Solutions Review’s annual Vendors to Know in SIEM platforms provides the details on some of the most critical solution providers in the space.
The editors at Solutions Review continually research the most prominent and influential SIEM vendors to assist buyers in searching for the tools befitting their organization’s needs. Choosing the right vendor and solution can be complicated; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the vendors to know in SIEM platforms in 2021.
Note: Companies are listed in alphabetical order.
Vendors to Know in SIEM Platforms, 2021
AT&T Cybersecurity aims to help businesses of all sizes stay ahead of threats. The AlienVault® Unified Security Management® (USM) platform combines SIEM and log management capabilities with other essential security tools—including asset discovery, vulnerability assessment, and intrusion detection (NIDS and HIDS)—to provide centralized security monitoring of networks and endpoints across cloud and on-premises environments– from a single pane of glass. It has appeared in both relevant Forrester Wave, and Gartner reports, including the 2020 Magic Quadrant.
CYBERShark, powered by BlackStratus, is a SIEM technology and service-focused solution provider. It provides reliable and innovative security event correlation, compliance, and log management capabilities. CYBERShark offers a huge portfolio of solutions with offerings including LogStorm, SIEMStorm, and SOC-As-A-Service. CYBERShark is a cloud-based SIEM-as-a-service designed for digital transformations. CYBERShark is built on a multi-tiered, distributed architecture to diminish the chance of missing a threatening event, saving downtime and information loss.
Originally EiQ NetWorks’, Cygilant’s origins lie in the analysis of enterprise log files across web servers, file servers, firewalls, and other network devices. Having moved into the SIEM market only recently, Cygilant seeks to reduce cyber risk and enable enterprises to implement comprehensive strategies to combat cyber risk by combining security programs with insurance coverage. Cygilant offers its SOCVue solution—a security hybrid SaaS offering—and provides 24/7 security operations designed to singularly meet enterprises’ regulatory and industry compliance objectives.
Cysiv operates in the field of security operations center-as-a-service (SOCaaS)—an alternative to a traditional SIEM solution. It works with enterprises to reduce the risk of a damaging cyber-attack or data breach by providing 24/7 threat detection and response. Using Cysiv Command—a cloud-native, co-managed next-gen SIEM platform—its team of experts operates as a seamless extension to your IT security team to accelerate and improve the process of detecting, investigating, hunting for, and responding to actionable threats across the complete IT environment, including on-premises, multi-cloud and SaaS applications. Certainly, it belongs to the Vendors to Know in SIEM platforms, 2021.
empow is the developer of a SIEM system that detects cyber-attacks and automatically orchestrates adaptive investigation and mitigation actions in real-time, without the need for human-written rules. empow’s i-SIEM platform automatically understands the fundamental nature or intent of threats, finds the actual attacks hidden in the “noise,” and marshals the right security tools to respond when those attacks occur. empow’s unique technology allows for management by a very small team of even one security analyst.
Exabeam offers its Security Intelligence Platform as a collection of components that can be selected and deployed separately. Its Log Manager component handles the data management, including collection and storage, and can collect from both local endpoints and cloud-based applications. Its Advanced Analytics component is a stand-alone UEBA tool. Its threat hunting component, appropriately called Threat Hunter, is built on user-based timelines instead of the customary queries. Exabeam’s Cloud Connectors component offers pre-built API connectors for several disparate cloud services.
Fortinet offers its platform FortiSIEM. FortiSIEM provides SIEM, file integrity monitoring (FIM), configuration management database (CMDB), and availability and performance capabilities. Analytics-driven IT operations and cloud management are provided, helping companies manage and monitor network performance, security, and compliance requirements. FortiSIEM detects network services and profiles network traffic from sources such as network flows and firewall logs. It also offers Managed SIEM as a Service.
IBM Security’s QRadar Platform offers log and risk management that can be deployed as an appliance, a virtual appliance, or a SaaS Infrastructure as a Service (IaaS); this makes them well-suited to different IT environments. It also delivers a hybrid option, with on-premises QRadar deployment combined with a SaaS solution hosted on its IBM Cloud. This includes optional remote monitoring from its managed security service operations centers. IBM products provide a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics, and configuration/vulnerability management. It certainly belongs to the Vendors to Know in SIEM platforms for 2021.
Lacework automates security and compliance across AWS, Azure, GCP, and private clouds, providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance. Lacework works to bring automation, speed, and scale to cloud security by enabling enterprises to securely innovate in the cloud. Lacework is designed to self-adapt to the cloud’s ever-changing configuration and workloads.
Logentries offers real-time log management and analytics service built for the cloud. These SIEM solutions securely collect log data while preventing unencrypted sensitive data from leaving your IT environment without consent from the security team. Logentries’ SIEM products include search and analysis tools, alerts to identify security threats and investigate malicious activity, and allows users to send files to an Amazon long-term cloud server. Logentries provides an alternative design for managing huge amounts of enterprise data, visualizing insights into security matters.
LogPoint’s full enterprise SIEM solution extracts security events and incidents from logs existing in IT infrastructures and environments of any size. Filtered and correlated real-time results are displayed in dashboards that can be configured based on each user’s specific roles and responsibilities. LogPoint also creates real-time, actionable insights from raw machine data to help increase operational efficiency and streamline compliance for regulatory mandates; this strengthens enterprises’ overall security posture. LogPoint gives IT teams insight into all incidents across the digital infrastructure.
LogRhythm combines SIEM, Security Analytics (including UEBA), Log Management, and Network and Endpoint Monitoring with Machine Analytics and Host and Network Forensics in a unified Security Intelligence Platform. Its SIEM solution consists of several unified components: the Event Manager, Log Manager, Advanced Intelligence Engine (AI Engine), and Console. LogRhythm combines SIEM capabilities with endpoint monitoring, forensics, and management abilities to ease enterprise-level deployments and maintenance. Its other solutions can serve as optional add-ons for network and host monitoring or FIM functioning.
Logsign Next-Gen SIEM provides comprehensive visibility and control of data lakes. It allows security analysts to collect, store, and backup unlimited data, and investigate and detect threats and anomalies in real-time. Focusing on comprehensive and security analytics-oriented visibility, Logsign supports many log collection methods such as SYSLOG, SMB, WMI, FTP, SFTP, LEA, SQL, ORACLE, and Flow. Logsign classifies and normalizes data and enriches with embedded threat intelligence services in real-time. It can correlate data, detect threats in real-time, and lower the number of false positives according to Mitre Att&ck framework.
A division of Zoho, ManageEngine’s Log360 solution simplifies IT management with an affordable software solution that offers the ease-of-use smaller enterprises need and the powerful features the largest enterprises demand. Log360 features the ManageEngine EventLog Analyzer: a web-based, agentless syslog and windows event log management solution for security information management that collects, analyses, archives, and reports on event logs from distributed Windows host and syslogs from myriad data sources, including UNIX hosts, Routers & Switches. It employs correlation-based analytics management and an easy user interface for reports.
McAfee serves as a key player in SIEM and threat intelligence research. Its Enterprise Security Manager (ESM) consolidates, correlates, assesses, and prioritizes security events for both third-party and Intel Security solutions. McAfee also provides integrated tools for configuration and change management, case management, and centralized management of policy to improve workflow and efficiency. McAfee’s Advanced Correlation Engine is designed for dedicated correlation and risk and behavior-based correlation. It also includes parsed event, database, and reporting capabilities. McAfee has received significant recognition from both Gartner, and the Forrester Wave in previous yearly SIEM reports.
After acquiring HPE a few years ago, Micro Focus now offers two SIEM solutions: Micro Focus ArcSight and Micro Focus Sentinel. The latter incorporates NetIQ brand technologies, but it is ArcSight that serves as its primary SIEM platform; ArcSight’s portfolio includes Enterprise Security Manager (ESM) software for large-scale, SEM-focused deployments. Micro Focus also offers ArcSight Express, which is an appliance-based solution for the SIEM midmarket with preconfigured monitoring and reporting. ESM Express is available as a single, all-in-one system implementation.
Rapid7 offers its InsightIDR platform—a cloud SIEM solution for modern threat detection and response. Through InsightIDR, Rapid7 seeks to unify your security data with cloud-based log and event management. Rapid7 aims to assist with enterprise compliance, detect the behavior behind breaches, and monitor lateral movement. Specifically, Rapid7 monitors for lateral movement involving stolen credentials by traffic manipulation and hash extraction, and it facilitates the searching and visualizing of your security data. It was also named in the Gartner Market Guide for Managed Detection and Response and the Market Guide for SOAR.
RSA’s NetWitness suite provides visibility from logs, full network packet, NetFlow, and endpoint data capture. The NetWitness Logs facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Alerts can be delivered through the intuitive user interface, via SMS or email, and auditors can even be granted read-only access to the enVision platform so that they can access the reports whenever they need them. In 2020, Symphony Technology Group acquired RSA for $2,075,000,000.
Securonix offers the Snypr Security Analytics solution as its SIEM platform. Its capabilities include a library of threat signatures, UEBA functionality, and event and data collection. Other functions include configuration, indexing via Search Service, data parsing and normalization via enrichment services, and correlation services. Securonix supports advanced threat hunting and incident investigation capabilities. Snypr can be deployed in Hadoop-only environments and via on-premise deployment or hosted-as-a-service.
Splunk provides pre-packaged dashboards, reports, incident response workflows, analytics, and correlations to identify, investigate, and respond to internal and external threats. Its security intelligence platform provides event and data collection with visualization options and use-case agnostic data analysis capabilities for IT operations. Splunk also provides out-of-the-box support for the most common security data sources, including network security, endpoint solutions, malware, and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment.
Sumo Logic core focus as a solution provider is log aggregation. It also enables enterprises to build analytical power that transforms daily operations into intelligent business decisions. It offers customers cloud-to-cloud integrations to simplify setup and deliver business operational insights. Sumo Logic’s purpose-built Cloud-native service scales to over 4 petabytes of data and delivers data-driven insight. Above all, Sumo Logics’ greatest asset is its log aggregation capabilities, especially concerning big data security analytics and machine data logging. In 2019, it acquired JASK Labs, Inc. to bolster its SIEM and Security Operations Center capabilities.
Tenable offers SIEM, which leverages its Log Correlation Engine (LCE) log management capabilities to collect all logs, software activity, user events, and network traffic across the entire IT environment. Tenable analyzes data for correlated events and impact on security and compliance posture. Event context and threat-list intelligence about any system is provided by Tenable Nessus vulnerability and configuration scans and real-time monitoring with the Tenable Passive Vulnerability Scanner (PVS). Tenable is at the forefront of cyber risk research, and it has recently integrated with Amazon Web Services. In 2019, it integrated with Microsoft Azure and received recognition as a Gartner Peer Insights Customers’ Choice of Vulnerability Assessment.
Trustwave’s Managed SIEM services provide threat intelligence, efficiency, and automation to organizations of all sizes. Its service is ideal for consumer-facing businesses, as includes the Payment Card Industry Data Security Standard (PCI DSS)—a high standard and important compliance capability. Trustwave works with point-of-sale (POS) vendors to develop specific logging support for in-store payment solutions. Its appliances offer additional correlation, reporting, and ad-hoc analysis capabilities, both locally on the appliance and via services provided through its Security Operations Centers.
Those were our picks for the Vendors to Know in SIEM platforms, 2021. To gain more information on the Vendors to Know in SIEM platforms, 2021, check out the Buyer’s Guide.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021