Application Control & Change Control | Database | Email Archiving | Other | SIEM | Vulnerability Scanners | Web Application Firewalls

 

 

 

Security Information And Event Management System Vendors

Although 99% of IT security solutions satisfy some parts of compliance, most of them would be bought into an organisation regardless of any compliance. An example would be a firewall, email and web filtering solutions.

However IT security professionals usually invest in policy auditors, web application firewalls, vulnerability managers, file integrity software, archiving application control and SIEM solutions to satisfy regulatory compliance and showing due diligence.

 

SIEM Overview

There seems to be three categories of SIEM vendors on the market today when it comes to how they market their products with other tool sets. The first is a category of SIEM vendors that tend to combine their SIEM products with a combination of other security tools such as, vulnerability management, file integrity, policy auditing and IPS as optional add-ons to their SIEM solutions. Then there is the second category of vendors, where they integrate their SIEM products with Identity and Access management solutions and finally the third category of vendors provide SIEM as a point solution on its own.

SIEM as a product is a combination of Information Management, Event Management and network behaviour analysis tools providing a complete vision of log data and real time events. Some companies only require one or the other (Information Management or Event Management). Information Management is used for historical and compliance purposes and where Event Management is used for real time attack analysis. Some vendors provide these as separate products.

 

 

 

Alert Logic is a cloud solution vendor and offers a cloud based Incident and Event Log Monitoring service.

 

AlienVault Professional SIEM is offered as an appliance and virtual platform. AlientVault also has intrusion detection and vulnerability management functionality built in to its SIEM product. AlienVault is a dedicated SIEM vendor.

 

Astaro has a log management module built in its security gateway appliance. The actual log management is a system based in the cloud. This is a basic log management service.

 

Computer Associates (CA) is a large vendor with many enterprise class IT solutions. CA has a security division and offers its enterprise log manager product which comes in software based platform.

 

Correlog offers log management and security correlation and provides integrity monitoring for common OS platforms.

 

elQnetworks specialises in visibility and awareness of IT information. elQnetworks has a focus on SIEM, file integrity, vulnerability management and network behaviour analysis solutions.

 

Enterasys Security Information and Event Management solution provides log management and network behavioral analysis capabilities. Enterasys is a provider of routing, switching, wireless and network management and security solutions.

 

FairWarning specialises in information protection and awareness in the health industry. The appliance based solution protects the privacy of patient health records.

 

GFI Software is a vendor focussed on IT solutions for small and medium-sized businesses. GFI offers its centralised event log monitoring and management solution known as GFIEventsManager.

 

HP Compliance Log Warehouse is an SIEM appliance based solution that comes with some useful compliance reporting tools such as PCI DSS, HIPPA and more.

ArcSight has been acquired by HP, and is a provider of security and compliance management solutions. ArcSight has a big focus on SIEM and has many options in its portfolio depending on the user requirements.

 

IBM ISS has an SIEM product in Tivoli Security Information and Event Manager. IBM also has other log and event management solutions.

 

Juniper Networks has an SIEM in its Security Threat Response Manager that comes in various appliance models for all network sizes.



LogLogic is a vendor specialising in a suite of log management and security management products. LogLogic solutions are available in appliance and virtual platforms.

 

LogMatrix is an SIEM vendor with an appliance based offering known as NerveCenter.

 

LogRhythm is an SIEM vendor with a number of options and solutions. LogRhythm SIEM solution also includes file integrity monitoring.

 

netForensics is a vendor with specialties in security threats and compliance. netForensics provides SIEM as a product solution as well as a service hosted in the cloud.

 

netIQ portfolio includes solutions for managing security and compliance, identity and access and performance and availability. netIQ has a number of offerings in their SIEM portfolio.

 

NitroSecurity is an SIEM vendor that has been acquired by Mcafee and offer a number of SIEM options. Nitro Security also specialises in IPS products.

 

Novell has a large portfolio of IT solutions. Novell integrates its SIEM solution with its identity and access management solution.

 

Prism Microsystems is an SIEM vendor. EventTracker Enterprise is Prism’s SIEM solution.

 

Q1 Labs has a number of SIEM options. Its flagship product is known as QRador SIEM.

 

Quest Software provides a range of IT solutions including SIEM in its InTrust products. InTrust collects stores and reports data on Windows, Unix and Linux platforms.

 

RSA (EMC) is a well known security vendor and a division of EMC. RSA is a market leader for its two-factor authentication services & solutions. RSA offers an SIEM product ranked highly known as RSA Envision.

 

SenSage has strengthened its SIEM offering by becoming a Mcafee Innovation partner. Its product integrates into Mcafee Epolicy Orchestrator. This is great for customers looking for consolidation and a single point of management for all of their products.

 

Splunk is a dedicated SIEM vendor.

 

Symantec is a large security, storage and systems management vendor. Symantec has an SIEM solution known as Symantec Security Information Manager.

 

S21sec provides SIEM solutions as well as Cyber security services.

 

Tango/04 provides monitoring, auditing and reporting of data through their Visual product solutions.

.

 

Tenable SecurityCenter provides SIEM, vulnerability manager and some aspects of DLP in a single product.

 

Tier-3 is an Australian based company that specialises in security, data protection and compliance. Tier-3 has an SIEM product portfolio known as Huntsman.

 

TriGeo Security Information Manager is targeted towards the mid market and has the ability to pick up data from USB devices as well through its USB-Defender product.

 

Trustwave is a security vendor with a range of security solutions including Trustwave SIEM.

 

Wallix is a French based vendor and a provider of IT security solutions. Wallix deliver a product known as LOGBOX which is a log collection solution from a central appliance.