SIEM platforms are essential to the new cybersecurity paradigm favoring threat detection and removing over threat prevention. SIEM offers threat intelligence capabilities, log management, log analysis, data standardization, and correlation to find digital threats and security events hiding in the gigabytes of data an enterprise network can generate every month.
Further, SIEM platforms can also help enterprises with their governmental and regulatory compliance mandates by collecting relevant security event data and compiling them into relevant reports. In the EU’s GDPR era, both the compliance and the threat detection capabilities of SIEM will prove equally vital in the next five years. In an attempt to assist you with what can become a daunting task of selecting the right product, these are the best 25 security analytics and SIEM platforms for 2018.
Alert Logic partners with cloud platforms and hosting providers, protecting over 3,000 organizations with a solution directly built for the cloud. They’ve recently announced a Cloud Security as a Service option. Alert Logic has received praise for their expertise in cloud migration and with SMBs in particular.
AlienVault focuses on reducing complexity and deployment so end-users can go from installation to first insight in about an hour. As regards SIEM platforms, AlienVault’s focus on ease-of-use and speed-to-deployment makes it a good fit for enterprises with a smaller staff and limited security programs at a lower cost. AlienVault was named to Solutions Review’s Top 6 SIEM Vendors to Watch and to the Gartner Magic Quadrant for SIEM Platforms this year. AlienVault was recently acquired by AT&T.
Assuria’s Cyber Sight Solution offers massively scalable and flexible big data analytics functionality and statistics. Assuria caters to enterprises of all sizes and works with enterprises in both the private and public sectors. They also provide reliable and simple security and compliance monitoring in their AWS cloud operations. Their managed security services will be of interest to smaller teams needing an extra hand to handle threat detection.
BAE Systems’ customer portfolio includes small to medium-sized businesses as well as Fortune 500 enterprises, but their background as a defense contractor makes their SIEM platforms particularly well-suited to government and national security organizations. BAE Systems now offers specialized solutions in network security monitoring, threat analytics, threat intelligence, and threat detection. Many of BAE Systems’ products can be delivered as a managed service.
BlackStratus’ SIEM Platforms is built on a multi-tiered, distributed architecture to diminish the chance of missing a threatening event, saving enterprises downtime and information loss. BlackStratus has been expanding its features and its integration capabilities and aims to fit businesses of all sizes. It is a good fit for service providers requiring a customizable SIEM platform, and for service-centric end-user organizations looking for well-formed multi-tenancy support. BlackStratus made the Gartner Magic Quadrant this year.
CorreLog is a web-based message aggregation and correlation system designed to acquire high-speed, real-time information in the form of event logs, syslog messages, and SNMP traps. CorreLog is a good option for smaller to mid-sized businesses; its solution is also scalable for the business on the rise. Compared to other SIEM platforms, Correlog is slightly different than others due to its infrastructure.
Having rebranded themselves and moved into the SIEM market only recently, Cygilant reduces cyber risk and enables enterprises to implement strategies to combat risk by combining security programs with insurance coverage. Cygilant is a good option for small and mid-sized enterprises who need to protect themselves against cyber-attacks but lack the resources or on-staff expertise to do so independently. Their solutions help manage IT infrastructure costs while improving IT security, deliberately designing their solutions to help lean IT staffs with limited budgets.
Exabeam offers their SIEM solution as a collection of components, all of which can be run on dedicated servers or installed as software or virtual appliances. Exabeam was named to Gartner’s 2017 SIEM Magic Quadrant which praised their licensing approach—and their customization options due to their deployment. It is also well equipped for integration-based platforms.
Fortinet’s platform—FortiSIEM—detects network services and profile network traffic from network flow and firewall logs. They also offer Managed SIEM as a service to end-users. Their solution is a well-suited for enterprises and Managed Services Providers that need a combination of security monitoring and APM with integrated CMDB capabilities—telecommunications, education, and government especially. It is also a good fit for IT teams with combined operations and security functions.
IBM Security’s QRadar Platform offers log and risk management that can be deployed as an appliance, as a virtual appliance, or as a SaaS infrastructure as a service (IaaS). They also deliver a hybrid option, with on-premises QRadar deployment combined with a SaaS solution hosted on their IBM Cloud. This includes optional remote monitoring from their managed security service operations centers. IBM Security also offers UEBA functionality supported by ML-based analytics. They were named to the Gartner Magic Quadrant for SIEM Platforms.
Logentries offers a real-time log management and analytics service built for the cloud. Logentries provides an alternative design for managing huge amounts of data, visualizing insights that matter, and automating in-depth analytics and reporting across its global user community. Logentries also offers a low-cost option that still provides a complete set of logging, auditing, and mentoring capabilities.
LogPoint offers SIEM platforms to smaller companies with limited budgets and operational capabilities, as well as large, complex multinational enterprises. While they mostly operate in Europe, they also have partnerships across the globe and continue to grow. They have a reputation for easy deployment and solid support. LogPoint gives IT teams insight into all incidents across the digital infrastructure.
LogRhythm combines SIEM capabilities with endpoint monitoring, forensics, and management abilities to ease deployment. Their other solutions can serve as optional add-ons for network and host monitoring and FIM functioning. LogRhythm primarily caters to companies that desire an end-to-end workflow that sorts through information noise and quickly discovers, investigates, and responds to cyber threats via SIEM, security analytics and network/endpoint monitoring solutions.
Logsign offers a security-driven logging solution that can integrate with hundreds of vendors and enforce a customizable, correlation-based rule library. As a vendor agnostic company, they supply vast support to new/custom logging formats. Logsign installations can scale from a single server installation to tens of servers both vertically and horizontally in an almost linear fashion. The company’s SIEM platform offers scalable and easy-to-use security intelligence, log management, and compliance reporting for companies of all sizes.
A division of Zoho, ManageEngine simplifies IT management with an affordable software that offers the ease of use smaller enterprises need and the powerful features the largest enterprises demand. It employs correlation-based analytics management and easy user interface for reports. ManageEngine uses a pay-as-you-go pricing model coupled with the ability to scale services up or down as needed. Enterprises interested in cloud migration will note recent public cloud services partnerships by ManageEngine.
Now an independent entity once again, McAfee provides integrated tools for configuration and change management, case management, and centralized management of policy to improve workflow and efficiency. It also includes parsed event and database reporting capabilities. The McAfee Enterprise Security Manager is a good option for enterprises looking for an integrated security framework that includes advanced threat defense or monitoring of industrial control systems.
Micro Focus’ platform ESM Express is available as a single, all in one system implementation. It provides advanced security analytics to identify threats, manage risk, and also includes Real-Time Threat Detection, Simplified Compliance, risk management, insider threat detection, application monitoring, and the ability to identify APTs. Micro Focus was recently acquired by HPE and was included in the Gartner Magic Quadrant for SIEM Platforms.
NetIQ is a subsidiary of Micro Focus. NetIQ provides visibility and control over user activities, security events, and critical systems to help quickly address evolving threats. It also possesses log manager, search, and reporting capabilities which can be upgraded to enterprise levels for easy scaling. NetIQ ’s strengths will adequately assist those organizations that have deployed the NetIQ IAM infrastructure and need network monitoring.
RSA can simplify compliance by using regulation specific, out-of-the-box reports, alerts, and correlations rules. Reports can be scheduled to be delivered at a specific time or run on an ad-hoc basis. Alerts can be delivered through the intuitive user interface, via SMS or email, and auditors can even be granted read-only access to their enVision platform so that they can access the reports whenever they need them. RSA is best-suited for security-conscious companies that need log-based and network-level monitoring for threat detection and investigation, and have an IR team.
Securonix offers configuration, indexing via Search Service, data parsing and normalization via enrichment services, and correlation services. Securonix supports advanced threat hunting and incident investigation capabilities. They were named to the Gartner Magic Quadrant for SIEM Platforms, receiving praise for its UEBA capabilities and straightforward licensing model.
SolarWinds’ LEM (Log & Event Manager) deploys with ease. This relieves them of the complexity and cost of other solutions. SolarWinds allows companies to monitor network performance, optimize applications and systems, accelerate database performance, and enhance security and compliance. Their other products allow for network traffic, applications, and virtualized platform monitoring. They were named a Top 6 Vendor to Watch by Solutions Review.
Splunk’s security intelligence platform provides event and data collection with visualization options and use-case agnostic data analysis capabilities for IT operations. Splunk also provides out-of-the-box support for the most common security data sources including network security, endpoint solutions, malware and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment.
Sumo Logic’s greatest asset is its log aggregation capabilities, especially concerning big data and machine data logging. They offer flexible pricing for their solution that can match business cycles, which works well for small to medium-sized organizations. It’s price points are competitive for the market, and its offerings are entirely cloud-based and maintenance-free, which can be a boon for smaller companies. They have a special focus on log aggregation.
Tenable leverages the log management capabilities; event context and threat-list intelligence about any system is provided by Tenable’s Nessus vulnerability and configuration scans and real-time monitoring with the Tenable Passive Vulnerability Scanner (PVS). Deployment is reportedly easy and fast, as is the interface so long as the user has some technical knowledge.
Trustwave provides threat intelligence, efficiency, and automation to organizations. Trustwave works with point-of-sale (POS) vendors to develop specific logging support for in-store payment solutions. Their appliances offer capabilities for additional correlation, reporting, and ad-hoc analysis, both locally on the appliance and via