Top 8 Security Information and Event Management (SIEM) Tools
SplunkIBM QRadarMicrosoft SentinelDevoElastic SecurityLogRhythm NextGen SIEMFortinet FortiSIEMAT&T AlienVault USM
Popular Comparisons It is the best tool if you have a complex environment or if data ingestion is too huge.
The indexing and data collection are valuable.
Popular Comparisons IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.
Popular Comparisons What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.
The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.
Popular Comparisons The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.
The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored.
Popular Comparisons One of the most valuable features of this solution is that it is more flexible than AlienVault.
It's not very complicated to install Elastic.
Popular Comparisons It's reliable and the performance is good.
SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem.
Popular Comparisons Technical support is helpful.
Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.
Popular Comparisons Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats.
AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.
Buyer's Guide
Security Information and Event Management (SIEM)
June 2022
Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: June 2022.
607,127 professionals have used our research since 2012.
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
607,127 professionals have used our research since 2012.
See all 51 solutions in Security Information and Event Management (SIEM)
Advice From The Community
Read answers to top Security Information and Event Management (SIEM) questions. 607,127 professionals have gotten help from our community of experts.Security Information and Event Management (SIEM) Articles
Security Information and Event Management (SIEM) Topics
Tips for choosing the right SIEM solution
As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.
- Define your goal
Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”
- Limit your options
As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget
- Create a framework for your POC
Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.
One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”
Buyer's Guide
Security Information and Event Management (SIEM)
June 2022
Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: June 2022.
607,127 professionals have used our research since 2012.