2015-01-06 12:07:00 UTC

RSA-EMC vs. other SIEM products?


I'm comparing RSA Envision to some of its competitor SIEM products. Can you help me with a comparison matrix?

Thanks. 

Santhakumar

Guest
99 Answers

author avatar
Vendor

Comparing RSA eNvision to other SIEM products.

To me a no brainer. Just don’t touch the RSA product.

Without knowing your requirements it is not easy to add further comments.

However.

IBM Qradar installs quickly. You can be up and running in hours. It does top last years Gartner report on SIEM.

Mcafee Nitro. Install is easy. Learning to drive it takes a while.

AlienVault. Easy install. Cost generally much cheaper than competitors. Is good.

2015-01-13 17:05:56 UTC
author avatar
Consultant

RSA Envision is no longer being sold as a SIEM by EMC. Instead they have
moved on to Security Analytics (SA) based on the acquired Netwitness
platform. RSA Envision is more of a Log Management tool than SIEM. I would
recommend to see the entire comparison between various SIEM products here -
http://infosecnirvana.com/siem-product-comparison-101/

2015-01-08 04:19:23 UTC
author avatar
Top 20Reseller

@Santhakumar

I think the only thing you were looking for was a matrix to do a SIEM comparison. It seems that people are making assumptions and while interjecting instead of listening to what you are asking. I am not going to assume, please review the list to see if this is what you are looking for:

https://www.logrhythm.com/Portals/0/resources/LR_DCIG_2014-15_SIEM_Appliance_Buyer's%20Guide.pdf

Todd

2015-01-07 09:25:47 UTC
author avatar
Vendor

Sorry,

I’ve worked with NitroSecurity (McAfee), QRadar (IBM), and ArcSight (HP) but I haven’t worked with RSA-EMC.

We did do an evaluation of the three products but it was based on the customer’s criteria – all three of the products have significant capabilities so it really depends on what capabilities that you want in a SIEM solution the most.

I can provide you with a synopsis of what the evaluation results (assuming that I can get our customer’s permission) but I’m not sure that will help you.

Russ

2015-01-06 16:40:18 UTC
author avatar
Vendor

ArcSight and McAfee(Intel) Nitro are really strong SIEM solutions, but the price......
No matter which SIEM solution you will select, the most important thing is the right SIEM implementation (more than SIEM selection):
- Log collection: Network,Security,System/App
- Rule configuration based on collected Events and predefined Use Cases

In Nitro form McAfee for example you need to buy also Receivers for log collection based on your requirements, like: 10K/15K/20K EPS (more money). Or you could buy Combo device for smaller organization.

All depends on your final goals like: Is it going to be part of the complete SOC solution?
Organization Size?
There no correct answer on question “Which SIEM is the Best” , there a lot of multiple options.
Your SIEM selection should be based on your requirements and capabilities.

Today SIEM is already only small piece in follows up solution.

2015-01-06 14:54:07 UTC
author avatar
Consultant

Hi Kumar,
I strongly believe that before anyone makes any attempt to compare "SIEM" solutions, he/she must first have a good idea of the present and future needs. Strictly speaking Splunk is not a SIEM solution (you should see it as an advanced log management solution), Arcight and McAfee are indeed SIEM solutions, and IBM's QRadar solution goes beyond what a SIEM is and should be.
I am sure you will agree that the above implies that a comparison matrix would not have a great deal of value as you cannot compare a Security Intelligence platofrm to an advanced log management solution.
Hope this is of help in any way.
Best Regards.

2015-01-06 12:47:39 UTC
author avatar
Vendor

I would best direct them to Gartner Magic Quadrant 2014 or SC Magazine SIEM evaluations.

Other factors that come into play would be EPS, business use case and
technology team who will be using this product.

Regards

Sumit Garg

2015-01-06 12:30:28 UTC
author avatar
Top 20Consultant

Hi Kumar,

We are using RSA envsion and we are having a tough time with the support and implementation.
There are other SIEM solutions like McAfee Nitro, Splunk, ArcSight. In this Splunk is the best since the customization is so amazing until you have some basic knowledge on programming, but the Splunk community is so good they support us very good.

ArcSight is also a good product but its very expensive. I haven't worked with McAfee Nitro.

I will update you in couple of weeks since i will doing a POC on these devices.

SO according to me Splunk is the best if you really need a better output.

2015-01-06 12:28:03 UTC
author avatar
Vendor

Hi

I would rather suggest comparing RSA Security Analytics to other SIEM solutions as RSA has EOL Envision. The new features should give you a better apples with apples comparison to the other SIEM’s.

Regards
Tallen

2015-01-06 12:24:15 UTC
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: May 2020.
419,360 professionals have used our research since 2012.