Secureworks Taegis XDR

My main use case for Secureworks Taegis XDR  is ingesting logs from all our resources, so we're using it as a SOC.

For example, in our SOC operations, we ingest logs from all our security providers; let's take an example of a firewall using Fortinet. We ingest all the firewall logs to Secureworks Taegis XDR , which then reviews these logs, picks up any malicious activity or abnormalities in the events, and notifies us.

The main purpose of using Secureworks Taegis XDR  is as a SOC, and we have playbooks and connectors that help us with remediating risks with the endpoints; it also integrates with the antivirus, which is CrowdStrike. Secureworks Taegis XDR  helps us to detect and remediate any vulnerabilities.

In my experience, the best features Secureworks Taegis XDR offers include advanced analytics, which provides an in-depth overview of incidents or events. In case an incident happens, we can go to Secureworks Taegis XDR, check all the logs, as it ingests and correlates all logs and gives us recommendations. It now has AI, which helps with recommended steps we need to take regarding incidents, and the Dell team is always available to look into and investigate incidents when we are unavailable or it's out of office hours.

Regarding features, integration stands out; Secureworks Taegis XDR is integrated with major antivirus security platforms such as CrowdStrike, so it ingests every log from CrowdStrike. If CrowdStrike misses anything, we're confident that Secureworks Taegis XDR will pick it up, automatically creating a ticket and informing us. In critical situations or out of office hours, we get notified or receive a call from the Secureworks Taegis XDR team. It's a very popular and helpful platform for reviewing logs, significantly reducing manpower. Going through all the logs to find abnormalities is very time-consuming, but Secureworks Taegis XDR does it for us, which is the main advantage.

Secureworks Taegis XDR has positively impacted our organization by improving detection rates and reducing our time; as I mentioned, it saves us from manually going through all the logs, which is not practical. Instead, Secureworks Taegis XDR correlates logs from the different security vendors we use, makes recommendations, and detects any abnormalities in events or issues; this is very time-saving for us.

Since using Secureworks Taegis XDR, our organization has definitely saved time; initially, we were manually going through logs to find abnormalities in events, and if we found any, we had to conduct an in-depth investigation through all platforms. With Secureworks Taegis XDR, all logs are in one place, so we just have to look into it and see what went wrong; it saves a lot of time.

At this point, Secureworks Taegis XDR is doing everything intended, so I don't have any recommendations for improvements.

Regarding Secureworks Taegis XDR's AI capabilities, I don't see any governance and security framework details or governance details within the platform.

If Secureworks Taegis XDR could integrate with more tools such as Jira —although it has a limited current integration—that would be great.

I have been using Secureworks Taegis XDR for about four to five years now.

Secureworks Taegis XDR is very stable.

As our organization grows and adds more devices and data sources, I notice no challenges with Secureworks Taegis XDR handling the increased workload; although we had to make some changes as part of the contract, we are a small organization, so I haven't seen any issues when adding a few devices.

Customer support for Secureworks Taegis XDR is not that bad; they are reachable but not super efficient.

Previously, we didn't use any SOC; we were using CrowdStrike as an antivirus platform, so there was no SOC before Secureworks Taegis XDR.

My advice for others looking into using Secureworks Taegis XDR is that it's very much reliable; you can run it on a public cloud, private cloud, or, as we do, on-premises. It's easy to install and deploy the collectors, and once we start using it, not much maintenance is needed, as all collector updates are managed by the Secureworks Taegis XDR team. We only need to log in, check the logs, and it flags anything wrong or malicious by giving severity ratings to each event or incident, which allows us to prioritize our investigations.

I'm not sure about the pricing, setup cost, and licensing; it's managed by the Head of IT.

Before choosing Secureworks Taegis XDR, I think we evaluated Splunk, but ultimately decided to go with Secureworks Taegis XDR.

Regarding the accuracy and reliability of Secureworks Taegis XDR's AI capabilities, accuracy is above 90-95 percent, and it is very much reliable. I would rate this review a 9 out of 10.

The main use for Secureworks Taegis XDR  is to triage alerts from low to critical alerts and analyze and investigate different kinds of alerts from the platform. As a SOC analyst, Secureworks Taegis XDR  is helpful to check every detection from the client's environment. It helps the SOC analyst to analyze the specific alert and provide more specific or comprehensive investigation or technical reports to clients.

I investigated a case wherein there was an impossible travel of a user or an account while using Secureworks Taegis XDR . The user logged in from different countries, then another country for the second time of his login. Secureworks Taegis XDR  helped me to check which countries the user had logged in from and provided more details such as the time of login, the IP address that the user used, and more.

Secureworks Taegis XDR allows us to check or monitor every data collector we are managing and also the users or the endpoints that we are managing in that platform. We can verify if the endpoints or computers of the company have endpoint sensors installed in their endpoints so that we can ensure that their computers are in a managed asset.

I think the best features of Secureworks Taegis XDR simplify the triaging method for SOC analysts. The SOC analyst can check whether the alert is low, high, or critical. Secureworks Taegis XDR auto-triages the specific alerts, and that is the best feature.

The auto-triage feature of Secureworks Taegis XDR makes my workflow easier and efficient. It helped me to shorten the time of responding to every alert and also make my activities productive. I can manage everything that I need to check every alert and detection. This shortens my time of triaging and investigating numerous alerts.

Following the SLA or Service Level Agreement with the clients, we have plenty of time to deeply investigate or analyze the specific alert since using Secureworks Taegis XDR. Since the triaging reduced or the time of investigating is reduced because of the auto-triage of Secureworks Taegis XDR, this positively changes our point of view of investigating alerts and makes our investigation faster.

We manage a lot of alerts and with Secureworks Taegis XDR, we can scrub and triage or decide if the alerts are false positive or true positive in a faster way.

I suggest that we can check also the data sources of every data collector so that we can be informed of what data source the alerts came from and add that to our investigation.

The efficiency or the smooth navigation of the website or the application can be improved in Secureworks Taegis XDR. We can reduce lag or slow navigation of the tool.

I used Secureworks Taegis XDR last year for about less than a year.

Secureworks Taegis XDR is a bit stable in my experience.

Secureworks Taegis XDR can handle increasing workload for us users.

I had a good experience with Secureworks Taegis XDR customer support. They are reachable and they reply in a prompt manner. I have no problem with them.

I used Trend Micro XDR  before using Secureworks Taegis XDR.

I did not really switch from Trend Micro XDR  to Secureworks Taegis XDR. I just had the opportunity to go to another company where they use an XDR platform.

Secureworks Taegis XDR has been dependable for me regarding its AI capabilities in terms of accuracy and reliability of its output.

The Taegis XDR AI is helpful to analysts such as myself to check and to be more comprehensive of every detection and alert.

It stands out because it is very comprehensive for users or analysts to learn or to analyze the specific alerts. It is also user-friendly or newbie-friendly. New analysts can understand faster how the triaging and investigating an incident is conducted. What keeps it from being a perfect 10 is the occasional lag issues on the platform.

You can also first try to check their certifications regarding Secureworks Taegis XDR.

My overall review rating for Secureworks Taegis XDR is 9 out of 10.

I use Secureworks Taegis XDR  within my organization primarily to secure our network infrastructure so that none can access our servers and our devices in the LAN portion.

I appreciate that they introduced the NDR feature and zero-day protection in this product.

The running interface is good enough; I can see the web traffic, web monitor, and application monitor traffic here, so it is adequate for now.

Till now, I have not seen any weak point that needs to be improved in Secureworks Taegis XDR .

I think that since the technology is becoming upgraded, it will be good for Sophos to include more features in future updates of this solution.

Secureworks Taegis XDR  is a good product, but it should include AI technology.

I have been working with Sophos for three years, and before that I was working in network-related roles with other devices, including Cisco devices and Chinese Huawei devices such as Huawei routers and Huawei switches.

Till now, we are just using the firewall and not any other devices for analytics tools in this product.

I have not integrated any third-party tools in our network involvement, so there are no issues during integration.

They are very helpful regarding technical support of Sophos.

I can definitely give a rating of 10 for the support because I always receive prompt service from them.

In our country, we have an authorized vendor from Sophos, and we are purchasing Sophos devices from them.

I say it is easy to deploy Secureworks Taegis XDR .

Two people should be good to complete the implementation.

It requires a couple of days to configure it, then a couple of days to test the scenario, such as what will be the outcome if I deploy the firewall in a running environment and running infrastructure, what will be the output?

The entire deployment took that long.

I took part in the deployment, and in my company, I deployed XGS  4300 in high availability feature.

Definitely, Secureworks Taegis XDR is cost effective for the long run since the product is at a lower cost rather than other brands.

I think Sophos product is comparatively the best price rather than other brands when considering the licensing cost for Secureworks Taegis XDR.

I have not worked yet with product Sophos Labs Intellex.

I have not worked with Sophos Cybersecurity as a service.

I have not used the threat hunting feature of Secureworks Taegis XDR.

I have not used customizable workflows in Secureworks Taegis XDR.

My overall review rating for this product is 8.5.