JafSec Company Logo

 

Application Control & Change Control | Database | Email Archiving | Other | SIEM | Vulnerability Scanners | Web Application Firewalls

 

 

 

Security Information And Event Management Systems Overview and Vendor List

Although 99% of IT security solutions satisfy some parts of compliance, most of them would be bought into an organisation regardless. An example would be a firewall, email and web filtering solutions.

However IT security professionals usually invest in policy auditors, web application firewalls, vulnerability managers, file integrity software, archiving application control and SIEM solutions to satisfy regulatory compliance and showing due diligence.

 

SIEM Overview

Some vendors combine SIEM with a combination of vulnerability management, file integrity, policy auditing and IPS as options. Other vendors integrate SIEM into their Identity and Access management solutions and and some vendors provide SIEM as a point solution on its own.

SIEM as a product is a combination of Information Management, Event Management and network behaviour analysis tools providing a complete vision of log data and real time events. Some companies only require one or the other (Information Management or Event Management). Information Management is used for historical and compliance purposes and Event Management for real time attack analysis. Some vendors also provide these as separate products.

 

 

 

Alert Logic is a cloud solutions vendor and offer a cloud based Incident and Event Log Monitoring service.

 

AlienVault Professional SIEM is offered as an appliance and virtual platform. AlientVault also have intrusion detection and vulnerability management functionality built in to its SIEM product. AlienVault is a dedicated SIEM vendor.

 

Astaro have a log management module built in their security gateway appliance. The actual log management is a system based in the cloud. This is a basic log management service.

 

Computer Associates (CA) is a large vendor with many enterprise class IT solutions. CA have a security division and offer their enterprise log manager which comes in software platform.

 

Correlog offer log management and security correlation and provide integrity monitoring for common OS platforms.

 

elQnetworks specialise in visibility and awareness of IT information. elQnetworks has a focus on SIEM, file integrity, vulnerability management and network behaviour analysis solutions.

 

Enterasys Security Information and Event Management solution provides Log Management and Network Behavioral Analysis capabilities. Enterasys is a provider of routing and switching, wireless and network management and security solutions.

 

FairWarning specialise in information protection and awareness in the health industry. Their appliance based solution protects the privacy of patient health records.

 

GFI Software is a vendor focussed on IT solutions for small and medium-sized businesses. GFI offer their centralised event log monitoring and management solution known as GFIEventsManager.

 

HP Compliance Log Warehouse is an SIEM appliance based solution that comes with some useful compliance reporting tools such as PCI DSS, HIPPA and more.

ArcSight who have been acquired by HP is a provider of security and compliance management solutions. They have a huge focus on SIEM and have many options in their portfolio depending on user requirements.

 

IBM ISS have an SIEM product in Tivoli Security Information and Event Manager. IBM also has other log and event management solutions.

 

Juniper Networks has an SIEM in their Security Threat Response Manager that comes in various appliance models for all network sizes.



LogLogic is a vendor specialising in a suite of log management and security management products. Their solutions come in appliance and virtual platforms.

 

LogMatrix is an SIEM vendor with an appliance based offering known as NerveCenter.

 

LogRhythm is an SIEM vendor with a number of options and solutions. Their SIEM solution also includes file integrity monitoring.

 

netForensics is a vendor with specialties in security threats and compliance. netForensics provides SIEM as a product solution as well as a service hosted in the cloud.

 

netIQ portfolio includes solutions for managing security and compliance, identity and access and performance and availability. netIQ have a number of offerings in their SIEM portfolio.

 

NitroSecurity is an SIEM vendor who have been acquired by Mcafee and offer a number of options. Nitro Security also specialises in IPS products.

 

Novell have a large portfolio of IT solutions. Novell integrates its SIEM solution with their identity and access management solution.

 

Prism Microsystems is an SIEM vendor. EventTracker Enterprise is Prism’s SIEM solution.

 

Q1 Labs have a number of SIEM options. Their flagship product is known as QRador SIEM.

 

Quest Software provide a range of IT solutions including SIEM in their InTrust products. InTrust collects stores and reports data on Windows, Unix and Linux platforms.

 

RSA (EMC) is a well known security vendor and a division of EMC. RSA is a market leader for their 2 factor authentication solutions. RSA also has an SIEM product ranked highly in their RSA Envision product.

 

SenSage have strengthened their SIEM offerings by becoming Mcafee Innovation partners. Their product integrates into Mcafee Epolicy Orchestrator. This is great for customer looking for consolidation and single point of management for all their products.

 

Splunk is a dedicated SIEM vendor.

 

Symantec is a large security, storage and systems management vendor. Symantec has an SIEM solution known as Symantec Security Information Manager.

 

S21sec provides SIEM solutions as well as Cyber security services.

 

Tango/04 provides monitoring, auditing and reporting of data through their Visual product solutions.

.

 

Tenable SecurityCenter provides SIEM, vulnerability manager and some aspects of DLP in one product.

 

Tier-3 is an Australian based company that specialise in security, data protection and compliance. Tier-3 have an SIEM product portfolio known as Huntsman.

 

TriGeo Security Information Manager is targeted towards the mid market and has the ability to pick up data from USB devices as well through their USB-Defender product.

 

Trustwave is a security vendor with a range of security solutions including Trustwave SIEM products.

 

Wallix is a French based vendor and a provider of IT security solutions. Wallix deliver a product known as LOGBOX which is a log collection solution from a central appliance.