2022-03-05T17:52:00Z

Which reliable and cost-effective SIEM product would you recommend in 2022?

Chetankumar Savalagimath - PeerSpot reviewer
  • 3
  • 65
PeerSpot user
3

3 Answers

PrasanthPrasad - PeerSpot reviewer
Real User
2022-05-05T11:40:36Z
May 5, 2022

HI, 


I would go with Elastic Enterprise Search. There are a few reasons why. 


1. You can start with the community edition, fully free of cost


2. You can level up the skills and capabilities that you would like to use, and then move to a paid version


3. Comes with a fully scalable, SoC architecture that you can build out of this by utilizing the various features that come with Elastic by default. You could start by ingesting just the Logs, Events, Metrics, etc.. and then build out a SIEM use case, APM use case, and XDR use case - all with the same software. 


4. Already designed in a fully versatile architecture, the same solution can be used as a 100% on-premise solution to a 100% cloud, and everything in between. 


5. It is kind of a buy one a get all solution in a way of speaking


6. It is completely infrastructure agnostic. You could build this on almost any kind of infrastructure as long as you are providing the right amount of computing and storage. 

Search for a product comparison in Security Information and Event Management (SIEM)
DK
User
2022-04-23T04:16:18Z
Apr 23, 2022

Look at aiSIEM as well. 


It’s very cost-effective and includes the following features: SIEM, SOAR, NBAD, NTA, UEBA, IDS/IPS, and TI in a single aiSIEM license.

Real User
2022-03-23T17:54:50Z
Mar 23, 2022

It's best to start your search based on the use cases/problems you need to solve. 


Each product has strengths and weaknesses. I'd suggest you may want to consider UEBA and SOAR in the decision. 


Our SOC teams just don't have enough people, and SIEM rules turn out high false-positive rates. 


Look at the MITRE ATT&CK Framework for some guidelines on stitching multiple indicators together (threat chains/kill chains).  


Collecting and searching on text, everyone can do. Finding anomalies and stitching them together into a correlated event that includes anomalies, not just preset rules with thresholds is much harder. 


Enabling blocking actions and automating SOC responses should be part of your planning. I've yet to meet a SOC team with enough people, so improving automation on what to do after detection and how it integrates is a key to doing more than text search/threat hunting.

Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM). Updated: March 2024.
765,386 professionals have used our research since 2012.
Security Information and Event Management (SIEM)
A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems.
Download Security Information and Event Management (SIEM) ReportRead more

Related Q&As

Security Information and Event Management (SIEM) experts

Prateek Agarwal - PeerSpot reviewer
Nagendra Nekkala. - PeerSpot reviewer
Olajide Olusegun - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Shashank N - PeerSpot reviewer
Shaamil Ashraff - PeerSpot reviewer
Derrick Brockel - PeerSpot reviewer
JA