I'm comparing RSA Envision to some of its competitor SIEM products. Can you help me with a comparison matrix?
Comparing RSA eNvision to other SIEM products.
To me a no brainer. Just don’t touch the RSA product.
Without knowing your requirements it is not easy to add further comments.
IBM Qradar installs quickly. You can be up and running in hours. It does top last years Gartner report on SIEM.
Mcafee Nitro. Install is easy. Learning to drive it takes a while.
AlienVault. Easy install. Cost generally much cheaper than competitors. Is good.
RSA Envision is no longer being sold as a SIEM by EMC. Instead they have
moved on to Security Analytics (SA) based on the acquired Netwitness
platform. RSA Envision is more of a Log Management tool than SIEM. I would
recommend to see the entire comparison between various SIEM products here -
I think the only thing you were looking for was a matrix to do a SIEM comparison. It seems that people are making assumptions and while interjecting instead of listening to what you are asking. I am not going to assume, please review the list to see if this is what you are looking for:
I’ve worked with NitroSecurity (McAfee), QRadar (IBM), and ArcSight (HP) but I haven’t worked with RSA-EMC.
We did do an evaluation of the three products but it was based on the customer’s criteria – all three of the products have significant capabilities so it really depends on what capabilities that you want in a SIEM solution the most.
I can provide you with a synopsis of what the evaluation results (assuming that I can get our customer’s permission) but I’m not sure that will help you.
ArcSight and McAfee(Intel) Nitro are really strong SIEM solutions, but the price......
No matter which SIEM solution you will select, the most important thing is the right SIEM implementation (more than SIEM selection):
- Log collection: Network,Security,System/App
- Rule configuration based on collected Events and predefined Use Cases
In Nitro form McAfee for example you need to buy also Receivers for log collection based on your requirements, like: 10K/15K/20K EPS (more money). Or you could buy Combo device for smaller organization.
All depends on your final goals like: Is it going to be part of the complete SOC solution?
There no correct answer on question “Which SIEM is the Best” , there a lot of multiple options.
Your SIEM selection should be based on your requirements and capabilities.
Today SIEM is already only small piece in follows up solution.
I strongly believe that before anyone makes any attempt to compare "SIEM" solutions, he/she must first have a good idea of the present and future needs. Strictly speaking Splunk is not a SIEM solution (you should see it as an advanced log management solution), Arcight and McAfee are indeed SIEM solutions, and IBM's QRadar solution goes beyond what a SIEM is and should be.
I am sure you will agree that the above implies that a comparison matrix would not have a great deal of value as you cannot compare a Security Intelligence platofrm to an advanced log management solution.
Hope this is of help in any way.
I would best direct them to Gartner Magic Quadrant 2014 or SC Magazine SIEM evaluations.
Other factors that come into play would be EPS, business use case and
technology team who will be using this product.
We are using RSA envsion and we are having a tough time with the support and implementation.
There are other SIEM solutions like McAfee Nitro, Splunk, ArcSight. In this Splunk is the best since the customization is so amazing until you have some basic knowledge on programming, but the Splunk community is so good they support us very good.
ArcSight is also a good product but its very expensive. I haven't worked with McAfee Nitro.
I will update you in couple of weeks since i will doing a POC on these devices.
SO according to me Splunk is the best if you really need a better output.
I would rather suggest comparing RSA Security Analytics to other SIEM solutions as RSA has EOL Envision. The new features should give you a better apples with apples comparison to the other SIEM’s.