Doing Incident analysis in my opinion with ESM is easier than other solutions. There are a lot of ways to build queries and a great filter engine; if you provide ESM with the Advanced Correlation Engine and Global Threat Intelligence you can raise your infrastructure to be a complete advanced SOC.
Improvements to My Organization
I work for a System Integrator.
Room for Improvement
I have almost no complaints with this solution because it's almost a complete solution, but I do hope to have more stability in the next upgrade and to have the interface re-engineered to be HTML5-based rather than Flash-based.
I'd also like some Splunk-like ELM (Log Manager) enterprise functions.
Use of Solution
I've used it for three years, from versions 9.1 to 9.5
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected deployment.
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected stability.
It has scaled to our needs.
Customer Service and Technical Support
Customer service is very good and very professional. Technical Support
Technical support is very good and very professional.
I also work with with RSA and McAfee SIEM solutions.
If you buy the all-in-one solution (Virtual or Hardware), the setup takes a couple of hours.
Pricing, Setup Cost and Licensing
SIEM is not a Log Manager; ESM is meant for people who need advanced SOC functionality and not only to satisfy compliance rules.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're a partner.
Jan 21 2016