Security Information and Event Management (SIEM) Software

Best Security Information and Event Management (SIEM) Software include:

Splunk Enterprise, AlienVault USM, and SolarWinds Security Event Manager (SEM).

Security Information and Event Management (SIEM) Software TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Security Information and Event Management (SIEM) Software Overview

What is Security Information and Event Management Software?

Security Information and Event Management (SIEM) Software is a category of security software concerned with collating log and event data. A SIEM allows security analysts to look at a more comprehensive view of security logs and events that would be possible by looking at the log files of individual, point security tools. SIEM tools allow security analysts to gather and analyze logs and events from operating systems, applications, servers, network and security devices, intrusion management systems, etc.

SIEM is a management layer sitting on top of existing systems and security controls that unifies data from these disparate systems. It allows these systems to be analyzed and cross-referenced from a single user interface.

SIEM tools have recently extended their capabilities to more frequently include analytics functions. These automated analytics run in the background to proactively identify possible security breaches within businesses’ systems. SIEM software providers are refining the balance between quickly identifying breaches and flooding IT administrators with false positives. As these analytics functions become more standard, some SIEM vendors are pairing the traditional log collection with threat detection and response automation.

SIEM Features & Capabilities

  • Centralized event and log data collation

  • Log data correlation

  • Event and log normalization

  • Deployment flexibility

  • Integration with identity and access management tools

  • Custom dashboards and views

  • Host and network-based intrusion detection

Type of Data Collected

SIEM software generally collects data as log files. Log management products were created many years ago to collect the large volumes of logs created by the various systems in a large enterprise data center. A large data center can produce terabytes of plain text log files. The volume is such that it is extremely difficult to consume the data.

SIEM systems are designed to correlate a subset of the most important data to highlight the most critical data. Unfortunately, the myriad operating systems and applications and servers all produce log files in a slightly different human-readable format, and these have to be normalized in machine-readable format that the SIEM can understand and parse.

One of the most difficult aspects of deriving value from a SIEM is the difficulty of tuning the system by balancing correlation rules that catch all possible attacks and do not produce too many false positives, which can be very difficult to manage.

Comparison

When comparing Security Information and Event Management tools, consider these factors:


  1. Support for existing security systems: Does each SIEM tool in question support log inputs from the business’s preexisting security and monitoring systems? Most SIEMs will advertise compatibility with hundreds of business systems, but few if any will support every tool available. Create a list of the systems the organization already uses that the SIEM tool will need to integrate with. Then match that list specifically against each product’s advertised support list.

  2. Data collation and formatting vs. log generation: Do the business’s systems generate their own logs for the SIEM to import, or does the tool need to do more of the lift in terms of taking and formatting the raw data output from systems? Understanding the business’s existing systems’ capabilities will help determine whether a viable SIEM has to include the ability to generate its own logs based on suboptimal data exports from systems that don’t generate logs on their own.

  3. Traditional SIEM vs. additional threat response: While many leading SIEM tools have added on various threat detection and response features, this functionality is not universal. Businesses should consider whether they need a specific point solution for log collation and management and use other tools for threat detection and response, or if there are benefits to the organization to combine these capabilities into one product.


Start a SIEM comparison

Pricing Information

Pricing for SIEM software can vary widely from about $5k to over $100k, depending largely on the quantity of events and logs being monitored. In addition to software expense, the total cost of ownership will include maintenance, professional services, hardware, personnel, and training.


Security Information and Event Management (SIEM) Products

(1-25 of 43) Sorted by Most Reviews

AlienVault USM
287 ratings
385 reviews
Top Rated
TRUE
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, inclu…
Splunk Enterprise
238 ratings
60 reviews
Top Rated
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
SolarWinds Security Event Manager (SEM)
62 ratings
30 reviews
Top Rated
TRUE
SolarWinds LEM is security information and event management (SIEM) software.
IBM QRadar
68 ratings
20 reviews
IBM Security QRadar is security information and event management (SIEM) Software.
LogRhythm NextGen SIEM Platform
29 ratings
18 reviews
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management …
Sumo Logic
29 ratings
11 reviews
Sumo Logic is a log management offering from the San Francisco based company of the same name.
McAfee Enterprise Security Manager
22 ratings
7 reviews
McAfee Enterprise Security Manager is security information and event management (SIEM) software, from McAfee / Intel Security.
AlienVault OSSIM
13 ratings
7 reviews
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset discov…
Arcsight Enterprise Security Manager (formerly HP Arcsight)
12 ratings
4 reviews
Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus.
RackFoundry Total Security Management
4 ratings
3 reviews
RackFoundry Total Security Management offers a complete firewall solution. It includes VPN, SIEM, automated vulnerability scanning and log management features scaled for SME’s.
SolarWinds Threat Monitor
1 rating
2 reviews
SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.
Elastic Security (Elastic SIEM + Elastic Agent, formerly Endgame)
2 ratings
1 review
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic …
FortiSIEM
4 ratings
1 review
Fortinet offers security information and event management via FortiSIEM, their product line featuring asset discovery and rapid assessment for location of threat and their remediation.
Azure Sentinel
2 ratings
1 review
Microsoft's Azure Sentinel is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructu…
RSA NetWitness Platform
2 ratings
1 review
RSA offers the NetWitness Evolved SIEM Platform, replacing the former enVision as RSA Security's flagship security information and event management software.
Splunk Enterprise Security
7 ratings
1 review
Splunk Enterprise Security is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Trustwave SIEM
3 ratings
1 review
Trustwave SIEM, as the name would suggest, is security information and event management (SIEM) software, from Chicago-based Trustwave.
ThetaRay
Israeli company ThetaRay offers security information and event management (SIEM) software.
Sqrrl
Sqrrl, from the Cambridge, Massachusetts based company of the same name, is a security information and event management platform (SIEM).
SurfWatch Labs
SurfWatch Labs in Sterling, Virginia offers a security information and event management (SIEM) platform.
AnchorPoint Integrated Threat Response
AnchorPoint’s Integrated Threat Response (ITR) service is a combination of advanced security tools, threat intelligence, and expert action. This service focuses on detection and response. The primary purpose of ITR is to decrease attacker dwell time in an organization’s network. According to the ve…
NNT Log Tracker Enterprise
New Net Technologies (NNT) offers a SEIM application: NNT Log Tracker Enterprise provides enterprise class security event and information management touted by the vendor as providing proactive protection against threats in a fully compliant manner.
Oracle Security Monitoring and Analytics
The Oracle Security Monitoring and Analytics (SMA) Cloud Service enables rapid detection, investigation and remediation of the broadest range of security threats across on-premises and cloud IT assets.

Frequently Asked Questions

What kinds of SIEM tools are there?

SIEM capabilities can be found in broader log management tools, unified security management platforms, or as standalone products for security information and event management and threat detection.

Who uses SIEM tools?

SIEM tools are used by network administrators and InfoSec specialists who are in charge of monitoring and responding to security threats the organization faces.

What’s the difference between SIEM and a log management system?

SIEM tools are specialized to handle logs from security-oriented systems, make them usable for security experts, and sometimes automatically trigger alerts and responses to security breaches.

What are the benefits of SIEM tools?

SIEM tools automate and centralize much of the security monitoring data across companies’ systems, particularly enterprises, saving administrators time and allowing for faster responses to threats.

How much do SIEM tools cost?

Pricing can vary depending on the scale and range of features offered. Costs can range from $5,000 to $100,000, scaling up with the number and quality of events monitored or logs processed.