Vendor Landscape: Security Information & Event Management

More documents

Recommendations

Info

Table Stakes represent the minimum standard; without these, a product doesn’t even get reviewed Feature Basic Collection, Aggregation, Normalization (CAN) Basic Correlations The Table Stakes What it is: Collection from firewall and network logs, IDS logs, Windows server logs, web server logs and various syslog sources. Out-of-the-box correlation policies for basic CAN data, acting in near real-time. What Does This Mean? The products assessed in this Vendor Landscape TM meet, at the very least, the requirements outlined as Table Stakes. Many of the vendors go above and beyond the outlined Table Stakes, some even in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here. Basic Alerting Logging for all correlated events and alerting via pager/email/text for those that exceed a given threshold or meet specific alert criteria. Basic Reporting Availability of a variety of out-of-the-box reports that can be run on a scheduled and ad hoc basis. If Table Stakes are all you need from your SIEM solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs. Info-Tech Research Group 20
Advanced Features are the capabilities that allow for granular market differentiation Scoring Methodology Info-Tech scored each vendor’s features offering as a summation of their individual scores across the listed advanced features. Vendors were given 1 point for each feature the product inherently provided. Some categories were scored on a more granular scale with vendors receiving half points. Feature Log Data Enrichment Advanced Correlation Advanced Alerting Advanced Features What we looked for: Advanced CAN from Net Flow, Identity, Database, Application, Config & File Integrity data sources. Advanced canned policies, user-defined policies, & adaptive/heuristic policies. Programmable/customizable alerting responses & injection into native or third-party workflow tools. Advanced Reporting Forensic Analysis Support Data Management - Security Data Management - Retention Unified Compliance Framework MITRE Common Event Expression Flexible dashboards, custom reporting capabilities, & ability to export to external reporting infrastructure. Ability to generate custom data queries with flexible drill-down capabilities. Granular access controls to system & log data, encryption of SIEM data (in storage & transmission). Notable storage capacity, data compression, & inherent hierarchical storage management. Solution leverages the UCF to enable advanced compliance reporting. Solution supports Common Event Expression log formatting. For an explanation of how Advanced Features are determined, please see Vendor Landscape Methodology: Information Presentation in the Appendix. Info-Tech Research Group 21
Page 1 and 2: Vendor Landscape: Security Informat
Page 3 and 4: Executive Summary Understand SIEM T
Page 5 and 6: Understand SIEM Trends and Consider
Page 7 and 8: Like every tool, SIEM has limitatio
Page 9 and 10: Determine how and where SIEM will h
Page 11 and 12: Be clear about the impact of SIEM-e
Page 13 and 14: Evaluate SIEM Vendors What’s in t
Page 15 and 16: SIEM Vendor selection / knock-out c
Page 17 and 18: The Info-Tech SIEM Vendor Landscape
Page 19: The Info-Tech SIEM Value Index What
Page 23 and 24: LogRhythm’s comprehensive SIEM fe
Page 25 and 26: Sensage is a small company that eas
Page 27 and 28: Q1 Labs QRadar: a quality product l
Page 29 and 30: LogLogic provides a strong solution
Page 31 and 32: NitroSecurity continues to bring a
Page 33 and 34: SolarWinds is a newer face in the m
Page 35 and 36: RSA has a solid solution, but also
Page 37 and 38: Symantec offers vendor stability an
Page 39 and 40: ArcSight offers both enterprise- an
Page 41 and 42: Trustwave’s strength is in their
Page 43 and 44: Streamline monitoring, alerting, an
Page 45 and 46: Ensure the reduction of enterprise
Page 47 and 48: Issue an RFP to ensure SIEM vendors
Page 49 and 50: Take charge of vendor demonstration
Page 51 and 52: Getting to a SIEM implementation st
Page 53 and 54: Identify constraints for your SIEM
Page 55 and 56: Account for implementation resource
Page 57 and 58: Determine how you intend to staff S
Page 59 and 60: Start modestly, but keep the final
Page 61 and 62: Vendor Landscape Methodology: Overv
Page 63 and 64: Vendor Landscape Methodology: Scori
Page 65 and 66: Vendor Landscape Methodology: Infor
Page 71 and 72:
Vendor Landscape Methodology: Fact
Page 73 and 74:
Product Pricing Scenario, continued
Page 75 and 76:
Country Info-Tech Research Group 75
Page 77 and 78:
FTEs Info-Tech Research Group 77
show all

Vendor Landscape: Security Information & Event Management

Create successful ePaper yourself

Delete template?

Save as template?