Security information and event management (SIEM) recommendation


Can someone recommend a good Security information and event management (SIEM) tool?

R2012Systems Administrator\Procurement SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Naveen SharmaCommented:
btanExec ConsultantCommented:
Will be good that you define your use case as most SIEMS would already fit the bit otherwise they will not be in that domain.
- Available in a variety of forms, including cloud-based, hardware appliances, virtual appliances and traditional server software. Each form has similar capabilities, so the forms differ primarily in terms of cost and performance
- Criteria to assess may have a baseline such as (but not limited to these)
  1. The native support provided for the possible log sources;
  2. Supplementation of existing source logging capabilities;
  3. The use of threat intelligence;
  4. The availability of forensic capabilities;
  5. Features to assist in performing data examination and analysis;
  6. The quality of automated response capabilities, if offered; and
  7. The security compliance initiatives that have built-in reporting support.
Some worthy candidate - AlienVault Open Source SIEM (OSSIM), Hewlett Packard Enterprise (HPE) ArcSight Enterprise Security Manager (ESM), IBM Security QRadar SIEM, LogRhythm Security Intelligence Platform, RSA Security Analytics, SolarWinds Log & Event Manager and Splunk Enterprise Security (ES).

Specific areas that I see important
- offer built-in support for acquiring logs from commonly used log sources
-  leveraging threat intelligence to improve the accuracy
(QRadar provides relative scores for each threat with threat category)
- automate as much of the log collection, analysis and reporting work as possible, and response
(McAfee ESM supports reporting in term of compliance to FISMA, HIPPA, ISO/IEC 27001/27002, PCI DSS and SOX)
(HP ArcSight ESM (through the HP ArcSight Threat Response Manager add-on)
- support human examination and analysis of log data with search capabilities and data visualization capabilities
(Splunk Enterprise offers the Splunk Search Processing Language to write complex searches).
(LogRhythm Security Intelligence Platform, also offer visualization of network flows).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LogRhythm, McAfee Enterprise Security Manager, and AlienVault are a few to look at.. Sumo Logic is a cloud product that might be worth a look. However, you need to figure out your requirements, and let those determine potential products to use. For example, in my current project to identify SIEM products to look at, I went with a mixture of recommendations and research from Gartner to build a pool of products, but let requirements weed out some of them. Another big thing is whether you want to have it in house or in the cloud. For example, LogRhythm at this moment doesn't have a cloud offering, but will around the end of the year. Until then, you'd have to find a partner who could assist you in this sense. If you're looking for a true SIEM product (or at least an easy to use one), you're going to most likely end not wanting Splunk. All in what you're looking for.
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

R2012Systems Administrator\Procurement SpecialistAuthor Commented:
Thanks for the feedback. I will review these options.
Utkarsh Bhargavaco founder & CEO at Securign Commented:
Securign SIEM will be better option they don't have any GB/Day limit and comes with built in features like Automate Log Analysis  Vulnerability Assessment  Intrusion Detection  Malware & Anomaly Detection File Integrity Monitoring and Compliance & Policy Monitoring

All these features of Securign will help your compliant with regulatory compliance's such as GDPR, PCI DSS, HIPAA, GLBA etc.  Their pricing start with as low as $50/month.

Have a look at their website
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.