Readers vote on the best SIEM products in 2012: Security information and event management software, appliances and managed services for SMB and enterprise security monitoring, compliance and reporting.
In this part:
Gold: SolarWinds Log & Event Manager, SolarWindsThe acquisition of TriGeo in 2011 added an award-winning security management tool to SolarWinds' product portfolio. The Austin-based technology vendor makes its gold-winning debut in the Readers' Choice awards with accolades for Log and Event Manager. SolarWinds Log and Event Manager offers log collection, analysis and real-time correlation in a virtual appliance.
According to SolarWinds, Log and Event Manager offers advanced search capabilities over other SIEMs. Users can search a range of data using visual search tools, including word clouds, tree maps, bubble charts and histograms. By searching a range of data, from high-level events to detailed log data, users can quickly perform forensic analysis. The security software also features USB Defender Technology, which is designed to eliminate endpoint data loss and protect sensitive data.
Readers particularly liked Log and Event Manager's integration and compatibility with existing systems, devices and applications. The software also received high scores for ease of installation, configuration and administration, vendor service and support, and return on investment. Readers consistently reported that SolarWinds Log and Event Manager is a solid product that performs basic functionality like reporting and equipment status well, in addition to providing advanced features like the USB Defender.
Expert's Market Reflection: "Early log management products evolved into SIEM as their scope was extended to include a broader range of events across a wide range of IT devices from the data center, across the network to the desktop….More recently some of the vendors have souped up their products to enable them to act on data in real time." --Bob Tarzey, analyst and director, Quocirca
Silver: McAfee Security and Information Event Management, McAfee
Readers awarded the silver to McAfee Security and Information Event Management, ranking it high in several areas, including the effectiveness of its management interface in visualizing status and implementing policy. The product also received high scores for its integration and compatibility with existing systems, devices and applications.
McAfee Security and Information Event Management is designed to provide security intelligence, rapid incident response, seamless log management and extensible compliance reporting. The core of the SIEM is Enterprise Security Manager, which consolidates, correlates and prioritizes security events from third-party and McAfee products.
Bronze: ArcSight Enterprise Security Manager (ESM), HP
HP ArcSight Enterprise Security Manager took home the bronze, with strong scores for integration and compatibility with existing systems, devices and applications, granular and flexible policy definition, and event correlation.
HP ArcSight ESM analyzes and correlates logins, logoffs, file access, database query, and other events to provide support for compliance activities, risk management, and security intelligence and operations. The ArcSight ESM event log monitor correlates and prioritize millions of log records and presents them in real time via dashboards, notifications, and reports.