product 2> Offered by various providers like Tata Communications, PwC etc.; 3> Option to store and process logs in ELK as well as Lucin mode. They recommend Lucin mode, due to various search and process algorithms built 4> Cost wise much better than QRadar, Splunk etc.; 5> UEBA basic functionality, NBA basic functionality and standard use cases are free with Product ( may be , we have to negotiate)
Cons are:
1> Maturing product still 2> Dashboards have to be customised a lot 3> AI/ML models are preliminary in nature 4> Advanced features like VA integration, Threat score integration, Analytic models are not available
The below response is based on CISO Platform closed group discussion:
(private CISO member):
It is build on lucin platform, very quick for search, rules , analytics and threat hunting Use cases and other enhancement will have to be done as per use cases since it will take sometime to mature PwC, I think has built its SOC platform and have done lots of enhancements but underlying platform is DNIF. Can be used for SOC but it is not matured as splunk or may be log rhythm Hope this helps
Replies
Have seen it working well for Mid Size enterprises in particular. The Pros are
1> Make in India Product 2> Offered by various providers like Tata Communications, PwC etc.; 3> Option to store and process logs in ELK as well as Lucin mode. They recommend Lucin mode, due to various search and process algorithms built 4> Cost wise much better than QRadar, Splunk etc.; 5> UEBA basic functionality, NBA basic functionality and standard use cases are free with Product ( may be , we have to negotiate)
Cons are:
1> Maturing product still 2> Dashboards have to be customised a lot 3> AI/ML models are preliminary in nature 4> Advanced features like VA integration, Threat score integration, Analytic models are not available
Overall, good to go. Hope this helps.
The below response is based on CISO Platform closed group discussion:
(private CISO member):
Using for SOC since a few months. Good.
The below response is based on CISO Platform closed group discussion:
(private CISO member):
It is build on lucin platform, very quick for search, rules , analytics and threat hunting
Use cases and other enhancement will have to be done as per use cases since it will take sometime to mature
PwC, I think has built its SOC platform and have done lots of enhancements but underlying platform is DNIF.
Can be used for SOC but it is not matured as splunk or may be log rhythm
Hope this helps