Solutions Review’s listing of the Vendors to Know: SIEM is a mashup of products that best represent current market conditions, according to the crowd. Our editors selected the privileged access management products listed here based on each solution’s Authority Score, a meta-analysis of real user sentiment through the web’s most trusted business software review sites and our own proprietary five-point inclusion criteria.
Who are the Vendors to Know in SIEM in 2020?
The editors at Solutions Review continually research the most prominent and influential SIEM vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the Vendors to Know in SIEM.
Note: Companies are listed in alphabetical order.
2020 Vendors to Know: SIEM
AT&T Cybersecurity offers the AlienVault® Unified Security Management® (USM) platform. It combines SIEM and log management capabilities with other essential security tools—including asset discovery, vulnerability assessment, and intrusion detection (NIDS and HIDS). It has appeared in both relevant Forrester Wave and Gartner reports, including the 2020 Magic Quadrant.
CYBERShark, powered by BlackStratus, is a SIEM technology and service-focused solution provider. CYBERShark offers a huge portfolio of solutions with offerings including LogStorm, SIEMStorm, and SOC-As-A-Service. CYBERShark is a cloud-based SIEM-as-a-service designed for digital transformations. It offers a simplified licensing model flexible for scale and deployment.
Cygilant’s provides cloud-based security monitoring and security intelligence with custom threat hunting, detection, and response. Cygilant seeks to reduce cyber risk and enable enterprises to implement comprehensive strategies to combat cyber risk by combining people, process, and technology. Cygilant offers its SOCVue solution—a security hybrid SaaS offering—and provides 24/7 security operations.
empow is the developer of a SIEM system that detects cyberattacks and automatically orchestrates adaptive investigation and mitigation actions in real-time. empow’s i-SIEM platform automatically understands the fundamental nature or intent of threats and finds the actual attacks hidden in the “noise.” The i-SIEM empow features a strategic and commercial OEM partnership with Elastic.
Exabeam offers its Security Intelligence Platform as a collection of components—built on several big data platforms—that can be selected and deployed separately. Its Log Manager component handles the data management, including collection and storage, and can collect from both local endpoints and cloud-based applications. Its Advanced Analytics component is a stand-alone UEBA tool.
Fortinet offers its platform FortiSIEM. FortiSIEM provides SIEM, file integrity monitoring (FIM), configuration management database (CMDB), and availability and performance capabilities. Analytics-driven IT operations helps companies manage and monitor network performance, security, and compliance requirements. FortiSIEM detects network services and profiles network traffic from sources such as network flows and firewall logs.
IBM Security’s QRadar Platform offers log and risk management that can be deployed as an appliance, a virtual appliance, or a SaaS infrastructure as a service (IaaS). It also delivers a hybrid option, with on-premises QRadar deployment combined with a SaaS solution hosted on its IBM Cloud. IBM products provide a unified architecture for integrating security information and event management, log management, anomaly detection, and incident forensics.
Lacework automates security and compliance across AWS, Azure, GCP, and private clouds, providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance. It was also noted as an Emerging Security Vendor to Know in 2019 by CRN.
Logentries offers real-time log management and analytics services built for the cloud. These SIEM solutions securely collect log data while preventing unencrypted sensitive data from leaving your IT environment without consent from the security team. Logentries’ SIEM products include search and analysis tools, alerts to identify security threats and investigate malicious activity, and allows users to send files to an Amazon long-term cloud server.
LogPoint’s full enterprise SIEM solution extracts security events and incidents from logs existing in IT infrastructures and environments of any size. Filtered and correlated real-time results are displayed in dashboards that can be configured based on the specific roles and responsibilities of each user. LogPoint also creates real-time, actionable insights from raw machine data to help increase operational efficiency and streamline compliance for regulatory mandates.
LogRhythm combines SIEM, Security Analytics (including UEBA), Log Management, and Network and Endpoint Monitoring with Machine Analytics and Host and Network Forensics in a unified Security Intelligence Platform. It combines SIEM capabilities with endpoint monitoring, forensics, and management abilities to ease enterprise-level deployments and maintenance. In early 2020, won SC Award’s “Best SIEM Solution” for the second year in a row.
Logsign offers a security-driven logging and log management solution that can integrate with hundreds of vendors and enforce a customizable, correlation-based rule library. As a vendor-agnostic company, it supplies vast support to new and custom logging formats alike. Logsign can scale from a single server installation to tens of servers both vertically and horizontally in an almost linear fashion. It also emphasizes threat hunting.
ManageEngine’s Log360 features the ManageEngine EventLog Analyzer: a web-based, agentless syslog and windows event log management solution for security information management that collects, analyses, archives, and reports on event logs from distributed Windows host and syslogs from myriad data sources including UNIX hosts, Routers & Switches. In 2019, it announced that its solution can now launch automated response measures.
In 2020, McAfee acquired NanoSec Co, Uplevel Security, and Light Point Security. Its Enterprise Security Manager (ESM) consolidates, correlates, assesses, and prioritizes security events for both third-party and Intel Security solutions. McAfee also provides integrated tools for configuration and change management, case management, and centralized management of policy to improve workflow and efficiency.
Micro Focus offers two SIEM solutions: Micro Focus ArcSight and Micro Focus Sentinel. ArcSight serves as its primary SIEM platform; ArcSight’s portfolio includes Enterprise Security Manager (ESM) software for large-scale, SEM-focused deployments. Micro Focus also offers ArcSight Express, which is an appliance-based solution for the SIEM midmarket with pre-configured monitoring and reporting.
Rapid7 offers its InsightIDR platform—a cloud SIEM solution for modern threat detection and response. Through InsightIDR, Rapid7 seeks to unify your security data with cloud-based log and event management. Rapid7 aims to assist with enterprise compliance, detect the behavior behind breaches, and monitor lateral movement. In 2020, Rapid7 acquired DivvyCloud for $145 million.
RSA’s NetWitness suite provides visibility from logs, full network packet, NetFlow, and endpoint data capture. The NetWitness Logs facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Organizations can simplify compliance by using regulation specific, out-of-the-box reports, alerts, and correlation rules. In 2020, Symphony Technology Group acquired RSA.
Securonix offers the Snypr Security Analytics solution as its SIEM platform. Its capabilities include a library of threat signatures, UEBA functionality, and event and data collection. Securonix supports advanced threat hunting and incident investigation capabilities. Other functions include configuration, indexing via Search Service, data parsing and normalization via enrichment services, and correlation services.
SolarWinds MSP provides security software and SIEM capabilities for MSPs, MSSPs, MDRs, and IT Pros. Its solution, Threat Monitor, works to reduce complexity in threat detection, response, and reporting for MSSP clients. Further, the SolarWinds Threat Monitor solution offers threat intelligence and log correlation while working to reduce noise with centralized security monitoring.
Splunk provides pre-packaged dashboards, reports, incident response workflows, analytics, and correlations to identify, investigate, and respond to internal and external threats. Its security intelligence platform provides event and data collection with visualization options and use-case agnostic data analysis capabilities for IT operations. In 2019 it also released the Splunk Mission Control, which aims to modernize and unify enterprise security operations centers.
Sumo Logic’s core focus is log aggregation. It also enables enterprises to build analytical power that transforms daily operations into intelligent business decisions. Sumo Logic’s purpose-built Cloud-native service scales to over 4 petabytes of data and delivers data-driven insight. In 2019, it acquired JASK Labs, Inc. to bolster its SIEM and Security Operations Center capabilities.
Tenable offers SIEM which leverages the log management capabilities of its Log Correlation Engine (LCE) to collect all logs, software activity, user events, and network traffic across the entire IT environment. Event context and threat-list intelligence about any system are provided by Tenable Nessus. In 2019, it received recognition as a Gartner Peer Insights Customers’ Choice of Vulnerability Assessment.
Trustwave’s Managed SIEM services provide threat intelligence, efficiency, and automation to organizations of all sizes. Trustwave works with point-of-sale (POS) vendors to develop specific logging support for in-store payment solutions. Its appliances offer capabilities for additional correlation, reporting, and ad-hoc analysis, both locally on the appliance and via services provided through its Security Operations Centers.
To learn more about the 2020 Vendors to Know: SIEM, check out Solutions Review’s other resources, including our Buyer’s Guide. We cover the top providers and their key capabilities in detail.
Latest posts by Ben Canner (see all)
- Quick Hits: Preventing Insider Threats in Your Business - August 6, 2020
- Is There an Optimal SIEM Approach for Your Business? - August 4, 2020
- Top Online Cybersecurity Certification Courses for Professionals - July 29, 2020