How the Top Eight SIEM Vendors Stack Up
Posted by
Ericka Chickowski
July 18, 2012
As enterprises struggle with the fire hose of data spewing from the multitude of security products embedded in their IT infrastructures these days, security information and event management (SIEM) continues to gain market relevance. InformationWeek Reports recently took a look at SIEM vendors and the trends affecting adoption of the tools in "IT Pro Ranking: SIEM."
Organizations are still struggling with the complexity of SIEM products, said Dean Francis, an enterprise architect at Fusion PPT and author of the report. Nevertheless, the challenges facing security professionals and the requirements laid out by compliance mandates drive enterprises on in their SIEM spend.
More Insights
Webcasts
- Proven Tips for High Volume Sending
- The principals of Information Governance for Big Data: What do you do when someone challenges your big data and analytics recommendations?
White Papers
- Remote Data Replication: Combat Disasters And Optimize Business Operations
- Storage Infrastructure as a Service The Best of Cloud and On-premises Storage
Reports
- Managing Mobile Security in Small And Midsize Businesses
- Research: Salaries for Higher Ed Get Low Marks
Because of the cost and complexity of SIEM deployments, these purchases aren't to be made lightly. And, according to Francis, they require significant "care and feeding" after initial installation. Dean surveyed a range of enterprises about their current vendors to see how their products and services stacked up. In terms of overall performance, IBM/Q1 Labs, Novell and HP ArcSight earned the top three slots for satisfaction. The rankings were established using 10 criteria, weighted by importance, with product reliability, performance, flexibility, operation cost and post-sales support making up the top five. When stacked up by feature performance only, with highest weight going to real-time analysis for alerts, automated log collection, search capabilities and root-cause analysis, the rankings came up nearly identically.
The report itself offers in-depth information on vendor results and performance indicators across the SIEM landscape, along with important intelligence about SIEM market trends. But for the sake of brevity, here's a quick look at some of the respondents' stats on vendor performance.
IBM/Q1 Labs:
Percentage of respondents using the product: 14%
Overall vendor performance (out of 100% possible score): 76%
Feature performance (out of 100% possible score): 84%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.9
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 4.3
Automated log collection (1-5 scale): 4.3
Support for up to 1,000s of events/sec. (1-5 scale): 4.3
Novell:*
Percentage of respondents using the product: 11%
Overall vendor performance (out of 100% possible score): 75%
Feature performance (out of 100% possible score): 81%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.8
Top Three Rated Features
Compliance reports (1-5 scale): 4.2
Automated log collection (1-5 scale): 4.2
Real-time analysis for alerts (1-5 scale): 4.1
*Novell's Sentinel SIEM is now owned by NetIQ.
HP/ArcSight:
Percentage of respondents using the product: 15%
Overall vendor performance (out of 100% possible score): 74%
Feature performance (out of 100% possible score): 77%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.8
Flexibility in meeting needs (1-5 scale): 3.8
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 4
Automated log collection (1-5 scale): 4
Event normalization (1-5 scale): 4
Quest Software:
Percentage of respondents using the product: 13%
Overall vendor performance (out of 100% possible score): 73%
Feature performance (out of 100% possible score): 76%
Top Three Vendor Performance Ratings
Product performance (1-5 scale): 3.9
Product reliability (1-5 scale): 3.9
Breadth of product line (1-5 scale): 3.7
Top Three Rated Features
Automated log collection (1-5 scale): 4
Compression for efficient log storage (1-5 scale): 3.9
Compliance reports (1-5 scale): 3.9
Symantec:
Percentage of respondents using the product: 45%
Overall vendor performance (out of 100% possible score): 73%
Feature performance (out of 100% possible score): 76%
Product reliability (1-5 scale): 3.9
Breadth of product line (1-5 scale): 3.8
Product performance (1-5 scale): 3.7
Top Three Rated Features
Secure log management (1-5 scale): 3.9
Automated log collection (1-5 scale): 3.9
Search capabilities (1-5 scale): 3.9
Splunk:
Percentage of respondents using the product: 15%
Overall vendor performance (out of 100% possible score): 72%
Feature performance (out of 100% possible score): 75%
Product reliability (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.8
Product performance (1-5 scale): 3.8
Top Three Rated Features
Automated log collection (1-5 scale): 4.3
Search capabilities (1-5 scale): 4.2
Compression for efficient log storage (1-5 scale): 3.9
NetIQ:
Percentage of respondents using the product: 13%
Overall vendor performance (out of 100% possible score): 69%
Feature performance (out of 100% possible score): 75%
Product reliability (1-5 scale): 3.7
Flexibility in meeting needs (1-5 scale): 3.6
Product performance (1-5 scale): 3.5
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 3.9
Secure log management (1-5 scale): 3.8
Compression for efficient log storage (1-5 scale): 3.8
Tripwire:
Percentage of respondents using the product: 10%
Overall vendor performance (out of 100% possible score): 68%
Feature performance (out of 100% possible score): 71%
Product performance (1-5 scale): 3.6
Product reliability (1-5 scale): 3.5
Operation cost (1-5 scale): 3.5
Top Three Rated Features
Root cause analysis of archived logs (1-5 scale): 3.7
Operational dashboard (1-5 scale): 3.7
Real-time analysis for alerts (1-5 scale): 3.6
