In 2017, IT organizations aren’t just fighting hackers and malware—they’re also battling a torrent of data from their own networks.
Information is pouring in. A fortune 500 enterprise’s infrastructure can easily generate 10 terabytes of plain-text data per month. Logs, threat intelligence feeds, forensics, IAM– if improperly managed these systems can create such a deluge of data that many enterprises end up underwater while the pertinent security data floats by.
So how can enterprises effectively log, monitor, and correlate that data to obtain actionable insight? Enter the Security Information and Event Management (SIEM) solution.
SIEM solutions help enterprises managed the increasing volumes of logs coming from disparate sources and lessen the damage of sophisticated cyber-attacks by proactively monitoring networks for suspicious activity in real-time.
Traditionally, SIEM is deployed for two use cases: threat management: the real-time monitoring and reporting of activity and access, or Compliance reporting, which helps businesses meet stringent compliance requirements such as HIPAA, PCI DSS, SOX, and more.
However, as information security has evolved, so have SIEM capabilities. Today’s SIEM systems are quickly embracing new capabilities such as behavioral analytics, which can help enterprises detect potential threats and eliminate them before they turn into costly breaches.
Today, the SIEM market is mature and full of vendors capable of meeting the basic log management, compliance, and event monitoring requirements of a typical customer, but the aforementioned explosion of security data in the enterprise has left the door wide open for innovation from players both old and new. 2017 has the potential to be a year of big changes for SIEM and security analytics, so here are my top seven vendors to watch, presented in no particular order.
And don’t forget to check out our 2017 SIEM Buyer’s Guide for more in-depth analysis, vendor profiles, and more.
Splunk provides pre-packaged dashboards, reports, incident response workflows, analytics, and correlations to identify, investigate, and respond to internal and external threats. It employs a query language that supports visualization with more than 100 statistical commands. Splunk also provides out-of-the-box support for the most common security data sources including network security, endpoint solutions, malware and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment and adoption.
LogRhythm combines SIEM, Log Management, File Integrity Monitoring and Machine Analytics with Host and Network Forensics in a unified Security Intelligence Platform. Its SIEM solutions are mostly accommodating for midsize to large enterprises. Their SIEM consists of several unified components: the Event Manager, Log Manager, Advanced Intelligence Engine (AI Engine), and Console. It combines SIEM capabilities with endpoint monitoring, forensics, and management abilities to ease with deployment.
ManageEngine simplifies IT management with affordable software that offers the ease of use SMBs need and the powerful features the largest enterprises demand. ManageEngine EventLog Analyzer is a web-based, agent-less Syslog and Windows event log management solution for security information management that collects, analyzes, archives, and reports on event logs from distributed Windows hosts and Syslogs from UNIX hosts, routers, switches, and other Syslog devices.
AlienVault Unified Security Management (USM) is an all-in-one platform designed and priced to ensure that mid-market organizations can effectively defend themselves against today’s advanced threats. It significantly reduces complexity and deployment time so users can go from installation to first insight in about an hour. AlienVault prioritizes risk through correlation of reputation, threat severity, and asset vulnerability.
Sumo Logic enables enterprises to build analytical power that transforms daily operations into intelligent business decisions. They offer customers cloud-to-cloud integrations to simplify setup and deliver business operational insights.
Sumo Logic’s purpose-built Cloud-native service scales to over 4 Petabytes of data and delivers data-driven insight.
NetIQ Sentinel™ simplifies the deployment, management, and day-to-day use of SIEM. It adapts to dynamic enterprise environments and delivers the “actionable intelligence” security to help users understand their threat posture and prioritize responses. NetIQ integrates identity information with security monitoring to detect and respond to abnormal activity that signals a data breach or compliance gap. Their solutions provide visibility and control over user activities, security events, and critical systems to help quickly address evolving threats.
The RSA Security Analytics platform provides visibility from logs, full network packet, NetFlow, and endpoint data capture. The RSA Security Analytics solution facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Organizations can simplify compliance by using regulation-specific, out-of-the-box reports, alerts, and correlations rules. Reports can be scheduled to be delivered at a specific time or run on an ad-hoc basis. Alerts can be delivered through the intuitive user interface, via SMS, or email, and auditors can even be granted read-only access to the Security Analytics platform so that they can access the reports whenever they need them.
Latest posts by Jeff Edwards (see all)
- How to Stop Ransomware Attacks like WannaCry - May 22, 2017
- WannaCry Did Not Start with a Phishing Attack, Experts Say - May 22, 2017
- Watch: What You Need to Know About Big Data Security Analytics - May 19, 2017