Top 5 SIEM Solutions Q1 2017

IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.

You can read user reviews for the top five security information and event management (SIEM) tools here, to help you decide which solution is best for you.

In the review excerpts below, our users have ranked their SIEM solutions according to their valuable features, and share where they see room for improvement.

#1 HPE ArcSight

HPE ArcSight is ranked as the number one SIEM solution of Q1 2017 by our users -- but what do they really think about the solution?

A Product Specialist for Security Solutions at a tech services company with 501-1,000 employees writes:

“One of the most valuable features is the Active List/Session List capability.

Multiple use cases were only possible to be created due to this feature list. The feature list allows us to input data dynamically to list it as a rule action.

For example: If you need to take a Source IP from an IPS event and put it in an ActiveList suspicious IP, you can create another rule for AntiVirus events where it only matches IPs within that list.”

“The overall complexity of the product can be overwhelming for some”, shares Alexander Kuzmin, Security Expert at a tech services company with 501-1,000 employees.  

Kuzmin describes that HPE ArcSight isn’t “the type of solution where you just plug it in and it works. Reaping full benefit from it requires quite a lot of custom tuning, qualified IT security personnel, and proper and thorough planning.

Technical support from the vendor can sometimes be quite slow and not very helpful, but it is getting better.”

#2 LogRhythm

IT Central Station users rank LogRhythm as the number two security information and event management solution of Q1 2017.

A Director of Information Technology at a university with 1,000-5,000 employees writes that LogRhythm “allows me, through the reporting functions, to take a quick scan of what's happened in the prior 24 hours.

Also, it's essential for our compliance. We're audited frequently and this is the piece that's essentially mandated by the State.”

Ryan Cossette, Information Security Analyst at a financial services firm with 1,000-5,000 employees finds:

“The reporting aspect is difficult to use and very difficult to get your own reports. So far this is it; they have a web UI and we had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.”

#3 IBM Security QRadar SIEM

IBM Security QRadar SIEM is ranked as the number three security information and event management solution by our users during Q1 2017.

A Vulnerability Manager at a tech services company with 51-200 employees writes:

“The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.”

This user elaborates further, explaining:

“Normally, an offense comes in and an offense is something negative, to put it plainly, that impacted your environment. Once it comes through, you can then see from the QRadar log sources, who or what triggered the offense. For example, if an IP is browsing somewhere where it shouldn't be browsing.”

Miguel Angel Beltran Vargas, Director SOC at a tech services company, writes:

“From my point of view, they should improve the backup procedures. QRadar does not allow sending backups by FTP or SFTP, limiting the tool.

I had to make a script but it is a manual process. It would be great to have it automated.”

#4 AlienVault

IT Central Station users rank AlienVault as the number four SIEM solution of Q1 2017.

Aaron Bailio, Security Architecture and Operations Lead at a university with 1,000-5,000 finds that “The NIDS/HIDS features have probably been the best features for us in our environment.  We've had some open-source options and, while they work, it isn't the same as having commercial support.”

“With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack”, writes Lee Thomas Hagen, SOC Lead/Sr. SOC Analyst at a tech services company with 501-1,000 employees.

#5 Fortinet FortiSIEM (AccelOps)

Fortinet FortiSIEM (AccelOps) is ranked as the number five SIEM solution by our users during Q1 2017.

Randy Olds, Infrastructure Operations Manager at a Software R&D company with 501-1,000 employees shares:

“I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight.

There are things like dashboards and reports (preconfigured and custom) that let me know that things are operating the way they should be, and when they are not.  

Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.”

The dashboards need to be improved”, writes Michael Dierickx, Information Security Officer at an aerospace/defense firm with 1,000-5,000 employees.

Dierickx explains that “It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph.”

Read more user reviews for the top SIEM solutions of 2017 here.

author avatarctsanders
Top 20Reseller

Anders brings up a valid point, however, splunk, based on the definition of what a SIEM device is and what they consider it to be, they consider it to be a much larger solution than a SIEM tool (Big-data using even correlation and data/pattern matching).

This comes from "" - Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small). I think the optimal word is "can".

Even from their own definition, it can be used but that is not its only purpose, the devices mentioned above are used primarily for that purpose (SIEM), to correlate and analyze events that are security centric, Splunk does more than that. So I think why this may have been left out.

Anyway, one other solution that I was curious about is "Sourcefire". I am not sure why that was not mentioned (Intel Security, RSA, NetIQ, Solarwinds, EventTracker are notable mentions).

Also, Gardner recognized Q1 Radar as the best solution. In addition,, they considered IBM Q1 Radar the best as well, but this is good for comparative purposes (I am not a Q1 Radar IBM reseller, just identifying what I found).

A great site to review stats would be - This site gives users the ability to review stats by sizing the solution to their organization needs.

But anyway, have a great day.


author avatarSenior Sales Executive at a tech services company with 201-500 employees

While I accept that products may be ranked according to different criteria and consequently the ranking my differ, it is hard to accept that some manufacturers who are considered Leaders in Gartner's Magic Quadrant are not even listed.

author avatarUser at a tech vendor with 51-200 employees

Logsign with well-designed architecture and key features improves your security and business continuity. It processes the operational security of all systems collectively resulting in higher productivity and a decreased workload.