Likelihood to Recommend ElecticIQ has an architecture where it usually needs decent computing power within the organisation. The central console along with the ELK servers and PostgreSQL sever needs their own space in a distributed setup. This could be a little too expensive for small-scale organisations. But for the organizations having mid to large-scale networks. EIQ is a decent solution to serve the purpose.
Read full review If you want to analyze the full path focusing on the signatures it’s the best product in the market. If you want to test phishing, data exfiltration/DLP, DNS I don’t recommend Picus. Scenario based attacks also lacking. However Picus support is awesome and I like the development team. When we open a case, they’ll always return with the right answer
Read full review Pros Effective correlation of IOCs Averaging out the Confidence Score based on different intel sources. Serves as an excellent liaison points between the Intels and SIEM/SOAR stack. Read full review It has thousands of signatures and up-to-date attack vectors (It's the largest set in the market) Attack vectors are mapped with existing vendors like Checkpoint and Mcafee, where you don't spend time finding out which cve mapped to which protection Ability to focus/highlght solely new threats, it's superb for 0days and up-to-date protections. As there are always timing issue between updates and apply the updates on the products. Blocked vs not blocked ratios on the dashboard with drill down menu specifiying the set of protections or signatures on the defensive measures Already mapped mitre att&ck framework on the dasboard. SOC and analyst team using the Mitre framework. Detection analytics enhance the analytics capabilities with pinpoint accuracy where to focus and how to prevent Timeline and scheduled reports from the dashboard in flexible format Read full review Cons Misses on a global search bar which can directly gives out the result like VirusTotal. The GUI could be more friendlier. Too many filters and graphs may overwhlem the user sometimes. The ElasticSearch(searching for IOC in the in-house EIQ database) is a little slow compared to its counterparts. Read full review Visualization of network and the products Complex/Scenario based attacks Phishing tests DNS and Data exfiltration attacks Automatic action through the apis for the products on the path Strategical and tactical reports for Cisos Automatic SOAR entegration with already builtin playbooks Read full review Alternatives Considered The most important feature of EclecticIQ which gives it an edge compared to other TIPs is that it performs segregation of IOCs based on the relevance of it and the links that IOCs might have which other adversaries. The graphical format mapping where the user can easily figure out how the IOCs have connections to different binaries is another advantage. One can set the half-life time for an IOC which will reduce the confidence score as per one's need.
Read full review We use other vendors
Verodin , AttackIQ,
SafeBreach ,
Cymulate etc. All of them have their advantages and disadvantages. Please take a look at TrustRadius reviews of each product. I don’t want to go head to head for each product in this
review. I select Picus because it's local startup company in our region. I like their support and engineering team. Support is marvelous. Product is giving what we expected from the product. Price is adequate. Reporting and dashboard is superb.
Read full review Return on Investment Positive: Effective usage of all the premium Intels in a uniform fashion. No need to log in to each tool time and again. Positive: SOC Analysts spends lesser time on the internet and the analysis for the IOCs with graphical format is fulfilled by EclecticIQ. Negative: Higher costs over the resource utilization in the initial setup. Read full review With Picus we have the tangible KPIs for the security Detetcion and Prevention rates for the latest attacks are significantly increased We work with many security vendors. We use picus scores and share specific outputs with the company in case of decreasing score rates where the development and product team analyzes their updates or product engines to increase the rates. It helps our strategic plans where to focus and invest for the following years and planning/prioritizing the security budgets to specific highlighted areas Read full review ScreenShots