2021-05-18T12:31:00Z
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
  • 1162
Published:

The Math of SIEM Comparison

Product comparison that may be of interest to you
3
PeerSpot user
3 Comments
Real User
2021-10-09T13:15:10Z
Oct 9, 2021

If this article was specific to ANET only and was describing the product and its features, it would be useful for buyers, but it seems to be a different situation. I'll not hide I'm a fan of McAfee (as expected ex McAfee employee) but, I will also be professional. 


I see a simple idea in this article, "It is not possible" for competitor vendors, is that really true? 


I think you can actually say: "Hey, my product is the best, don't spend your time making a PoC with other SIEM/UEBA vendors or partners. Drop the current SIEM/UEBA product and buy my product". This can be more helpful for your sales opportunities! 


But, for the other readers; did you work with any competitor vendors or any certified competitors' partner or any certified engineer of the vendors when preparing/sharing this article? I don't think so. 


Why you are sharing McAfee community links to get support for this article? I think there is no rule or perception of people have to be accepting your idea if a question is not answered on the community portal! Yes, the vendor should care of the community portal but, the vendor also has a Support Portal for their customers! 


I think you should not do and not share anything by yourself about the competitor's product because you are not a certified engineer for the product! If you have, please share with us. But, I'm sure that, no one stops you to talk about others and sharing about their product! Should I write how should be configured a correlation rule for ANET or how should be used ANET? Sorry, this is not my business. 


Let back to your article: Rule Chain perception is not accurate for McAfee and the firewall admin scenario is totally wrong but, even if it is wrong or even if the scenario changed for the customer requirement, it can be easily addressed by McAfee SIEM and I'm definitely sure that the others will find a way also. 


McAfee SIEM can detect this type of scenario and send alerts to SOC/SIEM admins/operators via email, SNMP, telegram, etc. Correlation field operators are also not accurate for McAfee again! Also, your perception is not accurate for the Correlation field restrictions and correlation rule logic on McAfee SIEM because you are not certified and you are not educated for McAfee SIEM. If you are, please share with us. I see only you are right for about the McAfee Watchlist design and ML but, always we can have a workaround! 


If you want to learn how you can do it for all of the scenarios, please buy a McAfee/FortiNet/FireEye... product and submit a support ticket to Support or you can communicate with your Partners to get a professional service. 


Lastly, I think we should focus on the questions, technologies, and needs of the SIEM buyers. We should not say "impossible" or "it is not supported", if this is not our product but, of course, you can talk about ANET because it is your product.

Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5
Oct 11, 2021

@Seckin Demir If my comments do not satisfy you about the McAfee SIEM, you can check comments from Gartner.
Limited advanced features and add-ons: McAfee lags behind competing SIEM vendors that offer cloud-native SIEM options, ML powered UEBA and SOAR add-on solutions.Requirement for add-ons for a range of cloud environments: Native monitoring of popular SaaS solutions and CIPS by McAfee ESMis limited to Microsoft Office 365, AWS and Microsoft Azure. Other SaaS apps and CIPS require use of MVISION Cloud or an integration with a third-party CASB.Potential impact from sale of enterprise business: In March 2021, McAfee announced the sale of its enterprise business to Symphony Technology Group. This sale may introduce uncertainty for existing customers and potential buyers. Those considering McAfee for SIEM should check its roadmap and future support for McAfee ESM.
Also, you can also look at how the McAfee SIEM product's status in the Gartner Magic Quadrant has changed over the past three years.

PeerSpot user
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5
2021-07-12T12:18:15Z
Jul 12, 2021

@CraigHeartwell, ​thanks for your spelling correction. 


ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic.


SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.

CH
Visionary at Whaduu, LLC
User
Jul 13, 2021

@Ertugrul Akbas Much appreciated, thank you.

PeerSpot user
Vendor
2021-07-14T18:27:05Z
Jul 14, 2021

Ertugrul,


Interesting to see an in-depth comparison, but your comments on Securonix (and Exabeam, BTW) are not really accurate. We provide the ability to build correlation based rules. These solutions started as UEBA, you are correct there, but they have been competing as complete SIEM solutions for a long time by now.

Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Real User
Top 5
Jul 14, 2021

@Augusto Barros my sentence is: "Exabeam and Securonix are UEBA tools. They are not correlation-based solutions". It does not mean that Exabeam and Securonix do not provide the ability to build correlation based rules. I tried to emphasize their UEBA capability.

PeerSpot user
Find out what your peers are saying about IBM Security QRadar vs. NetWitness Platform and other solutions. Updated: September 2023.
735,226 professionals have used our research since 2012.
Related Questions
Liam Brandt - PeerSpot reviewer
User at Catalyic Consulting (Pvt.) Ltd
Mar 22, 2023
Hi community, Please let us know your thoughts in the comments below. Thank you!
See 2 answers
VS
User at RAS Unipers
Mar 14, 2023
Hi, in my opinion, because it is still the best at giving you visibility of what's happening in your IT infrastructure, and at detecting threats. Visibility and detection may seem simple tasks. but actually, they require a lot of capabilities in understanding, integrating, logging, and alarms from a huge multitude of devices. Such tasks go under the line of log ingestion, normalization, etc., and that is far from easy. QRadar has done a lot of work in that direction. Another aspect is event correlation. And here, either you write the correlation rules yourself, spending $$$$ of professional services, and by the way, it'll take forever to test, implement and maintain up to date, or your access to a very long list of preset correlation rules, that are already available and waiting to be activated. Finally, visibility and threat detection is just the beginning of a journey pointed at becoming aware of what's happening in your IT and taking relevant and effective action. There are several other technologies that have to be used to minimize exposure, and contain, and remediate relations to an attack. I believe IBM has a few of those, that can be integrated. But whichever you use at the end of this journey, if the original feed is not correct, not relevant, or not complete, you missed your goal in the first place.My 5 cents :)VS
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Mar 22, 2023
I´m not sure about this affirmation. There are a lot of other tools used.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Oct 18, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 4 answers
SU
Team Lead - Information Security at LTI - Larsen & Toubro Infotech
Feb 6, 2022
The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.
SD
IM Operations Manager at a tech services company with 1,001-5,000 employees
Apr 25, 2022
IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 30, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Security Orchestration Automation and Re...
See 1 comment
Dec 30, 2022
I noticed that you mentioned a few SOAR vendors in the list, however, I would like to bring to your attention that Critical Start, Exabeam Fusion, and McAfee ePolicy are not SOAR providers.
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top User Behavior Analytics - UEBA Tools...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Jan 24, 2023
It is important to retain logs for a significant amount of time in order to be able to investigate and analyze past attacks. This allows security teams to identify patterns and trends that can aid in the detection and prevention of future attacks. The retention period will vary depending on the organization's specific requirements and regulations, but it is generally recommended to keep logs ...
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
Product Comparisons
Related Articles
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 30, 2022
Top Security Orchestration Automation and Response (SOAR) Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Top 7 User Behavior Analytics (UEBA) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing IBM Security QRadar and NetWitness Platform based on reviews, features, and more! Updated: September 2023.
DOWNLOAD NOW
735,226 professionals have used our research since 2012.