Enterprise Tech Central
itcs-blog

Security Information and Event Management (SIEM) Reviews — Best of 2016

What do enterprise tech professionals recommend when choosing a Security Information and Event Management software?

The IT Central Station review community is made up of 190,462 enterprise tech professionals who provide expert reviews and feedback on enterprise solutions.

All product reviews, ratings, and software comparisons are written by real users, and validated by our triple authentication process.

Our community of 6,053 real users that follow Security Information and Event Management have given feedback based on their experiences with the solutions, and here are the top 5, as shown below:

siem reviews

Splunk

“Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally, engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once!” writes Applications Specialist Hristo Damyanov.   

For Integration Architect Enrico Mazzarella, another one of Splunk’s most valuable features is its “operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.”

Damyanov also emphasizes Splunk’s stronghold on “performance, scalability and most importantly the innovative way of collecting and presenting data.”

Room for Improvement

Enterprise Risk Consultant Vinod Shankar sees room for improvement in Splunk’s operational workflow, use case framework, and ticketing systems. Another bonus would be “to make it suitable for SOC environments”, writes Shankar.

siem solutions

LogRhythm

“The most valuable feature is the AI engine, as well as the usual SIEM product stuff. The ability to have all of our logs in one place is a big thing for me.” shares Information Security Analyst Ryan Cossette.

Cossette adds that LogRhythm has “brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device.”

Room for Improvement

“The reporting aspect is difficult to use and very difficult to get your own reports” continues Cossette.

“So far, this is it; they have a web UI and we had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.”

 

HPE ArcSight

HPE ArcSight “reduces the amount of time required to perform an investigation because of the correlation and aggregation of all the events. From what I’ve seen for our network, it’s the best at ingestion of events” writes Security Response Engineer Joseph Loveland.

“ArcSight saved time and effort responding to security incidents with one centralized console and helped to meet compliance requirements for log collection.” shares Amit Kumar Gupta, an Information Security Specialist.

Room for Improvement

“The technical support needs to be improved” argues Loveland.

Amit Kumar Gupta “would like to see improvement in the complexity involved to create a custom connector (flex). Other SIEM solutions, like QRadar, have addressed this.”

 

AlienVault

“AV USM is definitely a great addition to organizations who want cost effective, quick and easy SIEM solutions” shares AlienValut consultant Vinod Shankar.

Security Consultant Jacques Taljaard shares that his organization “runs this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could escalate.”

Room for Improvement

“My biggest challenge” continues Taljaard, “has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events.

So I see room for improvement in the following:

  • Ease of deployment and configuration
  • Easier way of testing if features are working as designed, e.g. Packet analysis
  • Troubleshooting features that are not working as designed.”
Fortinet FortiSIEM (AccelOps)

Director of IT Howard Griffith shares that “with the online-based monitoring we’ve set up, we’ve been able to watch trends of attempted attacks on our network. We’re also able to monitor our account issues internally as attackers attempt to log into our accounts. We fall under HIPAA so security is key.”

Room for Improvement

Griffith would like to see improvements in the product configuration, arguing that “You really have to have their help to configure the product. When hands are off and it’s in maintenance mode, it’s difficult to configure unless you’re totally engrossed in the product on a day-to-day basis.”

Have more questions or inquiries about Security Information and Event Management?
Check out the full Top Security Information and Event Management of 2016 with peer reviews.

Julia Frohwein

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us

Find out more about IT Central Station

Connect with Us