Our review of RQ from using their services for more that 6 months.
Use Cases and Deployment Scope
ReliaQuest provides us with Managed SOC services. They manage our Splunk infrastructure and they use our data from our servers to provide security services for us. They have created good custom content for us that meets our use cases and they try to provide end-to-end coverage of our SOC.
Pros
- SOC service.
- Managed services.
- Correlation searches.
Cons
- Some Analysts are relatively fresh to SOC. They sometimes get put into supporting large infrastructures.
- RQ has a ton of correlation searches that they use to provide end-to-end visibility. Most of them can be restructured to get the same results and this can reduce the number of correlation searches.
Most Important Features
- SOC Services.
- Managed services for our Splunk deployment.
- Security use cases provided to us to keep our organisation safe from attacks.
Return on Investment
- RQ's Greymatter content has enriched our SOC experience because we always felt Splunk's out-of-the-box use cases were not sufficient enough to provide end-to-end coverage.
- RQ specializes in a lot of big data solutions so that we can rely on them to help us troubleshoot tasks and also make sure our security solutions are working accurately.
Alternatives Considered
Splunk Enterprise Security (ES) and FortiSOAR (formerly Cybersponse)
Other Software Used
Splunk Cloud, Cisco ASA 5500-X with FirePOWER Services, Fortinet FortiGate, Zscaler Internet Access