This month, SC reviewed several Security Information and Event Management (SIEM) solutions. Although we have tested these products before, we are impressed with the development and innovation that occurs year after year. SIEM capabilities have expanded well beyond security and event management. They drive threat detection and response with auto-remediation and guided responses based on machine learning and forensic analysis. The user and entity behavioral analytics (UEBA) capabilities layered in is rapidly moving SIEMs toward next-generation technology.
The expanding digital surface and maturing threats in the digital landscape are winning out against organizations because of the security skills shortage and subsequent security professional burnout rates. As organizations seek efficient and cost-effective security investments is near desperation, SIEM solutions are a promising piece, the glue holding other security technologies together by alerting on detected threats and adding the visibility security teams need to reconfigure existing technologies and bolster security posture. Therefore, SIEMs should be considered a staple in any organization.
Although some of these solutions are more time consuming than others, they all perform up to standard and would serve any organization well. The differences arise in usability features and some SIEMs may suit certain organizations better than other options. However, we found all the technologies we evaluated this month to be impressive and worthy of consideration.
Product Group Opener
This month, SC labs took another, more concentrated look at Security Information and Event Management (SIEM) solutions. As digital technology advances so too do the cyber threats that target them. The edges of the digital surface are expanding and have long since surpassed the point of feasible, manual management. This expansion and the increasing complexity and volume of alerts have led to skill shortages and security analyst burnout. Organizations are desperate to balance efficient security solutions and cost-effective security investments. SIEM solutions target cybersecurity challenges and are geared toward simplifying security management and generating alerts on threats in an environment that security teams are unable to see or keep pace with.
During testing we focused on evaluating setup processes, how long implementation took and how helpful the documentation was. We looked at the various log ingestion capabilities and how intuitive a solution was in driving data from various sources into the SIEM. We examined how much pre-built content comes with each SIEM, the flexibility of those templates and whether it sufficiently supports compliance efforts. SIEM technologies can be laborious to implement and challenging to manage, so we also tested the overall ease-of-use in depth for each product.
The growing sophistication of threats targeting infrastructures daily, the complexity of managing and monitoring environments and stricter compliance enforcement has resulted in a desperate need for solutions that work with and for security teams to alleviate their burdensome workload and make security management a more feasible task. The SIEM solutions we looked at this month are a promising step in that direction and leverage machine-learning to automate the detection and response processes and free up security teams to address more complex threats.
As with other areas of cybersecurity, we saw a leap to integrate more machine learning into SIEMs and a steep hike in threat detection and response capabilities. Most of these solutions go beyond security management and are very deeply rooted in the process of responding to threats, even automatically. Security teams are empowered with the various pre-built content that comes with the SIEMs and is used for automated responses and guided remediations. We have reviewed these products in the past and continue to be impressed with the rapid innovations that keep driving their value and the enhancements they provide.
Monitoring data points across an environment essentially gives security teams an omniscient view of a network edges and everything in between. It is not possible to detect and respond to unseen threats and SIEMs are very effective at providing the visibility necessary to security teams. A big feature of SIEMs is the sheer number of integrations that are supported, including those for vulnerability scanners. This helps security teams evaluate the configurations of other security technologies in an environment to ensure those other solutions are working efficiently. This return on investment in addition to all the automation and detection capabilities really drives home the value of SIEMs. The comprehensive picture SIEMs provide analysts is so valuable for threat management, detection and response that we strongly recommend they be considered a staple in all organizations. Do you have a clear picture of your security posture?
Pick of the Litter
The graphics in Micro Focus ArcSight were the best we saw by far and drive the intuitive and easy-to-use feel of the entire platform. The unparalleled dashboard graphics, intuitive navigation and compliance support make this highly flexible SIEM make this an SC Labs Best Buy.
Exabeam Security Management Platform adeptly analyzes behavior to accurately identify the riskiest entities, including the ability to link incidents accurately when they are tied to different end-users. There are so many different use cases for this platform, including layering it onto an existing SIEM for added security and value, making it our SC Labs Recommended product for this month’s round of reviews.
April reviews
AT&T Cybersecurity USM Anywhere
Exabeam Security Management Platform 2019.2
Fortinet FortiSIEM 5.2.6
Core Security Event Manager 6.4
IBM Security QRadar 7.3.3
McAfee Enterprise Security Manager (ESM) 11.3
Micro Focus ArcSight ESM 7.2
Microsoft Azure Sentinel
Netsurion EventTracker 9.2
Rapid7 InsightIDR
RSA Security NetWitness Platform 11.4
Splunk Enterprise Security 6.0