Coming October 25: PeerSpot Awards will be announced! Learn more

Home
Security Information and Event Management (SIEM)

Best Security Information and Event Management (SIEM) Tools

Get Recommendations

What is SIEM? A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems. SIEM tools centrally store and analyze log from different locations in order to spot patterns and trends that might signal an emerging security threat or attack. SIEM security combines a security information management (SIM) system with security event management (SEM) to form a single SIEM software solution. In this way, SIEM blends the best of event management tools with security event and incident management technologies.

There are multiple SIEM vendors competing in the market today. PeerSpot members offer a number of recommendations for those considering SIEM solutions.

Keep in mind, while SIEM is used for detecting security threats and triggers the alerts, a SOAR solution is needed to act on these alerts.

One phrase that comes up repeatedly in PeerSpot dialogues about SIEM products is “real time.” According to reviewers, SIEM technology should possess real-time threat analysis and reporting capabilities. Solutions should offer real time security related logs and incident reporting. Reports need to specify possible risks and damage to infrastructure. A SIEM tool should ideally provide real time gathering of logs and Log Correlation. Notification event Triggering and the availability special Event Collectors with different environment is viewed as a most important criterion.

Some PeerSpot members stress the importance of SIEM being able to combine information from multiple sources. The solution has to be capable of intelligent queries on these combined sources. Put another way, SIEM must offer compatibility with diverse security data sources and be able to adapt to new or unknown sources. Then, the SIEM solution should perform multilevel correlation on those sources of data.

Efficient use is important. A SIEM tool must be easy to deploy, configure and use. SIEM can be more effective if it integrates with Identity and Access Management. Alerting and workflow integration adds to administrative efficiency.

Specific features recommended include packet analysis, audit trail creation, threat intelligence and search. Users encourage potential buyers to have confidence in the power of a SIEM solution’s search performance and the performance of its threat intelligence engine. The solution should be capable of parsing any log format.

Security Information and Event Management (SIEM) insider threat Reviews

Showing reviews of the top ranking products in Security Information and Event Management (SIEM), containing the term insider threat

IBM QRadar: insider threat

PK

reviewer1584831 says in an IBM QRadar review

Solution Architect Cybersecurity at a tech services company with 501-1,000 employees

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well.

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

View full review »

RSA NetWitness Logs and Packets (RSA SIEM): insider threat

ST

reviewer1486083 says in a RSA NetWitness Logs and Packets (RSA SIEM) review

Manager at a comms service provider with 10,001+ employees

RSA NetWitness Logs and Packets are used exclusively for monitoring scenarios, insider threat analysis, and log retention.

View full review »

LogRhythm NextGen SIEM: insider threat

Jason Gagnon - PeerSpot reviewer

Jason Gagnon says in a LogRhythm NextGen SIEM review

Senior Cyber Security Engineer at a individual & family service with 10,001+ employees

It has not only helped us meet requirements on a development program, but it has also allowed us to focus on insider threats as well as provide forensics capabilities to identify potential security risks.

View full review »

Sadat Mohammad Rifat - PeerSpot reviewer

Sadat Mohammad Rifat says in a LogRhythm NextGen SIEM review

Senior System Engineer at a tech services company with 11-50 employees

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

View full review »