IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
You can read user reviews for the top five security information and event management (SIEM) tools here, to help you decide which solution is best for you.
In the review excerpts below, our users have ranked their SIEM solutions according to their valuable features, and share where they see room for improvement.
#1 HPE ArcSight
HPE ArcSight is ranked as the number one SIEM solution of Q1 2017 by our users -- but what do they really think about the solution?
A Product Specialist for Security Solutions at a tech services company with 501-1,000 employees writes:
“One of the most valuable features is the Active List/Session List capability.
Multiple use cases were only possible to be created due to this feature list. The feature list allows us to input data dynamically to list it as a rule action.
For example: If you need to take a Source IP from an IPS event and put it in an ActiveList suspicious IP, you can create another rule for AntiVirus events where it only matches IPs within that list.”
“The overall complexity of the product can be overwhelming for some”, shares Alexander Kuzmin, Security Expert at a tech services company with 501-1,000 employees.
Kuzmin describes that HPE ArcSight isn’t “the type of solution where you just plug it in and it works. Reaping full benefit from it requires quite a lot of custom tuning, qualified IT security personnel, and proper and thorough planning.
Technical support from the vendor can sometimes be quite slow and not very helpful, but it is getting better.”
IT Central Station users rank LogRhythm as the number two security information and event management solution of Q1 2017.
A Director of Information Technology at a university with 1,000-5,000 employees writes that LogRhythm “allows me, through the reporting functions, to take a quick scan of what's happened in the prior 24 hours.
Also, it's essential for our compliance. We're audited frequently and this is the piece that's essentially mandated by the State.”
Ryan Cossette, Information Security Analyst at a financial services firm with 1,000-5,000 employees finds:
“The reporting aspect is difficult to use and very difficult to get your own reports. So far this is it; they have a web UI and we had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.”
#3 IBM Security QRadar SIEM
IBM Security QRadar SIEM is ranked as the number three security information and event management solution by our users during Q1 2017.
A Vulnerability Manager at a tech services company with 51-200 employees writes:
“The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.”
This user elaborates further, explaining:
“Normally, an offense comes in and an offense is something negative, to put it plainly, that impacted your environment. Once it comes through, you can then see from the QRadar log sources, who or what triggered the offense. For example, if an IP is browsing somewhere where it shouldn't be browsing.”
Miguel Angel Beltran Vargas, Director SOC at a tech services company, writes:
I had to make a script but it is a manual process. It would be great to have it automated.”
IT Central Station users rank AlienVault as the number four SIEM solution of Q1 2017.
Aaron Bailio, Security Architecture and Operations Lead at a university with 1,000-5,000 finds that “The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support.”
“With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack”, writes Lee Thomas Hagen, SOC Lead/Sr. SOC Analyst at a tech services company with 501-1,000 employees.
#5 Fortinet FortiSIEM (AccelOps)
Fortinet FortiSIEM (AccelOps) is ranked as the number five SIEM solution by our users during Q1 2017.
Randy Olds, Infrastructure Operations Manager at a Software R&D company with 501-1,000 employees shares:
“I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight.
There are things like dashboards and reports (preconfigured and custom) that let me know that things are operating the way they should be, and when they are not.
Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.”
“The dashboards need to be improved”, writes Michael Dierickx, Information Security Officer at an aerospace/defense firm with 1,000-5,000 employees.
Dierickx explains that “It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much. I need to be able to understand what my situational awareness is by looking at a simple graph.”
Read more user reviews for the top SIEM solutions of 2017 here.