Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

How the Top Eight SIEM Vendors Stack Up

As enterprises struggle with the fire hose of data spewing from the multitude of security products embedded in their IT infrastructures these days, security information and event management (SIEM) continues to gain market relevance. InformationWeek Reports recently took a look at SIEM vendors and the trends affecting adoption of the tools in "IT Pro Ranking: SIEM."

Organizations are still struggling with the complexity of SIEM products, said Dean Francis, an enterprise architect at Fusion PPT and author of the report. Nevertheless, the challenges facing security professionals and the requirements laid out by compliance mandates drive enterprises on in their SIEM spend.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Because of the cost and complexity of SIEM deployments, these purchases aren't to be made lightly. And, according to Francis, they require significant "care and feeding" after initial installation. Dean surveyed a range of enterprises about their current vendors to see how their products and services stacked up. In terms of overall performance, IBM/Q1 Labs, Novell and HP ArcSight earned the top three slots for satisfaction. The rankings were established using 10 criteria, weighted by importance, with product reliability, performance, flexibility, operation cost and post-sales support making up the top five. When stacked up by feature performance only, with highest weight going to real-time analysis for alerts, automated log collection, search capabilities and root-cause analysis, the rankings came up nearly identically.

The report itself offers in-depth information on vendor results and performance indicators across the SIEM landscape, along with important intelligence about SIEM market trends. But for the sake of brevity, here's a quick look at some of the respondents' stats on vendor performance.

IBM/Q1 Labs:
Percentage of respondents using the product: 14%
Overall vendor performance (out of 100% possible score): 76%
Feature performance (out of 100% possible score): 84%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.9
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 4.3
Automated log collection (1-5 scale): 4.3
Support for up to 1,000s of events/sec. (1-5 scale): 4.3

Novell:*
Percentage of respondents using the product: 11%
Overall vendor performance (out of 100% possible score): 75%
Feature performance (out of 100% possible score): 81%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.8
Top Three Rated Features
Compliance reports (1-5 scale): 4.2
Automated log collection (1-5 scale): 4.2
Real-time analysis for alerts (1-5 scale): 4.1
*Novell's Sentinel SIEM is now owned by NetIQ.

HP/ArcSight:
Percentage of respondents using the product: 15%
Overall vendor performance (out of 100% possible score): 74%
Feature performance (out of 100% possible score): 77%
Top Three Vendor Performance Ratings
Product reliability (1-5 scale): 4
Product performance (1-5 scale): 3.8
Flexibility in meeting needs (1-5 scale): 3.8
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 4
Automated log collection (1-5 scale): 4
Event normalization (1-5 scale): 4

Quest Software:
Percentage of respondents using the product: 13%
Overall vendor performance (out of 100% possible score): 73%
Feature performance (out of 100% possible score): 76%
Top Three Vendor Performance Ratings
Product performance (1-5 scale): 3.9
Product reliability (1-5 scale): 3.9
Breadth of product line (1-5 scale): 3.7
Top Three Rated Features
Automated log collection (1-5 scale): 4
Compression for efficient log storage (1-5 scale): 3.9
Compliance reports (1-5 scale): 3.9

Symantec:
Percentage of respondents using the product: 45%
Overall vendor performance (out of 100% possible score): 73%
Feature performance (out of 100% possible score): 76%
Product reliability (1-5 scale): 3.9
Breadth of product line (1-5 scale): 3.8
Product performance (1-5 scale): 3.7
Top Three Rated Features
Secure log management (1-5 scale): 3.9
Automated log collection (1-5 scale): 3.9
Search capabilities (1-5 scale): 3.9

Splunk:
Percentage of respondents using the product: 15%
Overall vendor performance (out of 100% possible score): 72%
Feature performance (out of 100% possible score): 75%
Product reliability (1-5 scale): 3.9
Flexibility in meeting needs (1-5 scale): 3.8
Product performance (1-5 scale): 3.8
Top Three Rated Features
Automated log collection (1-5 scale): 4.3
Search capabilities (1-5 scale): 4.2
Compression for efficient log storage (1-5 scale): 3.9

NetIQ:
Percentage of respondents using the product: 13%
Overall vendor performance (out of 100% possible score): 69%
Feature performance (out of 100% possible score): 75%
Product reliability (1-5 scale): 3.7
Flexibility in meeting needs (1-5 scale): 3.6
Product performance (1-5 scale): 3.5
Top Three Rated Features
Real-time analysis for alerts (1-5 scale): 3.9
Secure log management (1-5 scale): 3.8
Compression for efficient log storage (1-5 scale): 3.8

Tripwire:
Percentage of respondents using the product: 10%
Overall vendor performance (out of 100% possible score): 68%
Feature performance (out of 100% possible score): 71%
Product performance (1-5 scale): 3.6
Product reliability (1-5 scale): 3.5
Operation cost (1-5 scale): 3.5
Top Three Rated Features
Root cause analysis of archived logs (1-5 scale): 3.7
Operational dashboard (1-5 scale): 3.7
Real-time analysis for alerts (1-5 scale): 3.6


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers