Coming October 25: PeerSpot Awards will be announced! Learn more
2014-05-07T20:11:00Z
PeerSpot user
Security Solution Architect with 501-1,000 employees
  • 9
  • 14

Has anyone got experience in deployment of a SIEM solution?

Has anyone got experience in deployment of a SIEM solution using either McAfee Nitro or IBM Qradar or AlienVault USM? 

I am looking to understand the pitfalls associated. I find that the vendor documentation is often short on specifics in relation to the overall components needed and am concerned that there is a nasty expensive surprise waiting for me.

9
PeerSpot user
9 Answers
PeerSpot user
Senior Customer Manager, Security Solutions at ScienceSoft
Consultant
2017-04-04T14:24:13Z
04 April 17

This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem
HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.

PeerSpot user
Software Engineer at a tech services company
Consultant
2016-04-26T19:13:12Z
26 April 16

i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.

PeerSpot user
Security Professional with 501-1,000 employees
Consultant
Top 10
2016-04-13T08:45:30Z
13 April 16

The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.

A.J. DiLorenzo - PeerSpot reviewer
Senior Systems Administrator at Privia Health
Real User
2016-04-05T22:19:40Z
05 April 16

I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.

PeerSpot user
Senior Informix DBA with 501-1,000 employees
Vendor
2015-03-26T16:44:52Z
26 March 15

Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.

it_user417333 - PeerSpot reviewer
InfoSec Manager
MSP
2016-04-04T10:37:32Z
04 April 16

is it the same now for Alienvault? What level of Linux knowledge is needed?

Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: September 2022.
634,590 professionals have used our research since 2012.
it_user182445 - PeerSpot reviewer
ICT Security Officer at a healthcare company with 1,001-5,000 employees
Vendor
2015-01-16T13:55:04Z
16 January 15

I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world

PeerSpot user
Security Expert at Q1 Labs, an IBM Company
Consultant
2014-05-15T14:51:56Z
15 May 14

That's the problem with the SIEM solutions that have no built-in intelligence.

Vendor
2014-05-08T21:44:31Z
08 May 14

We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.

Related Questions
Navin Rehnius - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
Aug 10, 2021
Hi community members, I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics. Based on your experience, which SOC tool/solution would you recommend and why?
2 out of 12 answers
Kumar Mahadevan - PeerSpot reviewer
IT Infrastructure Analyst at AG Group
26 July 21
I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module. The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?
Kashif Ali - PeerSpot reviewer
Unit Head Titanium (Security Solution) at RapidCompute
26 July 21
We are using LogRthythm SIEM complete case management and offer SIEM/SOC as service.
DE
IT System Administrator at a engineering company with 1,001-5,000 employees
Jul 28, 2021
Hello, Can you please share your opinion about purchasing and using IBM QRadar?
2 out of 3 answers
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
23 April 21
@Dawn Eickenhorst ​, you might like to check the following link:  https://www.itcentralstation.com/products/ibm-qradar-reviews  
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
29 April 21
IBM QRADAR is a great SIEM systems only expensive, it is capable to detect and report on security issues and the AI is doing a great job. If I compare it with different systems on the market, Riverbeds security system is equal, Advise if you like to go with IBM you should ask for the roadmap of Qradar.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 02, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 09, 2021
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis. In today’s ever-evolving cybersecurity climate, businesses face more threats than ever before. Finding the right SIEM is crucia...
2 out of 6 comments
CraigHeartwell - PeerSpot reviewer
Visionary at Whaduu, LLC
12 July 21
Excellent article.  ArcSight claims to use ML - they are not listed under ML here (?).  Can LogRhythm handle your correlation logic example?  A simple comparison table would be very useful (features, checkmarks).
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
12 July 21
@CraigHeartwell, ​thanks for your spelling correction.  ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic. SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
May 12, 2021
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
See 2 comments
MK
IBM Security, European Threat Management Sales Leader at IBM
11 May 21
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
John Stanford - PeerSpot reviewer
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
12 May 21
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Mar 29, 2021
End-users can connect with different options: by cloud (AWS, Microsoft Azure or other cloud providers), by a SaaS solution or from their own datacenter. The next option is Multi Cloud and hybrid - this makes it difficult to find reasons for a performance problem.  Now users have to deal with many options for their network. You have to take into account problems such as latency and congestion...
See 1 comment
SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
Assoc Quality Analyst at OptumServe Technology Services
29 March 21
On top of this Cloud Infrastructure | Oracle is getting into frontline of the SAAS.
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Oct 27, 2020
Members of the IT Central Station community are always happy to take a few minutes to help other users by answering questions posted on our site. In this Q&A round-up, we’re focusing on our users’ answers about SIEM, Identity and Access Management, and the Differences between Hyper-converged Infrastructure vs Converged Infrastructure. Which is the best SIEM tool for a mid-sized enter...
See 1 comment
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
27 October 20
@Himanshu Shah ​@Consulta85d2 ​@Aji Joseph ​@Mark Adams ​@Steffen Hornung ​@Dan Reynolds ​
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 02, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Oct 09, 2021
The Math of SIEM Comparison
There are many comparisons and scoring reports like Gartner. But a small part of their scoring...
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about McAfee, Splunk, IBM, and more! Updated: September 2022.
DOWNLOAD NOW
634,590 professionals have used our research since 2012.