Best Security Information and Event Management Products 2011

Readers' Choice Awards 2011

Best SIM Products 2011

Security information and event management and log management software, appliances and managed services for SMB and enterprise security monitoring, compliance and reporting.

In this part:

RSA enVision

RSA, the Security Division of EMC
RSA enVision from RSA, the security division of EMC Corp., won top honors. The SIEM scored highly in several categories, particularly for its integration and compatibility with existing systems, devices and applications. Readers also like how the product correlates events and its granular and flexible policy definitions.

enVision provides real-time security alerts, monitoring and drill-down forensic functionality in order to provide security teams with visibility into threats across their physical, virtual and hybrid IT environments. The software is designed to turn raw log data into actionable security intelligence that helps companies streamline network security and compliance. Administrators can use it as a tool to gain visibility into end-user behavior and spot potential compliance violations.

This year, RSA added several features to enVision that help customers assign risk values to certain threats in order to refine the effectiveness of their security programs. New features include improved correlation rules, alerting capabilities, making more asset and vulnerability data available to security analysts and closed-loop integration with trouble ticketing systems. Other additions include an interface specifically for investigating security issues to make it easier for an analyst to evaluate events leading up to an incident and monitor problems.

Expert's market reflection:
“Powerful reporting tools are needed to keep up with regulatory requirements and to manage data effectively in order to demonstrate compliance, and identify potential problems. … SIEM tools are a key part of enabling all this, which explains why we’ve seen a consolidation of the market over the last few years with acquisitions of smaller SIEM vendors by larger IT infrastructure and IT security vendors.”
--Bob Tarzey, analyst and director of Quocirca Ltd

ArcSight ESM

Readers awarded the silver to HP’s ArcSight ESM, giving the product high marks for its integration and compatibility with existing systems, devices and applications. They also liked its granular and flexible policy definition and event correlation. ArcSight ESM analyzes and correlates every event, including login, file access and database queries, to provide a view into enterprise security risks and compliance violations. Its correlation engine sifts through millions of logs and alerts administrators to critical incidents through real-time dashboards or notifications. HP says ArcSight ESM is unique because it can model not only IP addresses/network zones, systems and devices but also users, employees, customers and partners.

Tripwire Log Center

Tripwire Log Center won the bronze with high scores from readers for its integration and compatibility with existing systems, devices and applications. Readers also liked its data archiving, granular and flexible policy definition and ability to map information to security policy or compliance regulations. Tripwire Log Center is designed to help organizations meet security and compliance requirements by detecting suspicious activity and storing the raw log data that’s required for compliance audits. It includes dashboards, notifications and alerts that allow administrators to take quick action on security events.