Security Information and Event Management (SIEM) Report From PeerSpot 2023-07-29 16qn

Security Information and Event
Management (SIEM)
Buyer's Guide &

Reviews
July 2023
Security Information and Event Management (SIEM)
Get a custom version of this report...personalized for you!

Thanks for downloading this PeerSpot report.
Note that this is a generic report based on reviews and opinions from the entire PeerSpot
community. We offer a customized report personalized for you based on:
• Your industry
• Company size
• Which solutions you're already considering
It includes recommendations for you based on what other people like you are researching and
using.
It takes 2-3 minutes to get the report using our shortlist builder wizard. We recommend it!
Get your personalized report here.
2
Contents
Vendor Directory 4-5
Top Vendors 6-8
Top Solutions by Ranking Factor 9
Focus on Solutions
Microsoft Sentinel 10 - 12
Splunk Enterprise Security 13 - 15
IBM Security QRadar 16 - 18
Elastic Security 19 - 21
Wazuh 22 - 24
LogRhythm SIEM 25 - 27
Securonix Next-Gen SIEM 28 - 30
Devo 31 - 33
USM Anywhere 34 - 37
Fortinet FortiSIEM 38 - 40
Answers From the Community 41 - 46
About This Report and PeerSpot 47
© 2023 PeerSpot
To read more reviews about Security Information and Event Management (SIEM), please visit:
https://www.peerspot.com/categories/security-information-and-event-management-siem
3
Vendor Directory
Adlumin Adlumin Logpoint Logpoint
Amazon AWS Security Hub LogRhythm LogRhythm SIEM
Anvilogic Anvilogic Logsign Logsign Next-Gen SIEM
AT&T USM Anywhere Logz.io Logz.io
AT&T AlienVault OSSIM ManageEngine ManageEngine Log360
BlackBerry Blackberry Alert ManageEngine ManageEngine EventLog Analyzer
BlackBerry Blackberry AtHoc Masergy Masergy
BlackStratus SIEMStorm Microsoft Microsoft Sentinel
Blumira Blumira MixMode MixMode
BMC BMC AMI Command Center for Security NETIKUS.NET ltd EventSentry
Check Point SmartEvent Event Management NETMONASTERY DNIF HYPERCLOUD
ConnectWise ConnectWise SIEM Netsurion Netsurion
Coralogix Coralogix NetWitness NetWitness Platform
Devo Devo NNT NNT Log Tracker Enterprise
Edge Delta Edge Delta Security Odyssey Cybersecurity ClearSkies SaaS NG SIEM
Elastic Elastic Security OpenText ArcSight Enterprise Security Manager

(ESM)
empow i-SIEM
OpenText Sentinel
Exabeam Exabeam Fusion SIEM
OpenText ArcSight Intelligence
Fluency Security Fluency
OpenText ArcSight Recon
Fortinet Fortinet FortiSIEM
OpenText ArcSight Security Open Data Platform
Fortra Fortra's Event Manager
OpenText ArcSight Security Orchestration
Google Google Chronicle Suite Automation Response
Graylog Graylog Security Oracle Oracle Security Monitoring and Analytics

Cloud Service
Gurucul Gurucul Next Gen SIEM
Panther Panther
Huntsman Security Enterprise SIEM
Rapid7 Rapid7 InsightIDR
IBM IBM Security QRadar
RSA RSA enVision
IBM IBM Watson for Cyber Security
Seceon Seceon Open Threat Management
Platform
Ignite Technologies SenSage AP
Securonix Solutions Securonix Next-Gen SIEM
Intersect Alliance Snare
Securonix Solutions Securonix Unified Defense SIEM
IS Decisions FileAudit
SolarWinds SolarWinds Security Event Manager
Juniper Juniper Secure Analytics
Splunk Splunk Enterprise Security
SQRRL SQRRL
© 2023 PeerSpot
4
Vendor Directory
Stellar Cyber Stellar Cyber Open XDR ThetaRay ThetaRay
Sumo Logic Sumo Logic Security TIBCO LogLogic
SurfWatch Labs SurfWatch Labs SurfWatch Trellix Trellix ESM
TEHTRIS TEHTRIS SIEM Trellix Trellix Helix
VenusTech Venusense USM
Vijilan ThreatRespond
Wazuh Wazuh
© 2023 PeerSpot
5
Top Security Information and Event Management (SIEM) Solutions

Over 722,770 professionals have used PeerSpot research. Here are the top Security Information and Event Management (SIEM)
vendors based on product reviews, ratings, and comparisons. All reviews and ratings are from real users, validated by our triple
authentication process.
Chart Key
Views Comparisons Reviews Words/Review Average Rating
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product PeerSpot on PeerSpot reviews
Bar length
The total ranking of a product in a category, represented by the bar length, is based on a weighted aggregate score. The score is calculated
using the following factors:
ul>
li>Comparisons Views: the product with the highest number of comparisons with other products-in-the-category gets a
maximum of 25 points. Every other product gets assigned points based on its total in proportion to the #1 product
in that ranking factor. For example, if a product has 80% of the number of comparison views compared to the
product with the most reviews then the product's points for reviews would be 25 * 80%./li>
li>Views: We calculate the number of Views based on the percentage of category comparisons out of the total comparisons of the
product./li>
ul>
li>For example, if a product has 100 Comparisons with other products in the category and a total of 1,000 Comparisons,
the product will be assigned 10% of the total number of Views. If the product has a total of 2,000 Views,
it will be assigned 200 Views for this ranking factor./li>
li>The product with the highest number of views gets a maximum of 25 points.
Every other product gets assigned points based on its total in proportion to the #1 product in that ranking factor./li>
li>For example, if a product has 100 Comparisons with other products in the category and a total of 1,000 Comparisons,
the product will be assigned 10% of the total number of Views. If the product has a total of 2,000 Views,
it will be assigned 200 Views for this ranking factor./li>
/ul>
li>Reviews: the product with the highest number of reviews gets a maximum of 15 points. Every other product gets assigned points
based on its total in proportion to the #1 product in that ranking factor. For example, if a product has 80% of the number of
reviews compared to the product with the most reviews then the product's points for reviews would be 15 * 80%./li>
li>Rating: the maximum score is 25 points awarded linearly between 6-10/li>
ul>
li>e.g. 6 or below=0 points; 7.5=7.5 points; 9.0=18 points; 10=25 points./li>
/ul>
li>Words/Review: the maximum score is 10 points awarded linearly between 0-900 words/li>
ul>
li>e.g. 600 words = 4 points; 750 words = 7 points; 900 or more words = 10 points./li>
li>If a product has fewer than ten reviews, the point contribution for Rating and Words/Review is reduced: 1/3 reduction in points
for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews./li>
/ul>
/ul>
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
Rankings for June 2023 and earlier used our previous ranking methodology. Learn more here.
1 Microsoft Sentinel
34,829 views 20,293 comparisons 53 reviews 1,462 words/review 8.3 average rating
2 Splunk Enterprise Security

© 2023 PeerSpot
6
3 IBM Security QRadar
25,899 views 15,312 comparisons 54 reviews 470 words/review 7.7 average rating
© 2023 PeerSpot
7
4 Elastic Security
5 Wazuh
6 LogRhythm SIEM
7 Securonix Next-Gen SIEM
8 Devo
9 USM Anywhere
10 Fortinet FortiSIEM
© 2023 PeerSpot
8
Top Solutions by Ranking Factor

Views
VIEWS
1 Microsoft Sentinel 34,829
2 Splunk Enterprise Security 32,443
3 IBM Security QRadar 25,899
4 Wazuh 21,653
5 Elastic Security 17,544
Reviews
REVIEWS
1 IBM Security QRadar 54
2 Microsoft Sentinel 53
3 Splunk Enterprise Security 44
4 Fortinet FortiSIEM 26
5 ArcSight Enterprise Security Manager 24

(ESM)
Words / Review
WORDS /
REVIEW
1 Devo 2,182
2 Netsurion 1,862
3 Microsoft Sentinel 1,462
4 Securonix Next-Gen SIEM 1,171
5 RSA enVision 955
© 2023 PeerSpot
9
Microsoft Sentinel See 54 reviews >>
Overview
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration
automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers
intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat
visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale
to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple
clouds
- Detect
SAMPLE CUSTOMERS
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
TOP COMPARISONS
AWS Security Hub vs. Microsoft Sentinel … Compared 23% of the time [See comparison]
Splunk Enterprise Security vs. Microsoft Sentinel … Compared 20% of the time [See comparison]
IBM Security QRadar vs. Microsoft Sentinel … Compared 11% of the time [See comparison]
REVIEWERS * VISITORS READING REVIEWS *
TOP INDUSTRIES TOP INDUSTRIES

Computer Software Company … 17% Financial Services Firm … 24%
Government … 10% Computer Software Company … 8%
Financial Services Firm … 9% Manufacturing Company … 8%
Manufacturing Company … 6% Performing Arts … 4%
COMPANY SIZE COMPANY SIZE

1-200 Employees … 23% 1-200 Employees … 33%
1001+ Employees … 62% 1001+ Employees … 44%
* Data is based on the aggregate profiles of PeerSpot Users reviewing and researching this solution.
© 2023 PeerSpot
10
Microsoft Sentinel Continued from previous page
Top Reviews by Topic
VALUABLE FEATURES See more Valuable Features >>
In terms of Microsoft Sentinel, I think a large part of it has been automated by Azure itself. From a customer point of view, all
you have to do is just run some queries and get the data. In terms of connections or the connectors for multiple data sources or
multiple log sources, it's very easy to just set it up, be it Azure-native services or something customized, like some connection
Ashish with the on-prem servers or things like that, or even connections with the other cloud platforms, such as AWS. The connectors
Gupta
are really one thing I appreciate. I thi... [Full Review]
I work with the Microsoft 365 products stack quite a bit, and I'm a big fan of the granularity that the products have. For
example, the Defender stack is very focused on endpoints, identities, and so forth. With Sentinel, we have the ability to
integrate with each of these components and enhance the view that we would have through the Defender portal. It also gives
Jaco Le us the ability to customize our queries and workbooks to provide the solution that we have in mind on behalf of our team to our
Roux
customers. The part that was very unexpected was Sentinel's... [Full Review]
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical
capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your
own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR
Krishnan component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune
Kartik
the SOAR and you'll be charged only when your playbo... [Full Review]
The watchlist is one of the features that we have found to be very helpful. We had some manual data in our Excels that we
used to upload to Sentinel. It gives us more insightful information out of that Excel information, including user identities, IP
addresses, hostnames, and more. We relate that data with the existing data in Sentinel and we understand more. Another
Gopal Pawar important feature is the user behavior analytics, UEBA. We can see how our users are behaving and if there is malicious
behavior such as an atypical travel alert or a user is somewhere ... [Full Review]
ROOM FOR IMPROVEMENT See more Room For Improvement >>
The number one area of improvement for Sentinel would be the cost. At this point in time, I feel like, simply because we are a
huge organization spread across the globe, we can afford it, but small and medium businesses cannot afford it. Maybe it's not
meant for them? I don't know; that's a debatable topic. But even for organizations like ours, a problem that we face and for
Ashish some of my other friends that I have talked to, it's a great solution, but we cannot deploy it everywhere because, frankly, we
Gupta
overrun our budget. One thing that would really he... [Full Review]
Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have
some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain
companies have bought licensing or have made an investment in a product, and that product will be there for the next two or
Jaco Le three years. To be able to view information from those legacy products would be great. We can then better leverage the
Roux
Sentinel solution and its capabilities. It is being enhanced, and... [Full Review]
Only one thing is missing: NDR is not available out of the box. The competitive cloud-native SIEM providers have the NDR
component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider. It needs a third-
party OEM. Other than that, it supports the entire gamut of solutions. Also, we are helping customers build custom data-source
Krishnan integration. Microsoft needs to look at some strategic development on the partner front for out-of-the-box integration. [Full
Kartik
Review]
© 2023 PeerSpot
11
Microsoft Sentinel Continued from previous page
The following would be a challenge for any product in the market, but we have some in-house apps in our environment. We
were thinking of getting the activities of those apps into Sentinel so that it could apply user behavior analytics to them. But our
apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to
Gopal Pawar build those custom APIs that we require. That is currently in progress. We are happy with the product, but when it comes to
integrating more things, it is a never-ending task. W... [Full Review]
PRICING, SETUP COST AND LICENSING See more Pricing, Setup Cost And Licensing >>
Microsoft Sentinel is definitely costly. If we factor in the cost of other services, MCAS, MDI, and Microsoft Defender for Cloud, it
gets seriously costly, to the extent that we cannot enable it across the organization. It simply overshoots the budget by a huge
margin. When talking about the Microsoft Sentinel piece itself, let's say we have set up custom integrations and it does not cost
Ashish us that much, it is definitely costly. If we talk about log retention, then it is even more costly. Comparing it to the other solutions,
Gupta
in fact, when we started o... [Full Review]
I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of
information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my
customers make the decision to leave that within the Defender stack. The big challenge for me right now is having to query
Jaco Le data with the Microsoft Defender API and then querying a similar structure. That's a simple cost decision. If that cost can be
Roux
brought down, I'm sure more of my clients would ... [Full Review]
Microsoft gives a discount of 50 percent but only for customers that are clocking 100 GB and above. They should also look at
medium and SMB customers in that regard. There are a lot of advantages for customers with a Microsoft ecosystem. They
need to know the tricks for optimizing the cost of Microsoft Sentinel. They need to work with the right service provider that can
Krishnan help them to go through the journey and optimize the cost. For Microsoft security products there is a preview mode of up to six
Kartik
months, during which time they are non-billable. The c... [Full Review]
The pricing was a big concern and it was very hard to explain to our stakeholders why they should bear the licensing cost and
the Log Analytics cost. And the maintenance and use costs were on the higher side compared to other products. But the
features and capabilities were going to ease things for my operations and SOC teams. Finally, the stakeholders had clarity. [Full
Gopal Pawar Review]
© 2023 PeerSpot
12
Splunk Enterprise Security See 56 reviews >>
Overview
Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the
ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise
Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users
with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as
it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors.
Full visibility across your environment
Break down data silos and gain actionable intelligence by ingesting data from multicloud and o... [Read More]
SAMPLE CUSTOMERS
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli,
McKenney's, Tesco, and SurveyMonkey.
TOP COMPARISONS
IBM Security QRadar vs. Splunk Enterprise Security … Compared 11% of the time [See comparison]
LogRhythm SIEM vs. Splunk Enterprise Security … Compared 7% of the time [See comparison]
Dynatrace vs. Splunk Enterprise Security … Compared 5% of the time [See comparison]

Financial Services Firm … 15% Computer Software Company … 16%
Government … 10% Government … 10%
Manufacturing Company … 7% Energy/Utilities Company … 9%

© 2023 PeerSpot
13
Splunk Enterprise Security Continued from previous page
The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly. We have
about a 500 gig license with Splunk, so it's not like petabytes of data, but even 500 gigs is kind of hard to sift through
sometimes. [Full Review]
Louis
Changeri
The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key
questions. By seeing how others analyzed the data, we can develop new dashboards and approaches. It is always helpful to
see how someone else used a tool to spark ideas about how we can enrich our items based on our specific needs. This
Phil feature covers a lot of our core general questions and is helpful, but it also allows us to see what someone who is really
Waterbury
focused on this area has done and how we can tune and tweak it to our needs. [Full Review]
Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects. This upgrade
makes it easier for me to implement all the dashboards. I have created a dashboard that showcases all the VPN monthly data
in one place, which is a beneficial feature of the new visualization effects. [Full Review]
Praveen
Kadali
Splunk handles a high volume of data that we have, and it does it really well. For what we're using it for, we're happy with its
functionality. The reporting aspect is good and it does what I need it to do. From an operational standpoint, it helps us on the
operations side and it also shows where we're having issues. It connects to a lot of stuff. We can collect information from a lot
Donald of sources. [Full Review]
Baldwin
Splunk has been improving consistently over the last couple of revs. I still think there are some administrative features that they
could improve on and make them less kludgy, but from a user perspective, it has gotten very clean and very sexy looking over
the last few builds. So the users seem to like it. By less kludgy, I mean that in the version I'm running, I still have to go into the
Louis command line and modify files and then go into the GUI and validate that they got modified. So it's not all in the GUI, but it has
Changeri
been moving slowly to the GUI ov... [Full Review]
It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk. This
includes making sure that the log feeds are aligned correctly so that when we look at data and alarms, everything makes
sense. Sometimes, I see alarms that are caused by data sources that have snuck in. For example, if my firewall says something
Phil about AV, it might get mapped into antivirus. This can happen because firewalls are multipurpose devices, and they can end
Waterbury
up in models that aren't really applicable. Part of the pr... [Full Review]
There are deployment servers and other servers, and sometimes Splunk may encounter issues if there are non-reporting
devices. We will receive alerts only for the administrators and deployment servers, but not for all servers. When upgrading
Splunk, we encounter certain issues. For instance, it does not accept older versions of the other tools we use. This is the main
Praveen problem. For example, if we are using a ticketing tool or any other XDR or EDR solutions, we need to upgrade them when we
Kadali
upgrade Splunk. During this process, we will encounter some dif... [Full Review]
© 2023 PeerSpot
14
Splunk Enterprise Security Continued from previous page
The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to
the configuration or setup. If you monitor too much, you can lose performance on your systems. You have to be careful what
you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan
Donald your monitoring pretty carefully. It could be easier for beginners. As it is, right now, You have to have a good understanding of
Baldwin
the solution in order to use it properly. That said, ... [Full Review]
I can comment on price in this way - in education in Ohio, we're part of the Ohio supercomputer consortium, and they act as a
collective bargaining agent. So we get our licensing as a piece of the State of Ohio's Splunk license. So my pricing is very
much not list or even reduced list because of the volume that the state buys. We generally spend about $20,000 a year in third
Louis party integrator costs to get us past some of the rough edges that we get with Splunk support. [Full Review]
Changeri
I believe that Splunk Enterprise Security is worth the price, but it is expensive. I am always trying to balance the need for
security with the need to be cost-conscious. [Full Review]
Phil
Waterbury
Unlike other security tools, Splunk provides a fixed amount of gigabytes per day, and we are required to pay for any additional
usage beyond that limit, in addition to our monthly cost. I believe this pricing structure is reasonable for medium and large
organizations. [Full Review]
Praveen
Kadali
The pricing depends on the bandwidth of an organization and is good compared to some SIEM tools. IBM, for example, is quite
costly. But Microsoft Sentinel is notably cheaper. I have seen a lot of organizations running on Sentinel. IBM is for quite large
organizations that don't want to have their data on the cloud. Splunk has both on-prem and cloud modules and, cost-wise,
Chetankuma Splunk is better. Internally, we cannot push everything to the cloud. That would become too expensive for us. So we have it
r
Savalagimat sitting in our data center and that is good. [Full Review]
h
© 2023 PeerSpot
15
IBM Security QRadar See 55 reviews >>
Overview
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with
actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility,
security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are
critical. This will help streamline workflows by eliminating the need to pivot between tools.
IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization
effort required. As data is ing... [Read More]
SAMPLE CUSTOMERS
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use
QRadar.
TOP COMPARISONS
Splunk Enterprise Security vs. IBM Security QRadar … Compared 33% of the time [See comparison]
LogRhythm SIEM vs. IBM Security QRadar … Compared 9% of the time [See comparison]
ArcSight Enterprise Security Manager (ESM) vs. IBM Security QRadar … Compared 7% of the time [See comparison]

Educational Organization … 17% Financial Services Firm … 25%
Computer Software Company … 16% Computer Software Company … 14%
Comms Service Provider … 7% Security Firm … 7%

© 2023 PeerSpot
16
IBM Security QRadar Continued from previous page
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk
management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full
packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing
Simon analysis. [Full Review]
Thornton
IBM QRadar is phenomenal as a SIEM SOC solution. In terms of its capability, in terms of its usability, in terms of the SOC
solutions or SIEM solutions out there, we find QRadar the most user-friendly. It gives you the right coverage as the analytical
platform that's coupled with Watson is phenomenal. From a deployment perspective, we found it very, very good. What we like
Pat Pather about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives
you the same value. It's easy to use if you go thro... [Full Review]
There is a Pulse dashboard that they have. From a reporting perspective, we'll be creating dashboards based on the pulse
functionalities. There are other third-party plugins that we can use as well. We can initiate in the QRadar platform, however,
Pulse is one of the most user-friendly options. Along with that, there are out the box rules and out the box dashboards that we
Renu Raj have available to us. Mostly what we are concentrating on is creating the rules and fine-tuning the rules to align properly with
the customer infrastructure depending upon the cus... [Full Review]
It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We
started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products
take care of the Windows platform. [Full Review]
Kjel
Morkeng
In terms of the GUI, they need to improve the consistency. It has been written by different teams at different times. So, when
you go around the interface, you'll find a lot of inconsistencies in terms of the way it works. I'd like them to improve the offense.
When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is
Simon the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration
Thornton
with IBM Resilient, but IBM Resilie... [Full Review]
The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the
cost factor becomes a huge issue. You do need proper training. Better training leads to better implementation. South Africa
does not have the most knowledgeable technical support team. One challenge that you have in South Africa is the quality of
Pat Pather the IBM resources. They're not up to the level companies need. I have to criticize IBM on that point - the skill level in South
Africa and the South African franchise of IBM doesn't... [Full Review]
The AQL queries could be better. With the queries, there's an option for you to create dashboards based on the queries that
they have. The documentation that is available for AQL queries is not well received. They could maybe look at how Microsoft is
leveraging AQLs from a Sentinel perspective and create more documentation and training materials and make those more
Renu Raj available to the general public. They have to facilitate more learning opportunities. Microsoft has something called Playground
where you have some sample logs and where you can learn how... [Full Review]
© 2023 PeerSpot
17
IBM Security QRadar Continued from previous page
Better algorithms or AI would always be appreciated, but this product does what it's supposed to do. And maybe there is
something behind the scenes that could be improved, but I don't know. UBA is a plugin for QRadar SIEM. If we're talking about
the SIEM solution as a whole, there is a lot I can talk about, but there isn't much to say about UBA as a standalone. I'm not in a
Kjel position to criticize or comment on the underlying code. [Full Review]
Morkeng
It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely
difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be
deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now
Simon buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller
Thornton
appliances, there is no upgrade path. So, if you e... [Full Review]
Licensing is mostly dependent on the EPS, events per second. Depending upon the number of products that are integrated
with the platform, we have to come to an optimal EPS value. I'm not very sure about the financials, however, the licensing cost
cannot be as much as that for Sentinel, which is not very low. For customers who need medium EPS values, we advise QRadar.
Renu Raj The basic out the box cost covers, the EPS value that you have specified, and then some archiving maybe. It should include at
least six months of archiving and other functionalities. Mo... [Full Review]
I have no idea what QRadar UBA costs as a standalone solution because it is bundled with the QRoC security operation center
and several other modules that we pay for in a big lump sum. However, I don't think that part is too expensive. It's a plugin to
the QRadar SIEM that feeds off the same data. We have X-Force Threat Exchange, so IBM is operating the SIEM for us. I say to
Kjel them, "I want UBA," and there it is. [Full Review]
Morkeng
I do not know the exact cost. It's a bit tricky as some of it is tied into pre-contracts that we have. Some parts of the company do
prepaid funds for certain solutions. It's different. It varies. [Full Review]
Erik
Mercado
© 2023 PeerSpot
18
Elastic Security See 23 reviews >>
Overview
Unify SIEM, endpoint security, and cloud securityElastic Security modernizes security operations — enabling analytics across
years of data, automating key processes, and bringing native endpoint security to every host.Elastic Security equips teams to
prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open
platform.
SAMPLE CUSTOMERS
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
TOP COMPARISONS
Graylog vs. Elastic Security … Compared 15% of the time [See comparison]
Splunk Enterprise Security vs. Elastic Security … Compared 12% of the time [See comparison]
IBM Security QRadar vs. Elastic Security … Compared 8% of the time [See comparison]

Financial Services Firm … 11% Computer Software Company … 24%
Government … 9% Comms Service Provider … 12%
Comms Service Provider … 8% Healthcare Company … 6%

© 2023 PeerSpot
19
Elastic Security Continued from previous page
The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic
level of the solution is free. [Full Review]
Rudolf
Janousek
We really like that it integrates into the overall ELK Stack, and we're using that as our theme. We were looking for a product
compatible with that. We like the detailed investigation features of the platform as you're able to get a lot of detail as to what's
going on on the host when you do investigations. We like the quarantine feature. We chose the product based on the ability to
Kathleen scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as
Fishman
intensive. We have a lot of satellite com... [Full Review]
Overall, the solution is good. The machine learning aspect of the solution has been great. The deployment is not that
complicated. ELK is open-source, and it will give you the framework you need to build everything from scratch. [Full Review]
Haitham AL-
Sarmi
What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the
search query and the speed of searching for results. [Full Review]
PH Chiu
In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could
be some sort of intelligent database checking for better effects. Overall, I think there could be more automation. [Full Review]
Rudolf
Janousek
It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using
Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side.
Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set
Kathleen more robust. However, I would say that right now the Linux feature set is a little limited. [Full Review]
Fishman
The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now
there are only very basic modules. We are facing an issue with the engineers. In the region, there are not many available. Only
a few people might be available in our particular region, which is a problem. There isn't really a very good user experience. You
Haitham AL- need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with
Sarmi
the scripts. It's not simple. If you want to configure... [Full Review]
© 2023 PeerSpot
20
Elastic Security Continued from previous page
An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs
to be collected, the price also increases a lot. [Full Review]
PH Chiu
The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log
action daily, it would cost around $20,000. [Full Review]
PH Chiu
This is an open-source solution. It's free to those who would like to take advantage of its capabilities. There are options for
yearly or monthly subscriptions. It's based on how many logs you deal with every month. If it increases beyond your tier, you
would pay extra for the solution. The price can be low, however, their support is lacking - even the premium option. I'd rate it
Nikhil Kumar eight out of ten in terms of affordability. [Full Review]
The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs.
When compared to other products, the price is average or on the low side. [Full Review]
Maria Foss
The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic
Security. There are no hidden or additional costs. [Full Review]
Hamada
Elewa
© 2023 PeerSpot
21
Wazuh See 25 reviews >>
Overview
Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat
detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across
virtualized, on-premises, containerized, and cloud-based environments.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic
Stack, allowing users the ability to navigate through security alerts via a data visualization tool.
Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect
threats in order to trigger responses automatically.
Wazuh manages ... [Read More]
SAMPLE CUSTOMERS
TOP COMPARISONS
Elastic Security vs. Wazuh … Compared 24% of the time [See comparison]
Splunk Enterprise Security vs. Wazuh … Compared 19% of the time [See comparison]
Graylog vs. Wazuh … Compared 11% of the time [See comparison]

Comms Service Provider … 10% Security Firm … 22%
Financial Services Firm … 7% Financial Services Firm … 11%
Government … 7% Comms Service Provider … 6%

© 2023 PeerSpot
22
Wazuh Continued from previous page
The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and
firewall routers), and vulnerability detection. [Full Review]
Muhammad
Muaaz Bin
Zaka
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for
different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. [Full Review]
Vikrant
Puranik
There are three key strengths of Wazuh that stand out to me. Firstly, Wazuh offers an enhanced HDR version that outperforms
the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for
endpoint security significantly. Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy
Akash to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.
Majumder
Lastly, Wazuh has the ability to collect terabytes of d... [Full Review]
I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS
benchmarks on other devices like Unix or Linux systems. There are three other features I find valuable. First, Wazuh helped me
harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the
Wajih Ul other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS
Hasan
compliance as it gives a very clear view regarding the benchmark of ... [Full Review]
There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with
Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't
expect it to be free because revenue is generated through the support they provide. In future releases, I would like to see a
Muhammad feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations
Muaaz Bin
Zaka between different devices and components. For instance, ... [Full Review]
Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some
minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates. I would like to see more
Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native
Vikrant service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed
Puranik
Kubernetes solutions. [Full Review]
One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies. In the next
release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at
times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false
Akash positives in its system. [Full Review]
Majumder
© 2023 PeerSpot
23
Wazuh Continued from previous page
Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix
systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions. We found a
workaround by reducing the frequency, so it would give us some sort of real-time monitoring. [Full Review]
Wajih Ul
Hasan
Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no more
than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend anything
except for resources. [Full Review]
Vikrant
Puranik
Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price
would be around $23 to $24. Compared to its competitors like ELK Stack and other similar products, Wazuh offers a
reasonable price point, with many of its competitors priced higher. [Full Review]
Akash
Majumder
We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other
monitoring matters since we are using the pre-version. [Full Review]
Sulabh
Khanal
We paid a lump sum as managed services, so the operator charges an amount for a year using a complete compliance system.
The complete compliance system is just one component, so we are not being charged separately for the suite. This means we
have the luxury of using it as a combo deal. [Full Review]
Sheeraz
Ahmed
© 2023 PeerSpot
24
LogRhythm SIEM See 28 reviews >>
Overview
LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally,
LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information
from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s
fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM
is for organizations that require an on-premises solution and offers:
● Streamlined workflow
● Secure data access
● Real-time visibility
● A unified user experience
● Management customization
Security information and event management (SIEM) soluti... [Read More]
SAMPLE CUSTOMERS
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
TOP COMPARISONS
Splunk Enterprise Security vs. LogRhythm SIEM … Compared 31% of the time [See comparison]
IBM Security QRadar vs. LogRhythm SIEM … Compared 14% of the time [See comparison]
USM Anywhere vs. LogRhythm SIEM … Compared 7% of the time [See comparison]

Educational Organization … 33% Financial Services Firm … 28%
Computer Software Company … 12% Healthcare Company … 11%
Government … 7% Energy/Utilities Company … 9%

© 2023 PeerSpot
25
LogRhythm SIEM Continued from previous page
Our previous SIEM did not have dashboards, so there wasn't a starting point. With our previous SIEM, we had to have a specific
thing we were looking for, and only then we could find it. The dashboards in the LogRhythm SIEM really help us as a starting
point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for
Robert Cato further investigation. The dashboards, therefore, are our favorite feature of the SIEM. The solution helped with productivity and
the ability to process logs. We do Event Log Fil... [Full Review]
One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't
have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs
imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that
Joseph W. we could interpret the logs correctly. Most of them had already been pre-created for us. We use the Event Log Filtering feature
a lot. We use it for simple trouble... [Full Review]
Looking at the logs and how much detail each log has when it is ingested into our dashboards is quite useful. I found it very
useful when looking at, for example, what emails are inbound and outbound of our networks. I like how detail-oriented the logs
are in terms of what the origin is and what network it's coming from. I also like how the detailed logs give us what host or user
Dylan it's coming from. On sight, I have a pretty cohesive understanding of what threat intelligence looks like in terms of reviewing
Haddad
what we have to deal with. I use the Event L... [Full Review]
One of the features that we use the most and find the most valuable includes the Web Console. My analysts really like the
interface and the ability to build queries using point-and-click without having to write Query languages. My favorite feature is
the actual Admin Console and the ability to monitor all aspects of the SIEM's health and the ability to build new use cases for
Kevin my analysts to work with. We also use the Machine Data Intelligence feature for classifying and contextualizing logs. It does
Merolla
struggle with unknown log sources and we've had so... [Full Review]
We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data
source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we
search the SIEM. I've heard that in a future release, it may come to a point where the Windows systems would be dedicated log
Robert Cato sources, so you can choose just that log source. That would greatly improve our ability to threat hunt with our SIEM. [Full
Review]
When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a
response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody,
and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away. [Full
Joseph W. Review]
So far, it's pretty robust, and yet, we look for more improvements. On a day-to-day basis, maybe we could look for more
improvements with automation, however, so far, it's good. In terms of blind spots, we are looking for more improvements since
we don't have visibility over everything. Right now, we just use LogRhythm for our on-prem solution, not our cloud solution. We
Dylan could definitely use more improvements with that in the next product. Ingesting logs into the web console user interface and
Haddad
probably updating the threat intelligence database are t... [Full Review]
© 2023 PeerSpot
26
LogRhythm SIEM Continued from previous page
One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the
MDI. We've waited a couple of years on some sources before they were incorporated. Writing our own custom MDIs is very
challenging because it requires expert-level regex in order to write those rules and to make them efficient. Bringing in sources
Kevin that aren't natively understood is where we've struggled the most. [Full Review]
Merolla
The license model is similar to other SIEM solutions that we looked at, which is a log volume pricing model. That pricing model
works well, especially being able to filter the logs and get less important logs in so we have the ability and the headroom to put
in other log sources. [Full Review]
Robert Cato
We're on a perpetual license, but they're trying to move us to a subscription-based license. We've been with them for so long,
and we'd like to keep it the way it is rather than switch to a subscription-based license. [Full Review]
Joseph W.
I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees. The customers commonly want
to know what is the price for the service in different bands. So we work on a banded price model, and it is something that is
complicated. We include the UEBA, which is sized and quoted in terms of the number of users and entities. So we need to
Alejandro make a price banded model for the SIEM and a price banded model for the UEBA. We need two of them and they are related.
Gonzalez
If you increase the number of users, you are increasing the co... [Full Review]
LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the
customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm. The price is in
USD. For that reason, when we convert from USD to our currency, the pricing seems quite high. Everything is included. We get
Sadat the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as
Mohammad
Rifat well. We get everything in one package. [Full Review]
© 2023 PeerSpot
27
Securonix Next-Gen SIEM See 15 reviews >>
Overview
Securonix Security Analytics SNYPR is a next-generation security analytics platform that transforms big data into actionable
security intelligence, enabling you to take care of so much more than simply your SIEM (security information and event
management) needs. In addition, it contains all of the tools that you may need to enable your organization to successfully
handle both log management as well as UEBA (user and entity behavior analytics)-related tasks. The SNYPR management
platform gives users the ability to combine security orchestration, automation, and response, security information and event
management, network traffic analysis, and user and entity behavior analytics. This single technical environment does away
with your need for m... [Read More]
SAMPLE CUSTOMERS
Dtex Systems
Pfizer
Western Union
Harris
ITG
TOP COMPARISONS
Splunk Enterprise Security vs. Securonix Next-Gen SIEM … Compared 20% of the time [See comparison]
Exabeam Fusion SIEM vs. Securonix Next-Gen SIEM … Compared 15% of the time [See comparison]
IBM Security QRadar vs. Securonix Next-Gen SIEM … Compared 10% of the time [See comparison]
TOP INDUSTRIES COMPANY SIZE

Computer Software Company … 18% 1-200 Employees … 24%
Financial Services Firm … 12% 201-1000 Employees … 16%
Manufacturing Company … 6% 1001+ Employees … 60%
Comms Service Provider … 6%
COMPANY SIZE
1-200 Employees … 23%
201-1000 Employees … 14%
1001+ Employees … 63%
© 2023 PeerSpot
28
Securonix Next-Gen SIEM Continued from previous page
It is user-friendly. Its user interface is better than the other tools. I like the playbook integration. In the beginning, we had a few
hiccups because the tool was developing, but after that, the threat intelligence tool that we integrated got more accurate and
better. The whitelisting and blacklisting of IPs, domains, or users were also working. Risk scoring was nice. We could exactly
Shivani see which user had the highest risk score, and then we could pick it up and work on it. Securonix accommodates customer
Meda
requests in the upcoming versions very well. ... [Full Review]
Features, like Spotter, are the most valuable. Spotter is a wide range of research for any of the incidents that happened under
my clients' data. They also have a feature that separates violations according to top violators. So, I can go in and see all the use
cases that got preserved under them. It is an intensive search type of thing. You can just keep digging in. There are other
Haris Katlia policies attached to it. There are some remediation steps and recommendations attached to it. Securonix’s analytics-driven
approach for helping to find sophisticated thre... [Full Review]
The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has
improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM
solutions. This was one of the reasons we decided to try or move to Securonix. Other products generated thousands of events,
Ibrahim and a lot of them were false positives, which made it difficult for us to handle all the events. For example, we were monitoring a
Albalawi
firewall internally, and that firewall generated about fiv... [Full Review]
For optimization and data analysis, it has a good evaluation engine for repeat offenders and that has helped us to detect, on
time, what other basic SIEMs did not detect. Those other solutions needed more time to detect at that same level. We can
customize our use cases with the tools provided by Securonix. It is an excellent tool that can ingest data in different ways and
Jeanpierre is very flexible. [Full Review]
Soto
Salvatierra
When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were
times when we had to reach out and get a lot of things validated. [Full Review]
Shivani
Meda
The monitoring, analysis, and visualization of data that Securonix provides is good. However, there are some things that I
would love Securonix to change. For example, they don't allow us to make changes on the graphical reports that they have
integrated into the platform. We have to create our own. If we just want to take out one thing, our page should allow us to
Haris Katlia change that template just for our platform. I'm not talking about changing others' platforms; this is just for my platform. They
should allow me to make changes according to my scalabilit... [Full Review]
The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has
a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much
experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have
Ibrahim been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a
Albalawi
delay of 10 to 15 seconds in opening tab... [Full Review]
© 2023 PeerSpot
29
Securonix Next-Gen SIEM Continued from previous page
Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence databases that they
use. The idea is that they share what threats they are detecting. [Full Review]
Jeanpierre
Soto
Salvatierra
I had heard that it was much cheaper than Splunk and some of the other tools, and they gave us a nice package with support.
They accommodated the number of users and support very well. [Full Review]
Shivani
Meda
Compared to the pricing of other products, Securonix's pricing is pretty good. Clients can get half of the price of other
companies by going with Securonix. Other products, like IBM and Splunk, have pretty high pricing. Nowadays, we see
CrowdStrike as up and coming, and they are pretty expensive. Pricing does depend on what model you are looking for, e.g.,
Haris Katlia are you going for an MSP or single tenant? [Full Review]
Its price is fine. We found it to be cheaper than LogRhythm, Exabeam, Splunk, as well as Elastic Security. A few months ago,
when we were comparing Securonix with Elastic Security, we found Securonix to be cheaper than Elasticsearch. We were
pretty surprised that Elastic Security is more expensive than Securonix because Elasticsearch is just starting, and it cannot
Ibrahim compete with Securonix at this time. So, the pricing of Securonix is pretty good for now. [Full Review]
Albalawi
The pricing is fine compared to the market but I think that at some point the competitors will catch up on price. It would be
good if, for example, there were an option to offer customers who have used the solution for more than a year some kind of
additional trial or service. There is no cost outside of the standard licensing fee, other than an initial installation service charge.
Jeanpierre Otherwise, there is simply a monthly cost for the service. [Full Review]
Soto
Salvatierra
© 2023 PeerSpot
30
Devo See 11 reviews >>
Overview
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower
bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility,
high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as
enterprises accelerate their shift to the cloud.
SAMPLE CUSTOMERS
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain
Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American
Express Global Business Travel
TOP COMPARISONS
Splunk Enterprise Security vs. Devo … Compared 41% of the time [See comparison]
LogRhythm SIEM vs. Devo … Compared 9% of the time [See comparison]
Elastic Security vs. Devo … Compared 9% of the time [See comparison]

Government … 10% Insurance Company … 11%
Financial Services Firm … 10% Recreational Facilities/Services Company … 11%
Comms Service Provider … 8% Recruiting/Hr Firm … 11%

© 2023 PeerSpot
31
Devo Continued from previous page
The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing
security analysis, you don't want to be sitting around waiting to get data back while an attacker is sitting on a network, actively
attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot
Jordan and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting
Mauriello
around just waiting to get my first res... [Full Review]
We really use the core feature, which is log management. We bring in and ingest all of the different log sources for our
customers and then run our TTPs (Tactics, Techniques, and Procedures) against these for threat detection. I find the true multi-
tenancy to be very valuable. We are able to put all of our detection rules onto our master tenant, and then run those to our sub-
Kevin Golas tenants when we're looking for all of the detections and alerts. It's essentially the core capability with the kind of vertical app
for all of our TTPs that run across our diffe... [Full Review]
It provides multi-tenant, cloud-native architecture. Both of those were important aspects for us. A cloud-native solution was not
something that was negotiable. We wanted a cloud-native solution. The multi-tenant aspect was not a requirement for us, as
long as it allowed us to do things the way we want to do them. We are a global company though, and we need to be able to
Sudha segregate data by segments, by use cases, and by geographical areas, for data residency and the like. Usability-wise, Devo is
Maheshwari
much better than what we had before and is well-positio... [Full Review]
Devo’s UI, high-speed search, and analytic capabilities. The UI ease of use for analysts is very good. We love it. The UI really
gives you two ways to work with the data. First, the UI lets junior analysts work through and understand the data. They can
interact with the data, perform all kinds of built-in enrichments and/or functions using the intuitive, user-friendly UI. Second,
Gabe every UI interaction builds the actual query syntax being used along the way. Devo’s query code editor gets updated with the
Martinez
query that the user is building via the UI. Onc... [Full Review]
There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its
ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally,
the time that it takes to turn around a supported parser for customers and common log source types, which are generally
Jordan accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for
Mauriello
us on multiple fronts. I would like to see De... [Full Review]
We only use the core functionality and one of the reasons for this is that their security operation center needs improvement. It's
great for folks that don't really understand advanced detections but for people like us, and other businesses out there that
have advanced detections, that becomes problematic and we don't use it. The detection capabilities and their vertical app
Kevin Golas capability should be enhanced. [Full Review]
One major area for improvement for Devo, and people know about it, is to provide more capabilities around pre-built
monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just
onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring
Sudha their systems. Such applications would include dashboards and alerts, and then people could customize them for their own
Maheshwari
needs so that they aren't starting from a blank slate. That is defini... [Full Review]
© 2023 PeerSpot
32
Devo Continued from previous page
Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s
name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms
to allow 3rd-party tools to query data by their API, which is great. However, a lot of folks like or want a reporting engine, per se,
Gabe and Devo simply doesn't have that. This may or may not be by design. I say this because I’ve seen many, many times where a
Martinez
customer states that they absolutely need to have a r... [Full Review]
Based on adaptations that they have made, where they are essentially charging for metadata around events that we collect
now, that extra charge makes up any difference in price savings between Splunk or Azure Sentinel and them. Before, the cost
was just the data itself, but they have adjusted it now where they even charge if we parse the data and add in names for a field
Jordan that comes in. For example, we get a username. If you go to log into Windows, and it says, "That username tried to log in."
Mauriello
Then, it labels the username with your name. They will ch... [Full Review]
The pricing is very straightforward and they charge per gigabyte. There are no "gotchas" when it comes to pricing. There's no
re-ingestion or exfiltration of it. With respect to retention, it's what you need it to be. They can scale up and scale down and
everything is pretty straightforward. Pricewise, I can't think of any things that I wish I would've known ahead of time. Pricing is
Kevin Golas based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big
deal as long as the average is what you ... [Full Review]
Devo was very cost-competitive. We understood that the cost came without the monitoring of content, right out-of-the-box, but
we knew they were pointed in that direction. Devo's pricing model, only charging for ingestion, is how most products are
licensed. That wasn't different from other products that we were looking at. But Devo did come with that 400 days of hot data,
Sudha and that was not the case with other products. While that aspect was not a requirement for us, it was a nice-to-have. [Full
Maheshwari
Review]
I like the pricing very much. They keep it simple. It is a single price based on data ingest, and they do it on an average. If you
get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that. Additionally,
that one price is all-inclusive. As a partner, I appreciate that as I am able to resell that easily. I just need to know your volume
Gabe per day and I can price it out. And with that you get 400 days of storage, the management full capability, all the analysis,
Martinez
additional applications, with no... [Full Review]
© 2023 PeerSpot
33
USM Anywhere See 12 reviews >>
Overview
USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations,
helping you to detect threats virtually anywhere.
Discover
Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery
Analyze
SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events
Detect
Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)
Respond...
SAMPLE CUSTOMERS
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach,
McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct,
Taylor Morrison, Vonage and Zoom
TOP COMPARISONS
Splunk Enterprise Security vs. USM Anywhere … Compared 23% of the time [See comparison]
LogRhythm SIEM vs. USM Anywhere … Compared 11% of the time [See comparison]
IBM Security QRadar vs. USM Anywhere … Compared 9% of the time [See comparison]

© 2023 PeerSpot
34
Government … 9% Healthcare Company … 16%
© 2023 PeerSpot
35
USM Anywhere Continued from previous page
I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you
insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the
computers and other systems by keeping them patched. [Full Review]
Matt Carter
AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the
overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small
company that doesn't have those resources. [Full Review]
Daniel
Oppenheim
er
The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution.
So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment
scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable. The setup of AlienVault is
Dr. Sushan extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time. The integration of
Banerjee
servers and other devices is extremely... [Full Review]
Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools
because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a
connector for the solution that is providing the logs. We've seen a lot of improvement in the product over the years. Their
Charles threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in
Golliday
NES and asset management tools, bu... [Full Review]
I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very
specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers
need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more
Matt Carter compliance management capability because if they broadened it, it would be a much more attractive product. They have a lot
of integrations, which is good, but the quality of integrations seems t... [Full Review]
I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side.
You have to submit a ticket then AT&T creates and updates the plugins. We often have application logs that are unique to us,
so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-
Daniel service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs.
Oppenheim
er [Full Review]
Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For
the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They
can provide a bundle in which AlienVault has the threat intelligence background of other premium products. [Full Review]
Dr. Sushan
Banerjee
© 2023 PeerSpot
36
USM Anywhere Continued from previous page
I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my
engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before.
Those tools could be improved because AlienVault is a SIEM, and it added all these other features. Are they proficient in every
Charles one of those areas? Are they proficient in asset management? Is their tool good enough to be your company's vulnerability
Golliday
scanner? Is it good enough to be your asset manager? Is it... [Full Review]
I don't recall exactly what their prices are, but they are a little more expensive than Microsoft. It really depends on what
features in Microsoft you may already be using. If, for example, you're a company that has Microsoft's Defender for Endpoint
and Defender for Identity, or basically any of their Defender Suite applications, you might already be paying a certain amount
Matt Carter every month or every year for those features that the Microsoft Sentinel solution brings under one umbrella. AlienVault also
has additional fees for extra storage in the cloud. [Full Review]
When compared to other solutions such as Splunk, LogRhythm, and IBM Security QRadar, AT&T AlienVault USM is a
reasonably priced option that is also relatively inexpensive. [Full Review]
Subramania
m
Lakshminara
yanan
It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good
platform for a SIEM solution. Everything is included in the price. [Full Review]
Dr. Sushan
Banerjee
You might have to pay an additional fee to increase the number of sensors. We have five sensors, but other clients have three.
I think you need to pay more to extend to four or five. [Full Review]
Gerald
Mbewa
© 2023 PeerSpot
37
Fortinet FortiSIEM See 28 reviews >>
Overview
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and
compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
Threat management and intelligence that provide situational awareness and anomaly detection
Alleviating compliance mandate concerns for PCI, HIPAA and SOX
Managing “alert overload”
Handling the “too many tools” reporting issue
Addressing the MSPs/MSSPs pain of meeting service level agreements
SAMPLE CUSTOMERS
FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare,
and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and
Referentia.
TOP COMPARISONS
Splunk Enterprise Security vs. Fortinet FortiSIEM … Compared 21% of the time [See comparison]
IBM Security QRadar vs. Fortinet FortiSIEM … Compared 8% of the time [See comparison]
USM Anywhere vs. Fortinet FortiSIEM … Compared 8% of the time [See comparison]

Comms Service Provider … 10% Comms Service Provider … 13%
Government … 9% Financial Services Firm … 10%
Manufacturing Company … 6% Media Company … 10%

© 2023 PeerSpot
38
Fortinet FortiSIEM Continued from previous page
FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover
new threats from the outside such as external exploits, brute-force, or password tries. [Full Review]
Marcelo
Canedo
Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner
with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall
solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated. We like the integration of all of these
Babar Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers. There's a
Shahbaz
VR feature that is basically se... [Full Review]
Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different
clients at the same time. That was handled flawlessly. [Full Review]
Abdul-
Mumin
Iddrisu
We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash
changes. These features are important for us. [Full Review]
Anand
Kailuke
Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire. The
out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source
that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be
Robert better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the
Eveleigh
solution will have gaps. Out of the box, t... [Full Review]
The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts
that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated
process and takes time. In future releases, I would like to see a resource for common environments like VMware and
Marcelo VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation. [Full Review]
Canedo
FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for
Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to
become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take
Babar them seriously in the SIEM space. [Full Review]
Shahbaz
© 2023 PeerSpot
39
Fortinet FortiSIEM Continued from previous page
The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to
get used to. Additionally, sometimes the scrolling does not work. [Full Review]
Abdul-
Mumin
Iddrisu
This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is
based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are
going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and
Robert lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your
Eveleigh
costs are going to be as you scale the solution. This is wh... [Full Review]
Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual
environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put
them in your environment or in the cloud. Without the disk, you have to turn off the device. I would rate them a three out of five
Marcelo overall for pricing. [Full Review]
Canedo
The price of Fortinet FortiSIEM was reasonable compared to other solutions. There are many licenses required, such as the
MSSP, Agent, and device. For the number of devices that you are monitoring, you need licenses. The license you pay per your
usage. When you are onboarding more clients onto it, the license fee is for the usage. Additionally, there's the Windows Agent
Abdul- license that you need. If you use any Windows Agent, you receive a separate license charge. [Full Review]
Mumin
Iddrisu
You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many
sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. [Full
Review]
Alain Clovis
Bapfunya
© 2023 PeerSpot
40
Answers from the Community
What is the difference between SIEM and SOAR platforms?
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security?
If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are
differences between their capabilities, although they have a fair amount of commonalities. They both collect
data, but the quantity of data, type of data, and type of response is where they differ. As threats have advanced,
security professionals may be in need of both.That's where SOAR and SIEM come to the rescue, although there
has been some confusion as to the difference between the two. The two technologies have different
competencies, but can be combined to increase a security team's or SOC's effectiveness.
We've evaluated the differences of the best SIEM tools and top SOAR tools to clear up the differences between
each.
SIEM vs SOAR
In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts
as the remediation and response engine to those alerts.SIEM is the collection and aggregation of security data
sourced from integrated platforms logging event-related data - firewalls, network appliances, intrusion detection
and prevention systems, etc. - then correlates data across devices, categorizes, and analyzes incidents before
issuing alerts. The alerts are identified by using sophisticated analytical techniques and machine learning, which
require fine tuning. This leaves a lot of alerts for a security team or SOC to prioritize and remediate; a difficult,
time-consuming process. SOAR, on the other hand, is designed to help security teams automate the response
process by gathering alerts, managing cases, and responding to the endless alerts generated by SIEM. With
SOAR, security teams can integrate with security alerts and create adaptive, automated incident response
workflows. This gives SecOps the ability to prioritize threats and deliver faster results.
TLDR: SIEM: Security information management: Long-term storage as well as analysis and reporting of log data. Security event
manager: Real-time monitoring, correlation of events, notifications, and console views. SOAR: SIEM + Threat Intelligence (IoC's, AI, etc),
Vulnerability and Threat Management (Analysis, Reporting, Management views, Dashboards, real-time analysis) Automation and
Denis L orchestration for incident response (Something like "Ability to Block dst_ip that we get from for example proxy log, on our firewall).
It's not easy to understand the key differences when looking at SOAR vs. SIEM because they have many components in common.
Security information and event management (or SIEM) tools are a way to centrally collect pertinent log and event data from various
security, network, server, application and database sources. o be able to differentiate between normal and suspicious activities, the
Hasan SIEM tool needs regular upgrades and tuning, and this should be done by analysts and engineers. Once a SIEM is properly tuned,
Zuberi ( HZ
) responding to the alerts generated by a SIEM still remains a manual process. Each alert must be reviewed and investigated by an
analyst to determine if the event is a false positive, or an actual incident that warrants further investigation and remediation. During an
actual incident, the investigation and remediation activities will also be a manual process. The SOAR terminology (adopted by Gartner)
is an approach to security operations...
© 2023 PeerSpot SIEM involves in collection, correlation and aggregation of security logs and data from the various log sources integrated into the SIEM
To read more reviews solution.
about Security
The Information
log sources and Event Management
- Servers, (SIEM), please
Network devices, visit: IDS and IPS, WAF, etc. This correlation is achieved and analysis is
Firewalls,
41
© 2023 PeerSpot carried out either by the analyst monitoring the SIEM solution or automation is involved and the analyst receives alerts from the said
To read more reviews SIEM
about solution.
Security Information and Event
On the other hand,Management
SOAR helps(SIEM),
in theplease visit:
automation of response to alerts generated and received from the SIEM solution
42
© 2023 PeerSpot and all other integrated platforms in the environment. This helps the analyst in the prioritization of threats and incidents and reduces
To read more reviews the
about Security
total time Information andtoEvent
of detection Management
the time (SIEM), please visit:
of recovery.
43
See all 9 answers >>
© 2023 PeerSpot
44
What are the pros and cons of internal SOC vs SOC-as-a-Service?
Hi,
When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of
each?
Hello, Below there are views on the pros and cons of Internal SOC and SOC-as-a-Service. Pros and cons of outsourced SOC:
Outsourcing pros Trained personnel. The MSSP has experienced personnel immediately available, saving the organization the time
and expense of hiring and training the dedicated people needed to do the analysis. Infrastructure. The MSSP also already has the
Shibu facilities and tools required to do the job, saving more time and the upfront expense of building out an internal SOC. Continuous threat
Babuchand
ran monitoring. MSSPs should provide SIEM capabilities that filter false alerts so forensics are only conducted on legitimate threats. This
type of proactive, continuous threat hunting and monitoring may be difficult for a company's cybersecurity team to conduct on its own.
Intelligent analysis. Outsourcing cybersecurity operations can provide security analysis capabilities while an organization builds its own
in-house SOC. Outsourcing cons How much analysis...
Evgeny I think, SOC on-premise means a huge investment (=monthly payment) because of the people you need to operate your SOC.
Pro: it's the total control of your SOC and logs but using the logs in a SOC-as-a-Service does not mean that they use your information.
It's just the logs and I think you don't compromise your sensitive info. Have a nice day. Manuel
Manuel
Gellida
This is a truly good and difficult question. If we could have MSSP that is reliable and offers good services at a reasonable price this will
be Pros for SOC-as-a-Service, for most of the companies. Otherwise, CONS for having your own SOC are huge: CAPEX + OPEX (Yearly
upgrades and licenses, expenses for having experts for security in-house, ...) PROS for own SOC, In-house knowledge and strategy.
Ljubomir
Djuric
© 2023 PeerSpot
45
Are you aware of SIEM platforms that integrate both Active Directory auditing and security
monitoring tools?
Hi, community!
Usually, when professionals administer the network, they use an Active Directory tool and a cybersecurity
solution (e.g., EPP, anti-virus, or SIEM) separately.
Are you aware of SIEM platforms that integrate these tools?
I agree with the users who mentioned Splunk. Splunk is a log message management platform, and they have an application called
Splunk Enterprise Security. It can ingest AD, anti virus, door control systems, VPN gateways, etc, etc via the log messages they
generate, and has logic to correlate events (ie log messages). I am sure there are other products but Splunk is what I am familiar with.
Avraham
Sonenthal
Hi @Giusel, I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a
platform, it's natural to push forward to SOC and SOAR. Don't forget to use the ingested data for several additional use cases in ITOps
and other purposes to better up the ROI of the investment in Splunk. Recently, we combined Tanium and Splunk as the best suite
Norman approach, it's very promising for bigger companies or if you go for an MSSP. At one customer we connected several Point of Sales
Freitag
systems in an ITOps Usecase and several additional use cases for sales and marketing dropped out. Hope this helps a little. Best
Regards, Norman
Hi @Giusel, With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC. This makes it necessary to
have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many
other platforms. Also, it depends on what you want to achieve; -You can integrate many SIEM platforms with AD so that users can
Robert authenticate into SIEM using credentials from AD (external source). -To monitor the behavior of AD users in order to identify malicious
Cheruiyot
activity. Thanks
© 2023 PeerSpot
46
About this report

This report is comprised of a list of enterprise level Security Information and Event Management (SIEM) vendors. We have also included
several real user reviews posted on peerspot.com. The reviewers of these products have been validated as real users based on their
LinkedIn profiles to ensure that they provide reliable opinions and not those of product vendors.
About PeerSpot
The Internet has completely changed the way we make buying decisions. We now use ratings and review sites to see what other real users
think before we buy electronics, book a hotel, visit a doctor or choose a restaurant. But in the world of enterprise technology, most of the
information online and in your inbox comes from vendors but what you really want is objective information from other users.
We created PeerSpot to provide technology professionals like you with a community platform to share information about enterprise software,
applications, hardware and services.
We commit to offering user-contributed information that is valuable, objective and relevant. We protect your privacy by providing an
environment where you can post anonymously and freely express your views. As a result, the community becomes a valuable resource,
ensuring you get access to the right information and connect to the right people, whenever you need it.
PeerSpot helps tech professionals by providing:
• A list of enterprise level Security Information and Event Management (SIEM) vendors
• A sample of real user reviews from tech professionals
• Speciﬁc information to help you choose the best vendor for your needs
Use PeerSpot to:
• Read and post reviews of vendors and products

• Request or share information about functionality, quality, and pricing
• Contact real users with relevant product experience
• Get immediate answers to questions
• Validate vendor claims
• Exchange tips for getting the best deals with vendors
PeerSpot
244 5th Avenue, Suite R-230 • New York, NY 10001
www.peerspot.com
reports@peerspot.com
+1 646.328.1944
© 2023 PeerSpot
47

Security Information and Event Management (SIEM) Report From PeerSpot 2023-07-29 16qn

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Information and Event Management (SIEM) Report From PeerSpot 2023-07-29 16qn

Uploaded by

Copyright:

Available Formats

Security Information and Event

Buyer's Guide &

Get a custom version of this report...personalized for you!

Get your personalized report here.

Top Vendors 6-8

Top Solutions by Ranking Factor 9

Splunk Enterprise Security 13 - 15

IBM Security QRadar 16 - 18

Securonix Next-Gen SIEM 28 - 30

Answers From the Community 41 - 46

About This Report and PeerSpot 47

Amazon AWS Security Hub LogRhythm LogRhythm SIEM

Anvilogic Anvilogic Logsign Logsign Next-Gen SIEM

AT&T USM Anywhere Logz.io Logz.io

AT&T AlienVault OSSIM ManageEngine ManageEngine Log360

BlackBerry Blackberry Alert ManageEngine ManageEngine EventLog Analyzer

BlackBerry Blackberry AtHoc Masergy Masergy

BlackStratus SIEMStorm Microsoft Microsoft Sentinel

Blumira Blumira MixMode MixMode

Check Point SmartEvent Event Management NETMONASTERY DNIF HYPERCLOUD

ConnectWise ConnectWise SIEM Netsurion Netsurion

Coralogix Coralogix NetWitness NetWitness Platform

Devo Devo NNT NNT Log Tracker Enterprise

Elastic Elastic Security OpenText ArcSight Enterprise Security Manager

Graylog Graylog Security Oracle Oracle Security Monitoring and Analytics

Sumo Logic Sumo Logic Security TIBCO LogLogic

SurfWatch Labs SurfWatch Labs SurfWatch Trellix Trellix ESM

TEHTRIS TEHTRIS SIEM Trellix Trellix Helix

VenusTech Venusense USM

Top Security Information and Event Management (SIEM) Solutions

Views Comparisons Reviews Words/Review Average Rating

2 Splunk Enterprise Security

7 Securonix Next-Gen SIEM

Top Solutions by Ranking Factor

1 Microsoft Sentinel 34,829

2 Splunk Enterprise Security 32,443

3 IBM Security QRadar 25,899

5 Elastic Security 17,544

1 IBM Security QRadar 54

3 Splunk Enterprise Security 44

5 ArcSight Enterprise Security Manager 24

3 Microsoft Sentinel 1,462

4 Securonix Next-Gen SIEM 1,171

5 RSA enVision 955

Microsoft Sentinel See 54 reviews >>

REVIEWERS * VISITORS READING REVIEWS *

TOP INDUSTRIES TOP INDUSTRIES

COMPANY SIZE COMPANY SIZE

Microsoft Sentinel Continued from previous page

Top Reviews by Topic

VALUABLE FEATURES See more Valuable Features >>

ROOM FOR IMPROVEMENT See more Room For Improvement >>

Microsoft Sentinel Continued from previous page

Splunk Enterprise Security See 56 reviews >>

Full visibility across your environment

REVIEWERS * VISITORS READING REVIEWS *

TOP INDUSTRIES TOP INDUSTRIES

COMPANY SIZE COMPANY SIZE

Splunk Enterprise Security Continued from previous page

Top Reviews by Topic

VALUABLE FEATURES See more Valuable Features >>

ROOM FOR IMPROVEMENT See more Room For Improvement >>

Splunk Enterprise Security Continued from previous page