Enterprise Tech Central
test data management reviews

Security Information and Event Management (SIEM) Reviews: Roundup from Our Users

On IT Central Station, the SIEM category boasts 30 solutions and is followed by over 6,359 users in our enterprise tech community.

What do users emphasize in their SIEM reviews? Where do users see room for improvement? Continue reading to read their answers and expert feedback.

HPE ArcSight

Improvements to My Organization

LaszloKereszturi

This product gave us a clear picture of the network traffic, including the useless parts. It also allowed us to detect a large range of threats, starting from the malware infected workstations to misconfigured devices.”

Ananth Kumar B Sridhara

HPE ArcSight has helped us gain visibility of the solutions across the organization. We have been constantly identifying anomalous activities both internally as well as externally. These include malware proliferation, data loss, proxy bypass attempts, phishing and spear-phishing, port scans, etc.”

Room for Improvement

ProductS9907

“The main area is the GUI interface. Although a lot of improvements were made on the GUI in the last version (6.9.1), there are still a lot of configurations that need to be done using the console.

The console is not a bad tool to use. I personally like to use it. However, compared to competitive solutions (Splunk, QRadar), it appears to be a weakness.”

Alexander Kuzmin

“The overall complexity of the product can be overwhelming for some. It’s not the type of solution where you just plug it in and it works. Reaping full benefit from it requires quite a lot of custom tuning, qualified IT security personnel, and proper and thorough planning.

Technical support from the vendor can sometimes be quite slow and not very helpful, but it is getting better. The GUI is outdated. Improvements on this are on the way, according to the vendor.”

LogRhythm

Valuable Features

ITDirector685

“It creates a good feedback loop whereby I’m able to scan through and see what off-limits activities users have been doing. I think it improves the organization by letting them know that everything that they’re doing is not invisible. It’s a demonstration to them that they need to do what they say they’re going to do and follow the policies that are in place here.”

Room for Improvement

Ryan Cossette:

“The reporting aspect is difficult to use and very difficult to get your own reports. So far this is it; they have a web UI and we had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.”

AlienVault

Improvements to My Organization

Aaron Baillio

“We’ve been able to professionally generate alerts for IDS, SIEM, and vulnerabilities where we didn’t have those capabilities before.”

Room for Improvement

Jacques Taljaard:

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events. So I see room for improvement in the following –

  • Easy of deployment and configuration
  • Easier way of testing if features are working as designed, e.g. Packet analysis
  • Troubleshooting features that are not working as designed”
Fortinet FortiSIEM

Improvements to My Organization

Randy Olds:

“In large-sized, medium-sized, and small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root causes.  The most value I’ve found in it, quicker time-to-resolution.”

Room for Improvement

Steve Mann:

It lacks a “wizard” that shows a particular user’s activity or particular circumstance. I think the interface is intimidating because there’s so much information there. I’d like to see a better dashboard that pretty. I want to be able to see incidences or stats, depending on what I’m looking for to determine whether we’re healthy, what’s our security posture, SOX-incident problems. So streamlining all that information on the initial interface would be great.”

Read our all of new SIEM reviews, written by real users.

Julia Frohwein

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us

Find out more about IT Central Station

Connect with Us