Best Cybersecurity Practices: SIEM-Log Management

Gartner has a report on the Critical capabilities of Security Information and Event Management(SIEM) software by 13 companies.

Each company was analyzed on several characteristics

AccelOps, AlienVault, BlackStratus, EMC, EventTracker, HP (ArcSight), IBM Security QRadar, Intel Security, LogRythm, Micro Focus International (NetIQ), SolarWinds, Splunk, and Trustwave Holdings

Characteristics that were measured: Real-time monitoring, threat intelligence, behavior profiling, data and user monitoring, application monitoring, analytics, log management and reporting.

 

It Looks like LogRythm has the higher stats, but Splunk and IBM Security QRadar is also good being in the top3.

 

The biggest idea with this whole SIEM thing is an ability to poll all the log data from the devices on your network:

Routers, Switches, Servers,

450x270 ciscoports

OLYMPUS DIGITAL CAMERA

Serversincage

 

every network has many different devices… It would be nice if all of these devices could tell us their logs …

That is what an SIEM software system does, it connects all your network devices’ logs and allows a single place to check all of the security incidents from one place.

Here are the comments from the Gartner site

http://www.gartner.com/technology/reprints.do?id=1-2O8Q585&ct=150929&st=sb

 

Splunk:

Splunk Enterprise is widely deployed by IT operations organizations and application support teams for log management and analytics for availability-oriented use cases, contributing to the vendors’ high visibility on SIEM shortlists with their Splunk App for Enterprise Security.

It is a big step for a company to move into this kind of higher cost structure methodology, but it is the only way to bring all of the disparate devices together.

Contact Us to discuss this.

Gartnersiemcomparisons

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.