Many enterprises have deployed some form of security information and event management (SIEM) to collect log and audit data across their architecture to meet compliance requirements and protect their systems against threats and data breaches. However, organizations still struggle with configuration issues and a lack of security staff to take advantage of the information that SIEM offers to mature security programs.
Advanced SIEM products integrate threat intelligence and have functionality that enables security teams to correlate threat data and contextual information on users, systems and assets, against vulnerabilities. Newer systems offer enhanced data collection and risk analysis and prioritization techniques to improve continuous monitoring of network security events and user activities.
The contenders in this year's Readers' Choice Awards have continued to evolve their SIEM appliances with many of these advanced features. Two products reached the top of the leaderboard, earning Readers' Choice Awards for one newcomer and a longtime SIEM favorite.
Winner: Security Intelligence Platform, LogRhythm Inc.
LogRhythm's Security Intelligence Platform, dubbed SIEM 2.0, received high marks from readers across the board. The SIEM product offers a range of options, starting with a single appliance for event management and log data collection for organizations with limited resources, all the way to widespread network deployments with high performance analytics based on file integrity monitoring and machine analytics technology.
The product enables organizations to collect log, event, application, vulnerability, and machine data and then process and analyze that information using forensics for deeper visibility to detect anomalies or compliance policy violations on network or host-based systems. Our readers applauded LogRhythm's integration and compatibility with their existing systems, applications and devices. The product also received high scores for its ability to map information to security policies and enable granular and flexible policy definitions. LogRhythm's service and support behind the Security Intelligence Platform is also commendable, according to survey respondents.
Earlier this year LogRhythm indicated its plans to enhance the threat intelligence capabilities of its Security Intelligence Platform through partnerships. In August the company announced a Threat Intelligence Analytics Suite along with integration support from threat intelligence providers CrowdStrike, Norse, Symantec, ThreatStream and Webroot.
Winner: McAfee Enterprise Security Manager, McAfee/Intel
McAfee's Enterprise Security Manager (ESM) line of SIEM appliances received the nod for best product from readers again this year. Readers ranked McAfee's SIEM product in the top three in 2013 and 2012. ESM (formerly NitroView) correlates and prioritizes security threats and events from network security devices and infrastructure using contextual information and data from McAfee's proprietary databases. The product integrates data from McAfee Global Threat Intelligence, McAfee Global Risk Advisor, McAfee Vulnerability Manager and McAfee ePolicy Orchestrator.
The ESM series offers high-level analytics and integrates with McAfee Network Threat Behavior Analysis. A McAfee ESM Application Data Monitor provides network packet-level inspection to monitor data and data access. McAfee also offers an ESM Event Reporter for building reports based on event and audit information from all of the McAfee network technologies. ESM provides PCI-DSS, HIPAA, FISMA and SOX compliance reporting tools.
High marks this year went to McAfee ESM's event correlation, data archiving, and granular and flexible policy definition. Readers also lauded the SIEM's integration and compatibility with existing systems, devices and applications—always a key factor when considering SIEM technology. That's not to say there weren't some dings among the reader comments. One reader, for example, called out McAfee's support as "hit or miss." On the whole, though, ratings for McAfee's support were somewhat higher than the rest of the field.
Send comments on this article to firstname.lastname@example.org.
Which SIEM works best in an outsourced environment?
Find out how to use SIEM to identify unauthorized access attempts.