Scribd Logo
Upload

Welcome to Scribd!

  • 959 views

    SIEM Comparison

    Uploaded by

    srmv59
    The document provides a comparison of several leading SIEM vendors, including HP ArcSight, IBM QRadar, McAfee Nitro, RSA Security Analytics, LogRhythm, and Splunk. It summarizes each vendor's core SIEM platform capabilities, strengths, and weaknesses. Scorecards are included that rate the vendors on critical capabilities and their ability to support common use cases. HP ArcSight and IBM QRadar received the highest overall scores, with strengths including extensive log collection, advanced analytics, and threat management capabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    SIEM Comparison

    Uploaded by

    srmv59
    959 views10 pages
    The document provides a comparison of several leading SIEM vendors, including HP ArcSight, IBM QRadar, McAfee Nitro, RSA Security Analytics, LogRhythm, and Splunk. It summarizes each vendor's core SIEM platform capabilities, strengths, and weaknesses. Scorecards are included that rate the vendors on critical capabilities and their ability to support common use cases. HP ArcSight and IBM QRadar received the highest overall scores, with strengths including extensive log collection, advanced analytics, and threat management capabilities.

    Original Description:

    SIEM Comparison

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides a comparison of several leading SIEM vendors, including HP ArcSight, IBM QRadar, McAfee Nitro, RSA Security Analytics, LogRhythm, and Splunk. It summarizes each vendor's core SIEM platform capabilities, strengths, and weaknesses. Scorecards are included that rate the vendors on critical capabilities and their ability to support common use cases. HP ArcSight and IBM QRadar received the highest overall scores, with strengths including extensive log collection, advanced analytics, and threat management capabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    959 views10 pages

    SIEM Comparison

    Uploaded by

    srmv59
    The document provides a comparison of several leading SIEM vendors, including HP ArcSight, IBM QRadar, McAfee Nitro, RSA Security Analytics, LogRhythm, and Splunk. It summarizes each vendor's core SIEM platform capabilities, strengths, and weaknesses. Scorecards are included that rate the vendors on critical capabilities and their ability to support common use cases. HP ArcSight and IBM QRadar received the highest overall scores, with strengths including extensive log collection, advanced analytics, and threat management capabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 10

    SIEM Product Comparison

    SIEM Technology Space


    SIEM market analysis of the last 3 years suggest:
    Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)
    Only products with technology maturity and a strong road map have featured in leaders
    quadrant.
    HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued
    technology upgrade
    McAfee Nitro has strong product features & road map to challenge HP & IBM for leadership
    2011

    2012

    2013

    HP ArcSight
    The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of
    products for collecting, analysing, and managing enterprise Security Event information.
    ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to
    identify security threat in real-time
    ArcSight Logger: Log storage and Search solution
    ArcSight IdentityView: User Identity tracking/User activity monitoring
    ArcSight Connectors: for data collection from a variety of data sources
    ArcSight Auditor Applications: automated continuous controls monitoring for both mobile
    & virtual environments
    Strengths

    Weakness

    Extensive Log collection support for commercial IT


    products & applications

    Complex deployment & configuration

    Advanced support for Threat Management, Fraud


    Management & Behavior Analysis

    Mostly suited for Medium to Large Scale deployment

    Mature Event Correlation, Categorization & Reporting

    Requires skilled resources to manage the solution

    Tight integration with Big data Analytics platform like


    Hadoop

    Steep learning curve for Analysts & Operators

    Highly customizable based on organizations


    requirements
    Highly Available & Scalable Architecture supporting
    Multi-tier & Multi-tenancy

    IBM QRadar
    The QRadar Integrated Security Solutions (QRadar) Platform is an integrated set of products for
    collecting, analysing, and managing enterprise Security Event information.
    QRadar Log Manager turn key log management solution for Event log collection & storage
    QRadar SIEM Integrated Log, Threat & Risk Management solution
    QRadar Risk Manager Predictive threat & risk modelling, impact analysis & simulation
    QRadar QFlow Network Behaviour Analysis & Anomaly detection using network flow data
    QRadar vFlow Application Layer monitoring for both Physical & Virtual environment

    Strengths

    Weakness

    Very simple deployment & configuration

    Limited customizations capabilities

    Integrated view of the threat environment using


    Netflow data , IDS/IPS data & Event logs from the
    environment

    Limited Multi-tenancy support

    Behavior & Anomaly Detection capabilities for both


    Netflow & Log data

    Limited capability to perform Advanced Use Case


    development & analytics

    Suited for small, medium & large enterprises


    Highly Scalable & Available architecture

    McAfee Nitro
    The McAfee Enterprise Security Management (formerly Nitro Security) Platform is an integrated
    set of products for collecting, analysing, and managing enterprise Security Event information.
    McAfee Enterprise Log Manager turn key log management solution for Event log
    collection & storage
    McAfee Event Receiver collecting log data & native flow data
    McAfee Database Event Monitor database transaction & Log monitoring
    McAfee Application data Monitor application layer event monitoring
    McAfee Advanced Correlation Engine advanced correlation engine for correlating events
    both historical & real time
    Strengths

    Weakness

    Integrated Application Data monitoring & Deep Packet Very basic correlation capabilities when compared
    Inspection
    with HP & IBM
    Integrated Database monitoring without dependence
    on native audit functions

    Limitations in user interface when it concerns


    navigation

    High event collection rate suited for very large scale


    deployment

    Requires a lot of agent installs for Application &


    database monitoring thereby increasing management
    complexity

    Efficient query performance in spite of high event


    collection rate

    No Analytics capability both Big Data & Risk based


    Limited customization capabilities
    Limited support for multi-tier & multi-tenancy
    architecture

    Splunk
    Splunk Enterprise is an integrated set of products that provide Log Collection, management &
    reporting capabilities using
    Splunk Indexer used to collect and index logs from IT environment
    Splunk Search Heads used to search & report on IT logs
    Splunk App for Enterprise Security - used to collect external threat intelligence feeds,
    parse log sources and provide basic analytics for session monitoring (VPN, Netflow etc.)
    Strengths

    Weakness

    Extensive Log collection capabilities across the IT


    environment

    Pre-SIEM solution with very limited correlation


    capabilities

    Log search is highly intuitive like Google search

    Even though easy to deploy, increasingly difficult to


    configure for SIEM related functions

    Flexible dash boarding & analytics capability


    improves Log visualization capabilities
    Built-in support for external threat intelligence feeds
    both open source & commercial
    App Store based architecture allowing development
    of Splunk Plugins to suit monitoring & analytics
    requirements

    RSA Security Analytics


    RSA Security Analytics is an integrated set of products that provide Network Forensics, Log
    Collection, management & reporting capabilities using
    Capture Infrastructure
    RSA Security Analytics Decoder Real time capture of Network Packet and log data
    with Analysis and filtering capabilities
    RSA Security Analytics Concentrator Aggregates metadata from the Decoder
    RSA Security Analytics Broker Server For reporting, management and
    administration of capture data
    Analysis & Retention Infrastructure
    Event Stream Analysis Correlation Engine
    Archiver Long term retention, storage, security & compliance reporting
    RSA Security Analytics Warehouse Big Data Infrastructure for Advanced Analytics
    Strengths

    Weakness

    Great Analytics using Event Log Data & Network


    Packet Capture

    New Product release from RSA, hence advanced


    Security correlation support is poor

    Network forensics, Big Data (Parallel Computing) are


    cornerstones in SIEM world

    Security Analytics Warehouse is a new capability with


    very little real world use cases

    Tightly Integrates with RSA ecosystem for Threat


    Intelligence, Fraud Detection, Malware Analysis etc.
    (each requires separate RSA Tools)

    Suited only for large enterprises with need for


    complex deployment and management resources.
    Poor deployment options for small and midsize
    customers

    LogRhythm
    The LogRhythm SIEM 2.0 Security Intelligence Platform is an integrated set of products for
    collecting, analysing, and managing enterprise Security Event information.
    Log Manager high performance, distributed and redundant log collection and management
    appliance
    Event Manager provide centralized event management and administration for a
    LogRhythm deployment
    Network Monitor provide full visibility into network traffic, identifying applications via
    deep packet inspection, providing real-time unstructured search access to all metadata and
    packet captures
    Strengths

    Weakness

    Well balanced log management, reporting, event


    management, privileged user monitoring and File
    integrity monitoring capabilities

    Suitable for Security event data only, as Operational


    data sets cause slowing performance for searches and
    reports

    Fast deployment with minimal configuration because


    of appliance form factor

    No Support for Active Directory integration for RoleBased Access Control

    Quarterly Health Check programs post-deployment


    offers great After sales-Service experience

    Suited best for small and mid size companies with


    basic security, regulatory compliance and reporting
    needs. Not scalable for very large deployments.

    SIEM Vendors Critical Capabilities Score Card


    A Summary scoring sheet for SIEM Vendors based on their Core capabilities is given
    below:
    Capability

    RSA
    Security
    Analytics

    Log
    Rhythm

    Splunk

    McAfee
    Nitro

    IBM
    QRadar

    HP
    ArcSight

    Real-time Security Monitoring

    3.1

    3.2

    2.5

    3.9

    4.2

    4.4

    Threat Intelligence

    3.7

    2.5

    3.0

    2.8

    3.5

    4.5

    Behavior Profiling

    2.5

    2.3

    3.0

    3.0

    5.0

    4.0

    Data & End User Monitoring

    3.6

    3.5

    1.7

    3.6

    3.5

    4.0

    Application Monitoring

    3.8

    3.5

    1.8

    3.7

    3.3

    3.8

    Analytics

    2.5

    2.5

    3.8

    4.5

    3.5

    4.0

    Log Management & Reporting

    3.5

    3.8

    3.5

    3.8

    3.9

    4.0

    Deployment & Support


    Simplicity

    3.0

    4.0

    2.5

    3.5

    3.5

    3.0

    25.7

    25.3

    21.8

    28.8

    30.4

    31.7

    Total (Weighted Score)


    1.0 Low level of Capability
    5.0 High Level of Capability

    SIEM Vendors Use Cases Score Card

    Use Cases

    RSA
    Security
    Analytics

    Log
    Rhythm

    Splunk

    McAfee
    Nitro

    IBM
    QRadar

    HP
    ArcSight

    Overall Use Cases

    3.2

    3.2

    2.7

    3.6

    3.8

    4.0

    Compliance Use Cases

    3.3

    3.7

    3.0

    3.7

    3.8

    3.8

    Threat Monitoring

    3.1

    3.1

    2.9

    3.8

    3.7

    4.0

    SIEM

    3.2

    3.4

    2.8

    3.6

    3.8

    3.9

    12.8

    13.4

    11.7

    14.7

    15.1

    15.7

    Total (Weighted Score)

    1.0 Low level of Capability


    5.0 High Level of Capability

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy