We changed our name from IT Central Station: Here's why

Top 8 Security Information and Event Management (SIEM) Tools

SplunkIBM QRadarDevoMicrosoft SentinelFortinet FortiSIEMLogRhythm NextGen SIEMRSA NetWitness Logs and Packets (RSA SIEM)Securonix Security Analytics
  1. leader badge
    The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.The SIEM is the most valuable feature of the product.
  2. leader badge
    It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
  3. Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: January 2022.
    564,143 professionals have used our research since 2012.
  4. The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.
  5. The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.
  6. Combines SOC and NOC into a single solution with a single pane of glass.Provides security posture management.
  7. LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.
  8. report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    564,143 professionals have used our research since 2012.
  9. The newer 11.5 version that my team is using has found it to have good mapping.The solution is really scalable for the high-end power, enterprise customer.
  10. The solution is stable and scalable.There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.
Tips for choosing the right SIEM solution

As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.

  1. Define your goal

Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”

  1. Limit your options

As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget

  1. Create a framework for your POC

Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.

One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”

Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: January 2022.
564,143 professionals have used our research since 2012.