This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
15. - SIEM: Read more in this section
- Best of security information and event management 2013
Explore other sections in this guide:
- 4. - Data loss prevention
- 5. - Email security
- 6. - Encryption
- 7. - Endpoint security
- 8. - Enterprise firewalls
- 9. - Identity and access management
- 10. - Intrusion detection and prevention
- 11. - Mobile data security
- 12. - Network access control
- 13. - Policy and risk management
- 14. - Remote access
- 16. - Unified threat management
- 17. - Vulnerability management
- 18. - Web application firewalls
- 19. - Web security
Gold: Splunk Enterprise, Splunk Inc.
Splunk's flagship SIEM system, a security tool for machine-generated big data, received top scores across the board. Splunk Enterprise collects machine-generated data to provide threat detection, log management and analytics through its Splunk App for Enterprise Security software, which includes pre-defined templates, dashboards and reporting tools. Splunk indexes ACSII text, using up to 150 commands, to offer statistical analysis and visualizations through its dashboards, which received high marks from readers.
The SIEM software also scored well in granular and flexible policy definition, data archiving and event correlation. Splunk received high marks for the technology's integration and compatibility with existing systems, devices and applications. The system does not natively handle binary data but Hadoop and other converters are available.
Overall, readers were pleased with their return on investment, as well as the vendor support and services. The latest version, Splunk Enterprise 5.0, adds report acceleration, PDF generation, parallel indexing and enhanced dashboard functionality. To use Splunk, security teams need to understand Unix shell scripting commands, SQL and have adequate documentation about their organization's data fields.
Expert market reflection on category dynamics:
"SIEM technologies vary widely in capabilities that are needed for threat detection and compliance reporting. To avoid deployment failures, evaluate how capabilities match to your requirements."
-- Mark Nicolett, vice president, Gartner Research
Silver winner: HP ArcSight Enterprise Security Manager (ESM), Hewlett-Packard Co.
Readers gave the nod to HP ArcSight Enterprise Security Manager (ESM) again this year, with one commenting that the technology is "very helpful." In 2012, the security event manager won the bronze in this category.
HP ArcSight ESM received high marks for its integration and compatibility with existing systems, devices and applications. It also scored well for vendor support, data archiving, and its ability to map data to security policy and compliance regulations. The security event manager automates log collection and analyzes file access and database queries to help users prioritize security and compliance risks via dashboards, notifications and reports.
Bronze winner: McAfee Security Information and Event Manager, McAfee, Inc.
McAfee's Security Information and Event Manager received high marks from readers with endorsements ranging from "very good" to "100%." The SIEM appliance, which offers event collection and real-time monitoring, was also ranked in the top three in the Readers' Choice 2012 awards for this category.
The core of the SIEM is Enterprise Security Manager (formerly NitroView ESM), an engine that correlates and prioritizes security threats and events from third party and McAfee products, using a proprietary database. McAfee ESM offer PCI-DSS, HIPAA, FISMA and SOX compliance reporting tools, among others.
High marks this year went to its data archiving, ease of installation, configuring and administration, as well as integration with existing systems. One reader said," As with all SIEM solutions, planning is a must but the functionality of the McAfee product is amazing if you are willing to put some additional work into the planning and deployment."