2015-01-06T12:07:00Z

RSA-EMC vs. other SIEM products?

it_user178008 - PeerSpot reviewer
  • 15
  • 59
PeerSpot user
9

9 Answers

it_user108681 - PeerSpot reviewer
Vendor
2015-01-13T17:05:56Z
Jan 13, 2015

Comparing RSA eNvision to other SIEM products.

To me a no brainer. Just don’t touch the RSA product.

Without knowing your requirements it is not easy to add further comments.

However.

IBM Qradar installs quickly. You can be up and running in hours. It does top last years Gartner report on SIEM.

Mcafee Nitro. Install is easy. Learning to drive it takes a while.

AlienVault. Easy install. Cost generally much cheaper than competitors. Is good.

Search for a product comparison in Security Information and Event Management (SIEM)
VS
Real User
2015-01-08T04:19:23Z
Jan 8, 2015

RSA Envision is no longer being sold as a SIEM by EMC. Instead they have
moved on to Security Analytics (SA) based on the acquired Netwitness
platform. RSA Envision is more of a Log Management tool than SIEM. I would
recommend to see the entire comparison between various SIEM products here -
http://infosecnirvana.com/siem-product-comparison-101/

it_user3405 - PeerSpot reviewer
Reseller
2015-01-07T09:25:47Z
Jan 7, 2015

@Santhakumar

I think the only thing you were looking for was a matrix to do a SIEM comparison. It seems that people are making assumptions and while interjecting instead of listening to what you are asking. I am not going to assume, please review the list to see if this is what you are looking for:

https://www.logrhythm.com/Portals/0/resources/LR_DCIG_2014-15_SIEM_Appliance_Buyer's%20Guide.pdf

Todd

Vendor
2015-01-06T16:40:18Z
Jan 6, 2015

Sorry,

I’ve worked with NitroSecurity (McAfee), QRadar (IBM), and ArcSight (HP) but I haven’t worked with RSA-EMC.

We did do an evaluation of the three products but it was based on the customer’s criteria – all three of the products have significant capabilities so it really depends on what capabilities that you want in a SIEM solution the most.

I can provide you with a synopsis of what the evaluation results (assuming that I can get our customer’s permission) but I’m not sure that will help you.

Russ

it_user126894 - PeerSpot reviewer
Real User
2015-01-06T14:54:07Z
Jan 6, 2015

ArcSight and McAfee(Intel) Nitro are really strong SIEM solutions, but the price......
No matter which SIEM solution you will select, the most important thing is the right SIEM implementation (more than SIEM selection):
- Log collection: Network,Security,System/App
- Rule configuration based on collected Events and predefined Use Cases

In Nitro form McAfee for example you need to buy also Receivers for log collection based on your requirements, like: 10K/15K/20K EPS (more money). Or you could buy Combo device for smaller organization.

All depends on your final goals like: Is it going to be part of the complete SOC solution?
Organization Size?
There no correct answer on question “Which SIEM is the Best” , there a lot of multiple options.
Your SIEM selection should be based on your requirements and capabilities.

Today SIEM is already only small piece in follows up solution.

it_user113184 - PeerSpot reviewer
Consultant
2015-01-06T12:47:39Z
Jan 6, 2015

Hi Kumar,
I strongly believe that before anyone makes any attempt to compare "SIEM" solutions, he/she must first have a good idea of the present and future needs. Strictly speaking Splunk is not a SIEM solution (you should see it as an advanced log management solution), Arcight and McAfee are indeed SIEM solutions, and IBM's QRadar solution goes beyond what a SIEM is and should be.
I am sure you will agree that the above implies that a comparison matrix would not have a great deal of value as you cannot compare a Security Intelligence platofrm to an advanced log management solution.
Hope this is of help in any way.
Best Regards.

Find out what your peers are saying about RSA, Splunk, NetWitness and others in Security Information and Event Management (SIEM). Updated: March 2024.
763,955 professionals have used our research since 2012.
Vendor
2015-01-06T12:30:28Z
Jan 6, 2015

I would best direct them to Gartner Magic Quadrant 2014 or SC Magazine SIEM evaluations.

Other factors that come into play would be EPS, business use case and
technology team who will be using this product.

Regards

Sumit Garg

it_user146268 - PeerSpot reviewer
Consultant
2015-01-06T12:28:03Z
Jan 6, 2015

Hi Kumar,

We are using RSA envsion and we are having a tough time with the support and implementation.
There are other SIEM solutions like McAfee Nitro, Splunk, ArcSight. In this Splunk is the best since the customization is so amazing until you have some basic knowledge on programming, but the Splunk community is so good they support us very good.

ArcSight is also a good product but its very expensive. I haven't worked with McAfee Nitro.

I will update you in couple of weeks since i will doing a POC on these devices.

SO according to me Splunk is the best if you really need a better output.

it_user135249 - PeerSpot reviewer
Vendor
2015-01-06T12:24:15Z
Jan 6, 2015

Hi

I would rather suggest comparing RSA Security Analytics to other SIEM solutions as RSA has EOL Envision. The new features should give you a better apples with apples comparison to the other SIEM’s.

Regards
Tallen

Security Information and Event Management (SIEM)
A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems.
Download Security Information and Event Management (SIEM) ReportRead more

Related Q&As

Security Information and Event Management (SIEM) experts

Prateek Agarwal - PeerSpot reviewer
Nagendra Nekkala. - PeerSpot reviewer
Olajide Olusegun - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Shashank N - PeerSpot reviewer
Shaamil Ashraff - PeerSpot reviewer
Derrick Brockel - PeerSpot reviewer
JA