Three champions came out on top in Info-Tech Research Group’s Security Information and Event Management Vendor Landscape Plus. While SIEM is still a pricey investment, the market and its solutions have increased in awareness and adoption as the SMB space is being pushed into further regulatory and industrial compliance obligations.
The space was once dominated by smaller dedicated players, but larger players in the security space have taken centre stage through acquisitions and continued development of their own solutions.
Info-Tech’s SIEM VL Plus saw LogRhythm, Sensage, and Q1Labs as the champions for their comprehensive SIEM solutions.
LogRhythm is one of the few remaining SIEM-specific vendors in the market. It delivers a strong SIEM product with built-in file integrity monitoring and host intrusion detection capabilities.
Sensage, a small company with high-profile clients, continues to get top marks. Its SIEM solution offers big data management capabilities to a growing list of impressive customers with stringent security requirements.
Rounding out the Champions’ list is Q1Labs. Through its acquisition by IBM, it has joined its quality SIEM solution with a vendor that can raise its profile substantially.
LogLogic follows as an Innovator. Recently acquired by TIBCO, it offers a feature-rich solution, and one of the few that fully addresses system configuration data as an input source. Coupled with the cleanest interface, this is the solution that delivers the most SIEM capability.
NitroSecurity also made the Innovator category with its NitroView ESM. McAfee acquired NitroSecurity in November 2011. Its solution won the Trend-Setter award for being the most feature-rich SIEM. Long term, McAfee looks to extend its common architecture to include NitroSecurity. For now, SMBs looking for a McAfee centrally-managed system that includes its SIEM will need to wait.
The final Innovator is SolarWinds. Winner of the Value award with a price point that is unmatched by its competitors, it offers exceptional value for users without sophisticated SIEM needs.
RSA leads the Market Pillar category with its enVision solution. RSA has taken a holistic view of security management and the integration of its three security management platforms (SIEM, DLP, eGRC) is visionary.
Market Pillar Symantec offers the broadest base of deployment types – software, hardware, virtual hardware, and managed service offerings, allowing every enterprise to find a fit.
ArcSight follows with its Express SIEM. Acquired by HP in 2010, ArcSight is the largest player in the SIEM space. It offers an architecturally sound solution allowing for widely varying deployment models. Also, the ability to mix and match Collectors and Loggers with a core Express device offers great flexibility.
Trustwave with its strong PCI compliance background is the final Market Pillar vendor. Trustwave’s solution offers PCI Logging Guides. These QSA-developed guidelines allow organizations to rapidly configure their audit/logging settings to address PCI compliance requirements. However, Trustwave has built its portfolio based on acquisitions, and integration of all of its diverse products proves to be a common issue with this vendor.
For more information on SIEM solutions, refer to Info-Tech Research Group’s SIEM VL Plus.