We just raised a $30M Series A: Read our story

Top 8 Security Information and Event Management (SIEM) Tools

SplunkIBM QRadarDevoRSA NetWitness Logs and Packets (RSA SIEM)Netsurion EventTrackerLogRhythm NextGen SIEMArcSight Enterprise Security Manager (ESM)Securonix Security Analytics
  1. leader badge
    The solution is very fast and succinct. The most valuable features are how stable and easy to use Splunk is.
  2. leader badge
    I have found IBM QRadar to be stable.The product has plenty of features and capabilities.
  3. Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
    552,027 professionals have used our research since 2012.
  4. Devo provides multi-tenant, cloud-native architecture. This is very important, especially for scale and costs. For managed service provider environments or multinational organizations who may have subsidiaries where you want to keep the data separate and not internal, it is purpose-built so it isolates the data. You can get access to sub-organizations, and the data doesn't mix. At the same time, it is leveraging the infrastructure in a smart way. That way, it scales.
  5. The newer 11.5 version that my team is using has found it to have good mapping.The solution is really scalable for the high-end power, enterprise customer.
  6. There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
  7. I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.The product is great for medium to large-scale organizations.
  8. report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    552,027 professionals have used our research since 2012.
  9. Very good real-time reporting with a good dashboard. We have been satisfied with the support.
  10. The solution is stable and scalable.There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.

Tips for choosing the right SIEM solution

As with any enterprise tech solution, it’s important to spend time doing your research and POC, so that you know that you’re spending on the right product. We sifted through some of our users’ answers to summarize some of the best tips.

  1. Define your goal

Before starting to evaluate solutions, It’s important to define what you want to accomplish with a SIEM. Marty Baron says, “Every SIEM has different strengths and weaknesses so you need to know what is most important to you in terms of goals, so you don’t waste time looking at something that can’t do the thing you need it to do.”

  1. Limit your options

As one of your users says, “Review a finite number of products, otherwise you’ll never finish”. Although it’s important to spend time doing due diligence, you need to get to the point of implementation. If you have too many options, it will take too long to make a decision. Users suggest making a shortlist of options that meet your technical requirements, speak to your goal, and match your budget

  1. Create a framework for your POC

Once you’ve narrowed down your options, it’s time to trial the shortlisted products. Users recommend putting a framework in place to guide the POC. This way, you can evaluate your options systematically.

One user, DAX Paulino, suggests “creat[ing] a checklist of features that you need, from the basic (i.e. interactive dashboards, ease of integration, Threat Intelligence), to the more advanced (i.e. Automated response, Behavior Analytics, etc.). Give each item on your checklist a score so that you can weigh in on each item as a measure of your decision. Don’t forget to factor in usability and support.”

Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
552,027 professionals have used our research since 2012.