IT Central Station is now PeerSpot: Here's why

Top 8 Security Information and Event Management (SIEM) Tools

SplunkIBM QRadarMicrosoft SentinelDevoElastic SecurityLogRhythm NextGen SIEMFortinet FortiSIEMAT&T AlienVault USM
  1. leader badge
    It is the best tool if you have a complex environment or if data ingestion is too huge. The indexing and data collection are valuable.
  2. leader badge
    IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.
  3. Buyer's Guide
    Security Information and Event Management (SIEM)
    May 2022
    Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: May 2022.
    598,116 professionals have used our research since 2012.
  4. What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.
  5. The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored.
  6. It's not very complicated to install Elastic.ELK is open-source, and it will give you the framework you need to build everything from scratch.
  7. LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.
  8. report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    598,116 professionals have used our research since 2012.
  9. Technical support is helpful. Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.
  10. Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats. AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.

Advice From The Community

Read answers to top Security Information and Event Management (SIEM) questions. 598,116 professionals have gotten help from our community of experts.
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Are event correlation and aggregation both needed for effective event monitoring and SIEM? 

David Collier - PeerSpot reviewer
David CollierBoth are techniques aimed at reducing the number of active alerts an operator… more »
18 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security? If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commo...
Read More »
reviewer1510752 - PeerSpot reviewer
reviewer1510752SIEM involves in collection, correlation and aggregation of security logs and… more »
8 Answers
Malola Varadhan - PeerSpot reviewer
Malola Varadhan
User at First Abu Dhabi Bank P.j.s.c

I work at mid-sized enterprise bank. I am researching SIEM solutions. Which is the best tool for security information and event management: Arcsight or Securonix?

Himanshu Shah - PeerSpot reviewer
Himanshu ShahArcsight is a legacy SIEM a Ro-bust log management tool however works on EPS (… more »
11 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
Read More »
SimonClark - PeerSpot reviewer
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
12 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery at ASPL Info Services
May 19 2022

Hi community,

What are your top 5 (or less) cyber security trends in 2022?

Thanks in advance!

Pablo Cousino - PeerSpot reviewer
Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
10 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Mar 01 2022
Hi infosec professionals, What are the main architectural differences between those two technologies? What are the relations between the two of them? Are they complementary? What does an XDR solution provide that SIEM doesn't and vice versa? Thanks for sharing your knowledge with the community!
Read More »
David Swift - PeerSpot reviewer
David SwiftSIEM focuses on correlation - detection, both known (and with UEBA), unknown/0… more »
6 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Feb 01 2022

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
6 Answers
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.

Thanks

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
4 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi,

When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHello, Below there are views on the pros and cons of Internal SOC and… more »
10 Answers

Security Information and Event Management (SIEM) Articles

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Apr 04 2022
Hi peers, This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members. Trending Is RPA beneficial for a healthcare organization? With the increasing risk of cyber attacks in the west, due to the war in Ukra...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Mar 18 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microso...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Mar 04 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top ...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jan 25 2022
Hi peers, Spotlight #6 is our fresh bi-weekly community digest. It helps you catch up on recent contributions by community members. Please comment below with your feedback about our new brand name and this Spotlight!  Trending Top RPA trends and forecasts that will help boost the techn...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky@Shibu Babuchandran ​and @Dominic-Gopal, thank you for contributing your… more »
reviewer1577907 - PeerSpot reviewer
reviewer1577907Thank you for this helpful post and congratulations on the new company name!
2 Comments
Ertugrul Akbas - PeerSpot reviewer
Ertugrul Akbas
Manager at a computer software company with 11-50 employees
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis. In today’s ever-evolving cy...
Read More »
CraigHeartwell - PeerSpot reviewer
CraigHeartwellExcellent article.  ArcSight claims to use ML - they are not listed under ML… more »
6 Comments
Andrés Batista - PeerSpot reviewer
Andrés Batista
Executive Account Manager
Cybersecurity is a massive issue for small and medium-sized businesses, and a lack of knowledge worsens its process. According to the National Cyber Security Alliance, 60% of SMBs that experience a severe cyber-attack go out of business within six months. However, you as an owner must protect you...
Read More »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraIt is also interesting to think about: 1. Have an effective and tested… more »
1 Comment
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
We receive alerts all day long - alerts about emails, incoming Whatsapps and SMSes, posts on social media, etc. At some point we become desensitized to these alerts and stop noticing them anymore - a phenomenon known as “alert fatigue.” Seventy percent of a SOC analyst’s workday is spent dealing ...
Read More »
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detects malicious behavior on the host. It monitors all the operating system operations, tracks user behavior, and operates independently without human assistance. How does a Host-based Intrusion Detectio...
Read More »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranThanks for sharing its very informative
1 Comment
Ertugrul Akbas - PeerSpot reviewer
Ertugrul Akbas
Manager at a computer software company with 11-50 employees
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — E...
Read More »
Tjeerd Saijoen - PeerSpot reviewer
Tjeerd Saijoen
CEO at Rufusforyou
Security and protecting your IT environment is the biggest challenge now.  How to prevent ransomware attacks? Part 1 described our approach to proactively protect your environment. The first step is to scan your environment from server to endpoint and check your complete environment on several ...
Read More »
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Security Incident and Event Management (SIEM) has been widely adopted and used to manage cybersecurity events. As a result, the SIEM market is expected to grow by approximately 25% over the next five years as the need for cybersecurity automation increases. Even though the market is expanding, th...
Read More »
Ertugrul Akbas - PeerSpot reviewer
Ertugrul Akbas
Manager at a computer software company with 11-50 employees
Part of the SIEM problems enterprises face is failing to maintain it with the proper correlation rules. SIEM use cases or rules are 80% of the value of the product. All SIEM solutions have a correlation feature, but they are not the same. Before choosing a SIEM, you must check correlation c...
Read More »
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Security information and event management (SIEM) is a multipurpose security management protocol that combines security information management (SIM) and security event management (SEM). SIEM has recently emerged as the gold standard approach to network security. It uses historical as well as real...
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
There are a lot of considerations when choosing a Security Incident and Event Management (SIEM) Solution for your business. That’s why users on IT Central Station often turn to our community to ask for advice. In this Q&A round-up, we’re going to take a look at some of the insights about SI...
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_SklarShout out to @Simo Sim @Aji Joseph ​@Consulta85d2 ​@Anthony Mack ​@Marty Barron… more »
2 Comments
Matthew Shoffner - PeerSpot reviewer
Matthew Shoffner
The major regulatory compliance schemes do not mention Security Incident and Event Management (SIEM) systems by name, but in reality, SIEM tools are essential for achieving compliance and passing their certification audits. The National Institute of Standards and Technology (NIST) Cybersecurity F...
Read More »
Matthew Shoffner - PeerSpot reviewer
Matthew Shoffner
A Security Incident and Event Management (SIEM) solution typically represents a significant investment, even for a large enterprise. With the average price coming in at $50,000, ranging from a minimum of $20,000 and getting to be upwards of $1M, SIEM solutions carry a hefty price tag. However, t...
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Members of the IT Central Station community are always happy to take a few minutes to help other users by answering questions posted on our site. In this Q&A round-up, we’re focusing on our users’ answers about SIEM, Identity and Access Management, and the Differences between Hyper-conv...
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_Sklar@Himanshu Shah ​@Consulta85d2 ​@Aji Joseph ​@Mark Adams ​@Steffen Hornung ​@Dan… more »
1 Comment
Matthew Shoffner - PeerSpot reviewer
Matthew Shoffner
Security Incident and Event Management (SIEM) has been widely adopted and used to manage cybersecurity events as the benefits of SIEM are apparent. As a result, the SIEM market is expected to grow by approximately 25% over the next 5 years as the need for cybersecurity automation increases. Even ...
Read More »

Security Information and Event Management (SIEM) Topics

Tips for choosing the right SIEM solution

As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.

  1. Define your goal

Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”

  1. Limit your options

As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget

  1. Create a framework for your POC

Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.

One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”

Buyer's Guide
Security Information and Event Management (SIEM)
May 2022
Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: May 2022.
598,116 professionals have used our research since 2012.