Security information and event management %28siem%29 report from it central station 2018 01 27 thumbnail
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM).
254,040 professionals have used our research since 2012.
Security information and event management %28siem%29 report from it central station 2018 01 27 thumbnail
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM).
254,040 professionals have used our research since 2012.
Chart Key
Average Rating
Average rating based on reviews
Views
Number of total page views
Comparisons
Number of times compared to another product
Reviews
Total number of reviews on IT Central Station
Followers
Number of followers on IT Central Station
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. For Views, Comparisons, Reviews, and Followers the score is calculated as follows: The product with the highest count in each area gets the highest available score of 17.5 points. Every other product gets assigned points based on its total in proportion to the #1 product in that area. For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's score for reviews would be 17.5% (weighting factor) * 80% = 14. For Average Rating, the maximum score is 30 points awarded linearly based on our rating scale of 1-10. If a product has fewer than ten reviews, the point contribution for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews; two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
Most Views
From IT Central Station visitors
Most Reviews
Within the last 24 months
Most Followed
By IT Central Station users
Most Compared
From IT Central Station visitors

What is Security Information and Event Management (SIEM)?

What is SIEM? A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems. SIEM tools centrally store and analyze log from different locations in order to spot patterns and trends that might signal an emerging security threat or attack. SIEM security combines a security information management (SIM) system with security event management (SEM) to form a single SIEM software solution. In this way, SIEM blends the best of event management tools with security event and incident management technologies.

There are multiple SIEM vendors competing in the market today. IT Central Station members offer a number of recommendations for those considering SIEM solutions.

One phrase that comes up repeatedly in IT Central Station dialogues about SIEM products is “real time.” According to reviewers, SIEM technology should possess real-time threat analysis and reporting capabilities. Solutions should offer real time security related logs and incident reporting. Reports need to specify possible risks and damage to infrastructure. A SIEM tool should ideally provide real time gathering of logs and Log Correlation. Notification event Triggering and the availability special Event Collectors with different environment is viewed as a most important criterion.

Some IT Central Station members stress the importance of SIEM being able to combine information from multiple sources. The solution has to be capable of intelligent queries on these combined sources. Put another way, SIEM must offer compatibility with diverse security data sources and be able to adapt to new or unknown sources. Then, the SIEM solution should perform multilevel correlation on those sources of data.

Efficient use is important. A SIEM tool must be easy to deploy, configure and use. SIEM can be more effective if it integrates with Identity and Access Management.  Alerting and workflow integration adds to administrative efficiency.

Specific features recommended include packet analysis, audit trail creation, threat intelligence and search. Users encourage potential buyers to have confidence in the power of a SIEM solution’s search performance and the performance of its threat intelligence engine.  The solution should be capable of parsing any log format.


Security Information and Event Management (SIEM) Reviews

Read reviews of Security Information and Event Management (SIEM) that are trending in the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
Logrhythm
LogRhythm
C910b3b4 0a86 4ebe 9de8 f61b4938f9d4 avatar
Real User
Senior Security Engineer at Augeo Marketing
Oct 26 2017

What is most valuable?

Provides visibility into the network. We got it for PCI compliance for the most part, and we also do SOC 1 and SOC 2 compliance, so we can show that we're secure to our clients. We have a lot of financial and other customers that care about... more»

How has it helped my organization?

It takes good log sources. We have investments in endpoint protection and Mail Gateway, and our firewalls are going to be catching up soon. To have all the logs centralized, we haven't had that before across the enterprise. We had it logging... more»

What needs improvement?

Our key challenge is working with disparate IT groups. We are a brand new security team within our organization. It's a pretty small company. They have grown their infrastructure by acquisitions, so they have a lot of separate naming... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Senior Security Analyst at a construction company
Nov 21 2017

What is most valuable?

The breadth and harvesting of information the SIEM is capable of doing. I've been in this probably going on 30 years, and I've seen the growth. I found a resource that's outstanding in finding information and then the most important thing,... more»

How has it helped my organization?

We're a financial service. As our title implies we deal in mortgages, which means we see a lot of personal information, credit reports, financial instruments. We're really concerned that we are able to monitor the movement of that kind of... more»

What needs improvement?

I really can't think of a particular one, I've been very satisfied with what's happening. I know they're going to get another spike in customer base, hopefully they'll have the ability to ramp up people in support along with the customer ramp... more»
Security information and event management %28siem%29 report from it central station 2018 01 27 thumbnail
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM).
254,040 professionals have used our research since 2012.
Logrhythm
LogRhythm
4e3ee78b 3d3b 41a6 87fc 9e97b51fefdc avatar
Real User
Security Analyst at Xanterra
Oct 25 2017

What is most valuable?

The PCI compliance pieces that help us produce reports for our external auditor, and their support. I constantly sing the praises of their support group. It's a complicated, vast product with a lot of breadth and depth. Things go wrong. But... more»

How has it helped my organization?

Absolutely. It has helped us gain visibility into events that we didn't have before at all. We have a lot of remote locations. We manage national parks and point-of-sale devices on ships, at the top of mountains and little cabins, gas... more»

What needs improvement?

Global management for registry integrity monitoring. Right now you have to apply what they call RIM policies, Registry Integrity Monitoring policies, one agent at a time. If you have thousands of endpoint agents, you have to touch each one of... more»
Av.logo.icon type
AlienVault
Vinod shankar li?1414336887
Consultant
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jul 06 2017

What is most valuable?

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows: * AV Sensor: AV Sensors perform Asset Discovery,... more»

How has it helped my organization?

A jack-of-all trades: The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial... more»

What needs improvement?

This product is jack-of-all trades, but master of none. As mentioned in the good, being a jack-of-all trades is well suited for certain organizations. However, the lack of mature functionality and expertise in any of those areas is a strong... more»
Logrhythm
LogRhythm
Aac16762 9b85 47e1 ad03 625e7008af6a avatar
Real User
Security Manager at a engineering company with 1,001-5,000 employees
Oct 26 2017

What is most valuable?

The ability for me to go into the Web UI, and just learn what's going on in my environment. Being able to go in and show our company's management, "Look, this is what we can see. This is what we can now know about our environment." Then,... more»

How has it helped my organization?

The benefits are almost innumerable. You can't know anything unless you are capturing the data. Once you are capturing the data, you can then make intelligent decisions around what is and is not appropriate, and what is and is not dangerous.... more»

What needs improvement?

My biggest challenge always come back to log sources. We are a manufacturing company, so we have a lot of old stuff, and it has been a challenge to get some of our old stuff to light up within LogRhythm in a way that makes sense. I have... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Computer Systems Security Technologist at a individual & family service with 1,001-5,000 employees
Oct 26 2017

What is most valuable?

It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast. Our operation is small. I am a one-man shop right now, so it gives me a chance to aggregate all my events... more»

How has it helped my organization?

We are primarily Windows-based. We have Linux. We have some Solaris. We are an isolated network. We have no connectivity to the internet, so we are more focused on insider threat and advanced persistent threat. One of the things that has... more»

What needs improvement?

The biggest thing is when you are looking at the client console:A lot of the data, the reports that you can generate, then you are given just a pie chart, a list of data, or both. I would really love to be able to take some of that and not... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Information Security Officer at a insurance company with 201-500 employees
Nov 20 2017

What is most valuable?

Any SIEM, in and of itself, should be easy to ingest data, it should also be easy for the analyst to assess the different types of events that are coming through, be able to sift through false positives, and ensure that they are only acting... more»

How has it helped my organization?

We did a bake-off with several others when we brought in LogRhythm, 10 months ago. And a lot of it was around a cost perspective. Also, its capability of easily ingesting event data from many different types of platforms. Some of the... more»

What needs improvement?

The biggest thing that we need - in one of the presentations today here at the LogRhythm User conference they were talking about it - is automating your SOC and trying to get your systems to do as much as they can do without human... more»
Logrhythm
LogRhythm
1795c975 9ede 4881 96d8 fdd1e0caac50 avatar
Real User
Data Sec Program Manager at a insurance company
Nov 20 2017

What is most valuable?

The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources. Every different log has a different time stamp, it has a different user, things are in different places. But with LogRhythm... more»

How has it helped my organization?

The benefits we see are manifold, compliance. We have to store logs. We're under SOX control, we're under now New York Department of Financial Services, cyber regulations, we are under EU GDPR, loads of regulations are coming out. To be able... more»

What needs improvement?

I'm not really sure I can pinpoint any particular area that I see LogRhythm needing improvement in. I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Senior Network Systems Engineer at a non-profit
Oct 25 2017

What is most valuable?

The ability to threat-hunt and, being a small staff of five people, we can actually not put a lot of time in administration, the care and feeding of it, and get useful analytics out of it.

How has it helped my organization?

We have two facilities, roughly 500 logs per second. Microsoft shop, Cisco stack on the networking side. We run two FortiGate firewalls, and a slew of different security products that we have not integrated into LogRhythm. We haven't seen the... more»

What needs improvement?

I can't think of any features they should add because we haven't used everything they've already released. They have Office 365 logs integration. They've got this new phishing engine that we haven't used. They've got dashboards we haven't... more»
Vinod shankar li?1414336887
Consultant
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 22 2017

What do you think of Fortinet FortiSIEM (AccelOps)?

Introduction:  How many of you remember Cisco MARS? Well, if you don’t, let me remind you that they were one of the earliest SIEM products around that stemmed from the infrastructure monitoring space. MARS was geared more towards monitoring and reviewing network infrastructure including their utilization, performance availability and logs. After a brief run in enterprises that were Cisco heavy, the product died a natural death. People who were involved in the product left Cisco and started AccelOps (Accelerate Operations). As a product, they took the fundamentals of data collection and integrated infrastructure log, event monitoring to the data analytics platform. The result is a promising product called AccelOps. They have since been acquired by Fortinet, marking their foray...
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
CISO at Optomany
Nov 20 2017

What is most valuable?

The most valuable feature for me is that it's a single pane of glass for all of the analysts in my team. It gives us complete eyes and ears into what's going on within our environment. We run two separate installations. One is in our... more»

How has it helped my organization?

From my point of view, at a organizational level, we're able to get that insight into what users are doing, what our applications are doing, whether there is any untoward traffic coming in, whether the applications are misconfigured. It's... more»

What needs improvement?

In terms of the product, what really needs to improve are the metrics that you can get from it. We're all about mean time to detection, mean time to response, pulling those metrics out so I can put them into my KPI packs to present to the... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Operations Team Lead at Mary Kay Inc
Nov 20 2017

What is most valuable?

Most valuable feature is really providing us visibility into our infrastructure. Frequently, I'm reaching out to our partners in the business, and I'm asking them how I can assist them, and how I can improve their visibility from a security... more»

How has it helped my organization?

It's visibility. Frequently our network team - while our network security is paramount from a security perspective - our network team is really focused on keeping the network up. They're not concerned about intrusions, and potential malicious... more»

What needs improvement?

There is, of course, always, improved automation. Because, as we are continually needing more and more people from an analyst perspective, the more we can automate, the fewer people we need. If we can automate some of the lower-level things,... more»
3577479e e87f 4513 9c93 fa9a44478266 avatar
Real User
Global Security Engineering and Operations Director at a health, wellness and fitness company with 10,001+ employees
Apr 09 2017

What is most valuable?

* The ability to correlate data across our global enterprise in near real time * The ability to integrate a lot of third-party solutions * The machine learning pieces with Watson, indicators of compromise, and utilizing that across the value... more»

How has it helped my organization?

The solution has improved the efficiency of our security team. These improvements prevent the need for more proactive security activities. The improvements did not reduce our staff. It's funny, because IBM keeps on having this conversation... more»

What needs improvement?

Room for improvement is more in relation to a lot of the features, the automation of incidents themselves, and being able to automate workflow responses. Overall, I love the product. IBM usually puts good resources and talent behind things.... more»
Anonymous avatar x80
Reseller
Chief Technology Officer (CTO) at a tech company with 501-1,000 employees

What is most valuable?

* Security, understanding detection, intrusion, and how to do prevention and take action on an event that occurs from a security layer. * Having a single solution that can actually manage the entire infrastructure, soup to nuts. * Ability to... more»

How has it helped my organization?

Reducing my OPEX cost by reducing the overhead and training costs of employees and staff. Before we would have to have a large number of staff to be able to go in and do consulting opportunities, to mitigate and remediate security intrusions... more»

What needs improvement?

ArcSight needs to go the same route that HPE's doing with the virtualization engine of the HP 380. Basically making it more of a single pane of glass to be able to deploy and take a tangible action on a security event. Today it takes still a... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Sec And Risk Lead at Baker Tilly Virchow Krause, LLP
Nov 21 2017

What is most valuable?

We're fairly new to LogRhythm. One of the things that we really liked in the deployment PoC phase was the dashboard. How easily it percolated critical information up onto a screen that we could immediately review, and drill-down to look at... more»

How has it helped my organization?

It serves several different features. We can check the checkbox for HIPAA compliance, SEC-type stuff. But really, our biggest focus was actually on our clients. Because we're an accounting firm, a lot of our clients actually audit us, or they... more»

What needs improvement?

Probably the biggest improvement and I've talked to several of the management here at the LogRhythm User conference on it, is their thin piece, which is their file integrity monitor, that we use on some of our security servers. The data sets... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Senior Network Systems Engineer at a non-profit
Nov 20 2017

What is most valuable?

Favorite feature of the product is the ease of administration. There's not a lot of overhead. We don't need a FTE dedicated just to admin the product. That was one of the biggest selling features for us.

How has it helped my organization?

We have a big issue with our users, they really like to click on links and attachments. The Phishing Intelligence Engine, is a new feature they're releasing, which is really going to have a nice fit for us. Then the CloudAI stuff they built right into the SIEM. There's nothing else you've got to do other than upgrade it to the latest and greatest version. Those... more»
Splunk logo
Splunk
4e721233 57ba 4e80 a1f5 d54f47de3574 avatar
Real User
Infrastructure Engineer at Zirous, Inc.
Jan 17 2018

What is most valuable?

The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven... more»

How has it helped my organization?

Splunk has helped our organization mainly on our increased use of the security side. We use Splunk to monitor all machine logins (both successful and unsuccessful) and actions taken on those machines under each user. We have set up some... more»

What needs improvement?

Splunk has continually been increasing its features and also expanding and perfecting its core functionality. I would like to see it to continue to improve its predictive analytics and machine learning tools. It is not to be said that they... more»
Logrhythm
LogRhythm
Anonymous avatar x80
Real User
Systems Architect at a university with 10,001+ employees
Oct 24 2017

What is most valuable?

* The integratedness * The parsing * Their partnerships with various device manufacturers They keep it up to date, you don't have to worry about that when their products change. I think as an aggregator it works very well, and as a case... more»

How has it helped my organization?

We're an MSSB, we have about 10 or so different customers that all host with us. Currently we're licensed for 15,000 MPS, average, and we use about 8000 MPS average, consistently, and we're growing. Among our key challenges is getting... more»

What needs improvement?

I would like to see more focus on it being a data lake. We have around 100 terabytes of data stored in LogRhythm, machine data, sensor data. That all could be used for operations tasks as well. It would really be awful to have to stand up... more»
Av.logo.icon type
AlienVault
0fb052ba 70b7 457a 95ec 03d59ec28588 avatar
Consultant
Security Consultant at a tech consulting company with 51-200 employees

What is most valuable?

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

How has it helped my organization?

We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could... more»

What needs improvement?

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure... more»
Anonymous avatar x80
Real User
Senior security analyst at a financial services firm with 1,001-5,000 employees
Apr 12 2017

What is most valuable?

Some of the most valuable things that I get from QRadar are the custom parsers. A lot of the syslog items I get pushed to QRadar, instead of trying to build a custom parser to parse out the information that we need in order to do our... more»

How has it helped my organization?

I think it has improved our organization by the speed at which I can run queries compared to other software that I've used in the past. It's a lot quicker and holds a lot more information. It helps keep a good cognitive overview of our... more»

What needs improvement?

I'd like to see it being able to be integrated with more security products. I'm a big Guardian user; it's nice for the bidirectional. I can do some stuff, like a SQL injection, or if something is happening. But if there were other security... more»
Security information and event management %28siem%29 report from it central station 2018 01 27 thumbnail
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM).
254,040 professionals have used our research since 2012.

Security Information and Event Management (SIEM) Articles

A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Content and Community Manager
IT Central Station
Oct 31 2017
What do users say about their their security information and event management (SIEM) tools? What added value do SIEM tools give security professionals and network engineers?  Are users satisfied with the advanced threat protection capabilities? Do the log management features meet their... more»
Anonymous avatar x30
Satheesh PanickerLogRhythm is missing in the list
Vinod shankar li?1414336887
24,578
Manager, Enterprise Risk Consulting
Dynamic 9 years of IT career, reflecting progressive experience and performance in the computer and Internet industries. Specialized in providing cutting-edge solutions to traditional Security issues; establishing strategic ideas in various domains and demonstrating self-motivation, creativity,... more>>
Reviewed Fortinet FortiSIEM (AccelOps): The product is a well rounded performer when it...
Fdd16203 8ef5 4fdd afba 5f7acca6b477 avatar
210
Information Security Lead Consultant
Shaikh Jamal Uddin is a computer and cyber security expert and has done B.S. in Computer Engineering as well as CPTE, CEH, ECSA, Rapid7: NCA (Nexpose), Rapid7: MPCS (Metasploit), IBM QRadar Certified, TCSE (TrendMicro), KLCC (Kaspersky), MCSA, MCITP professional certifications. Recently, he got... more>>
Damian scott avatar 1432837163?1432837161
907

3
Sr SIEM Consultant
More than 8 years as a security engineer with the last 4 years as a SIEM consultant working delivering solutions to multiple industries. Sr QRadar Professional Services consultant with experience delivering on prem or cloud solution. Performed SOW technical review, sizing, architecture/design,... more>>
9e223545 7a7f 404d b59a d11569013a8a avatar?1438002727
3,560
TOP REVIEWERTOP 5
Security Manager
I am a ㊙️ Security guy and have titles like Security Officer, Security Manager, Säkerhetschef and Säkerhetsskyddschef. These are only titles and not limitations. My knowledge of Management, IT, Processes and people are broad and i love to do many things and help people wherever I go. The... more>>
63bf1a67 f487 4f52 927f f35dbfc46342 avatar
43
TOP 5
Assisting companies with broad security analysis, securing and hardening their servers and networks, setting up complete SIEM environments. I set up controls and analyze business processes. The buzz words: Siem consultant, Certified Information Systems Security Professional (CISSP), Certified... more>>
Omar sanchez mr tech avatar 1434666108?1434666106
5,883
TOP 5POPULAR
Information Security Advisor, CISO & CIO, Docutek Services
About my business: Docutek is a leading business and technology consulting company specializing in the development and implementation of healthcare technology since 2008. We deliver Consulting, Integration, Support and Training. We also provide clients with security assessment. network... more>>
6e36ca96 73e0 4085 9544 2966009b854f avatar
93
TOP 20
Senior Technical Consultant
I experience the implementation of FortiSIEM and Solarwinds LEM
Reviewed Fortinet FortiSIEM (AccelOps): Configuration in initial setup is complex. Product's...
24d140de 80d1 448c 8ece 95c2daa22510 avatar?1441887405
803
Cyber Security Advisor / CISO / Healthcare Security Pro
Mr. Christly is a seasoned Technology and Cybersecurity Executive and Consultant. He has demonstrated success aligning technology investments to streamline operations, secure corporate assets, reduce operating costs, grow sales, and develop the business in healthcare, education, telecom, and... more>>
Picture hassen trabelsi
360
IT Security Consultant
IT Security Consultant , PCI and PA DSS Compliance Manager , ISO 27001 Lead auditor , OWASP Co-Leader , Cyber Seceurity Expert, IT management Consultant.

Sign Up with Email