We just raised a $30M Series A: Read our story

Top 8 Security Information and Event Management (SIEM) Tools

SplunkIBM QRadarDevoMicrosoft SentinelFortinet FortiSIEMLogRhythm NextGen SIEMRSA NetWitness Logs and Packets (RSA SIEM)Netsurion EventTracker
  1. leader badge
    It's basically one of the best SIEM products on the market.One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us.
  2. leader badge
    The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.
  3. Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
    554,148 professionals have used our research since 2012.
  4. Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.
  5. Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.It's pretty powerful and its performance is pretty good.
  6. Fortinet FortiSIEM is easy to use.The solution is easy to use and user-friendly.
  7. I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.The product is great for medium to large-scale organizations.
  8. report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    554,148 professionals have used our research since 2012.
  9. The newer 11.5 version that my team is using has found it to have good mapping.The solution is really scalable for the high-end power, enterprise customer.
  10. There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.

Tips for choosing the right SIEM solution

As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.

  1. Define your goal

Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”

  1. Limit your options

As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget

  1. Create a framework for your POC

Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.

One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”

Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
554,148 professionals have used our research since 2012.