Top 8 Security Information and Event Management (SIEM) Tools
SplunkIBM QRadarDevoMicrosoft SentinelFortinet FortiSIEMLogRhythm NextGen SIEMRSA NetWitness Logs and Packets (RSA SIEM)Securonix Security Analytics
The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.
The SIEM is the most valuable feature of the product.
It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.
The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.
Combines SOC and NOC into a single solution with a single pane of glass.
Provides security posture management.
LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.
The newer 11.5 version that my team is using has found it to have good mapping.
The solution is really scalable for the high-end power, enterprise customer.
The solution is stable and scalable.
There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.
Tips for choosing the right SIEM solution
As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.
- Define your goal
Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”
- Limit your options
As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget
- Create a framework for your POC
Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.
One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”