2021-05-18T12:31:00Z
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
  • 2354
  • Published:

The Math of SIEM Comparison

Product comparison that may be of interest to you
3
PeerSpot user
3 Comments
Real User
2021-10-09T13:15:10Z
Oct 9, 2021

If this article was specific to ANET only and was describing the product and its features, it would be useful for buyers, but it seems to be a different situation. I'll not hide I'm a fan of McAfee (as expected ex McAfee employee) but, I will also be professional. 


I see a simple idea in this article, "It is not possible" for competitor vendors, is that really true? 


I think you can actually say: "Hey, my product is the best, don't spend your time making a PoC with other SIEM/UEBA vendors or partners. Drop the current SIEM/UEBA product and buy my product". This can be more helpful for your sales opportunities! 


But, for the other readers; did you work with any competitor vendors or any certified competitors' partner or any certified engineer of the vendors when preparing/sharing this article? I don't think so. 


Why you are sharing McAfee community links to get support for this article? I think there is no rule or perception of people have to be accepting your idea if a question is not answered on the community portal! Yes, the vendor should care of the community portal but, the vendor also has a Support Portal for their customers! 


I think you should not do and not share anything by yourself about the competitor's product because you are not a certified engineer for the product! If you have, please share with us. But, I'm sure that, no one stops you to talk about others and sharing about their product! Should I write how should be configured a correlation rule for ANET or how should be used ANET? Sorry, this is not my business. 


Let back to your article: Rule Chain perception is not accurate for McAfee and the firewall admin scenario is totally wrong but, even if it is wrong or even if the scenario changed for the customer requirement, it can be easily addressed by McAfee SIEM and I'm definitely sure that the others will find a way also. 


McAfee SIEM can detect this type of scenario and send alerts to SOC/SIEM admins/operators via email, SNMP, telegram, etc. Correlation field operators are also not accurate for McAfee again! Also, your perception is not accurate for the Correlation field restrictions and correlation rule logic on McAfee SIEM because you are not certified and you are not educated for McAfee SIEM. If you are, please share with us. I see only you are right for about the McAfee Watchlist design and ML but, always we can have a workaround! 


If you want to learn how you can do it for all of the scenarios, please buy a McAfee/FortiNet/FireEye... product and submit a support ticket to Support or you can communicate with your Partners to get a professional service. 


Lastly, I think we should focus on the questions, technologies, and needs of the SIEM buyers. We should not say "impossible" or "it is not supported", if this is not our product but, of course, you can talk about ANET because it is your product.

Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5Leaderboard
Oct 11, 2021

@Seckin Demir If my comments do not satisfy you about the McAfee SIEM, you can check comments from Gartner.
Limited advanced features and add-ons: McAfee lags behind competing SIEM vendors that offer cloud-native SIEM options, ML powered UEBA and SOAR add-on solutions.Requirement for add-ons for a range of cloud environments: Native monitoring of popular SaaS solutions and CIPS by McAfee ESMis limited to Microsoft Office 365, AWS and Microsoft Azure. Other SaaS apps and CIPS require use of MVISION Cloud or an integration with a third-party CASB.Potential impact from sale of enterprise business: In March 2021, McAfee announced the sale of its enterprise business to Symphony Technology Group. This sale may introduce uncertainty for existing customers and potential buyers. Those considering McAfee for SIEM should check its roadmap and future support for McAfee ESM.
Also, you can also look at how the McAfee SIEM product's status in the Gartner Magic Quadrant has changed over the past three years.

PeerSpot user
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5Leaderboard
2021-07-12T12:18:15Z
Jul 12, 2021

@CraigHeartwell, ​thanks for your spelling correction. 


ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic.


SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.

CraigHeartwell - PeerSpot reviewer
Visionary at Whaduu, LLC
User
Jul 13, 2021

@Ertugrul Akbas Much appreciated, thank you.

PeerSpot user
Vendor
2021-07-14T18:27:05Z
Jul 14, 2021

Ertugrul,


Interesting to see an in-depth comparison, but your comments on Securonix (and Exabeam, BTW) are not really accurate. We provide the ability to build correlation based rules. These solutions started as UEBA, you are correct there, but they have been competing as complete SIEM solutions for a long time by now.

Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5Leaderboard
Jul 14, 2021

@Augusto Barros my sentence is: "Exabeam and Securonix are UEBA tools. They are not correlation-based solutions". It does not mean that Exabeam and Securonix do not provide the ability to build correlation based rules. I tried to emphasize their UEBA capability.

PeerSpot user
Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: November 2022.
653,522 professionals have used our research since 2012.
Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Jul 29, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
See 2 answers
HK
Lead Security Engineer at a tech services company with 1-10 employees
Feb 4, 2022
Their pricing is pretty comfortable. They will work with you on the cost.
PS
Executive Vice President,Global Head at LTI - Larsen & Toubro Infotech
Jul 29, 2022
When compared to other solutions, it is less expensive.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jan 20, 2022
Hi dear professionals, How would you compare Securonix and Splunk as a SIEM enterprise solution? 
See 1 answer
Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
Jan 20, 2022
I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.  There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
May 16, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Security Orchestration Automation and Re...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top User Behavior Analytics - UEBA Tools...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
2 out of 3 comments
MK
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
John Stanford - PeerSpot reviewer
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Mar 29, 2021
End-users can connect with different options: by cloud (AWS, Microsoft Azure or other cloud providers), by a SaaS solution or from their own datacenter. The next option is Multi Cloud and hybrid - this makes it difficult to find reasons for a performance problem.  Now users have to deal with many options for their network. You have to take into account problems such as latency and congestion...
See 1 comment
SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
Assoc Quality Analyst at OptumServe Technology Services
Mar 29, 2021
On top of this Cloud Infrastructure | Oracle is getting into frontline of the SAAS.
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
May 16, 2022
Top Security Orchestration Automation and Response (SOAR) Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Top 7 User Behavior Analytics (UEBA) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Exabeam, Splunk, Securonix Solutions, and more! Updated: November 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.