Best of security information and event management 2013

Kathleen Richards, features editor

Gold: Splunk Enterprise, Splunk Inc.

Splunk's flagship SIEM system, a security tool for machine-generated big data, received top scores across the board. Splunk Enterprise collects machine-generated data to provide threat detection, log management and analytics through its Splunk App for Enterprise Security software, which includes pre-defined templates, dashboards and reporting tools. Splunk indexes ACSII text, using up to 150 commands, to offer statistical analysis and visualizations through its dashboards, which received high marks from readers.

The SIEM software also scored well in granular and flexible policy definition, data archiving and event correlation. Splunk received high marks for the technology's integration and compatibility with existing systems, devices and applications. The system does not natively handle binary data but Hadoop and other converters are available.

Overall, readers were pleased with their return on investment, as well as the vendor support and services. The latest version, Splunk Enterprise 5.0, adds report acceleration, PDF generation, parallel indexing and enhanced dashboard functionality. To use Splunk, security teams need to understand Unix shell scripting commands, SQL and have adequate documentation about their organization's data fields.

Expert market reflection on category dynamics:

"SIEM technologies vary widely in capabilities that are needed for threat detection and compliance reporting. To avoid deployment failures, evaluate how capabilities match to your requirements." 

-- Mark Nicolett, vice president, Gartner Research

Silver winner:  HP ArcSight Enterprise Security Manager (ESM), Hewlett-Packard Co. 

Readers gave the nod to HP ArcSight Enterprise Security Manager (ESM) again this year, with one commenting that the technology is "very helpful." In 2012, the security event manager won the bronze in this category.

HP ArcSight ESM received high marks for its integration and compatibility with existing systems, devices and applications. It also scored well for vendor support, data archiving, and its ability to map data to security policy and compliance regulations. The security event manager automates log collection and analyzes file access and database queries to help users prioritize security and compliance risks via dashboards, notifications and reports.

Bronze winner:  McAfee Security Information and Event Manager, McAfee, Inc. 

McAfee's Security Information and Event Manager received high marks from readers with endorsements ranging from "very good" to "100%." The SIEM appliance, which offers event collection and real-time monitoring, was also ranked in the top three in the Readers' Choice 2012 awards for this category.

The core of the SIEM is Enterprise Security Manager (formerly NitroView ESM), an engine that correlates and prioritizes security threats and events from third party and McAfee products, using a proprietary database. McAfee ESM offer PCI-DSS, HIPAA, FISMA and SOX compliance reporting tools, among others.

High marks this year went to its data archiving, ease of installation, configuring and administration, as well as integration with existing systems. One reader said," As with all SIEM solutions, planning is a must but the functionality of the McAfee product is amazing if you are willing to put some additional work into the planning and deployment."

View the next item in this Essential Guide: Best of unified threat management 2013 or view the full guide: Security Readers' Choice Awards 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: