Security Solution Architect with 501-1,000 employees
Has anyone got experience in deployment of a SIEM solution?
Has anyone got experience in deployment of a SIEM solution using either McAfee Nitro or IBM Qradar or AlienVault USM?
I am looking to understand the pitfalls associated. I find that the vendor documentation is often short on specifics in relation to the overall components needed and am concerned that there is a nasty expensive surprise waiting for me.
Hi community members,
I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.
Based on your experience, which SOC tool/solution would you recommend and why?
I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module.
The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?
IBM QRADAR is a great SIEM systems only expensive, it is capable to detect and report on security issues and the AI is doing a great job. If I compare it with different systems on the market, Riverbeds security system is equal, Advise if you like to go with IBM you should ask for the roadmap of Qradar.
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 8 Log Management Tools to help you d...
There are many comparisons and scoring reports like Gartner. But a small part of their scoring is technical capacity. Other comparisons available on the web or magazines are marketing, sales, and presales documents. They do not include extensive technical analysis.
In today’s ever-evolving cybersecurity climate, businesses face more threats than ever before. Finding the right SIEM is crucia...
Excellent article. ArcSight claims to use ML - they are not listed under ML here (?).
Can LogRhythm handle your correlation logic example? A simple comparison table would be very useful (features, checkmarks).
@CraigHeartwell, thanks for your spelling correction.
ArcSight acquired Interset for ML. Yes, LogRhythm can handle the logic.
SIEM Comparison table is on my mind for a long time. I published the Turkish version. I need to work to extend it before publishing.
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities:
Scalability — Ensure the solution has the capability to accommodate the current and the projected growth.
Log compatibility — Ensure that the solution is compatible with your logs
Correlation engine — Does the solution have th...
IBM Security, European Threat Management Sales Leader at IBM
11 May 21
Having the SIEM as a central feeder is a traditional solution architecture. The question can be asked , do I have the right security platform ?. As the interconnections to this traditional centralized solution will always need maintaining. In the case of a Security platform this effort is removed.
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
12 May 21
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
End-users can connect with different options: by cloud (AWS, Microsoft Azure or other cloud providers), by a SaaS solution or from their own datacenter. The next option is Multi Cloud and hybrid - this makes it difficult to find reasons for a performance problem.
Now users have to deal with many options for their network. You have to take into account problems such as latency and congestion...
Members of the IT Central Station community are always happy to take a few minutes to help other users by answering questions posted on our site. In this Q&A round-up, we’re focusing on our users’ answers about SIEM, Identity and Access Management, and the Differences between Hyper-converged Infrastructure vs Converged Infrastructure.
Which is the best SIEM tool for a mid-sized enter...