Try our new research platform with insights from 80,000+ expert users
2021-05-10T13:12:00Z

How to Select the Right SIEM Solution?

Ertugrul Akbas - PeerSpot reviewer
  • 564
Updated:Jul 18, 2021
Product comparison that may be of interest to you
PeerSpot user

3 Comments

Remy Ma - PeerSpot reviewer
Real User
Top 5
2022-11-11T05:53:04Z
Nov 11, 2022
MK
Real User
2021-05-11T11:58:52Z
May 11, 2021
Ertugrul Akbas - PeerSpot reviewer
Real User
Top 10
May 12, 2021

@Mike Kehoe There is no technical solution that does not require maintenance. You can outsource it or use a cloud-based solution. If you use a cloud-based solution, you have to check issues like compliance, regulations and ownership of the logs.

PeerSpot user
JS
Real User
2021-05-12T18:48:49Z
May 12, 2021
Ertugrul Akbas - PeerSpot reviewer
Real User
Top 10
May 13, 2021

@John Stanford, you are right. A good Security Platform includes SIEM, UEBA, NTA, and SOAR. But most of the time, you have a limited budget, and you should select the best solution according to your budget. Especially for small businesses, budget is critical. If there is no budget for more than 5000-25000 USD for a security platform, you need to select your solution according to this budget.

PeerSpot user
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: November 2024.
823,795 professionals have used our research since 2012.
Related Questions
Liam Brandt - PeerSpot reviewer
Mar 22, 2023
Mar 22, 2023
I´m not sure about this affirmation. There are a lot of other tools used.
See 2 answers
VS
Mar 14, 2023
Hi, in my opinion, because it is still the best at giving you visibility of what's happening in your IT infrastructure, and at detecting threats. Visibility and detection may seem simple tasks. but actually, they require a lot of capabilities in understanding, integrating, logging, and alarms from a huge multitude of devices. Such tasks go under the line of log ingestion, normalization, etc., and that is far from easy. QRadar has done a lot of work in that direction. Another aspect is event correlation. And here, either you write the correlation rules yourself, spending $$$$ of professional services, and by the way, it'll take forever to test, implement and maintain up to date, or your access to a very long list of preset correlation rules, that are already available and waiting to be activated. Finally, visibility and threat detection is just the beginning of a journey pointed at becoming aware of what's happening in your IT and taking relevant and effective action. There are several other technologies that have to be used to minimize exposure, and contain, and remediate relations to an attack. I believe IBM has a few of those, that can be integrated. But whichever you use at the end of this journey, if the original feed is not correct, not relevant, or not complete, you missed your goal in the first place.My 5 cents :)VS
Jairo Willian Pereira - PeerSpot reviewer
Mar 22, 2023
I´m not sure about this affirmation. There are a lot of other tools used.
Julia Miller - PeerSpot reviewer
Oct 18, 2022
Oct 18, 2022
The solution is costly and the price differs depending on the vendor you use.
2 out of 4 answers
reviewer1136397 - PeerSpot reviewer
Feb 6, 2022
I can't speak to the exact pricing. I've never looked at its commercial costs.
reviewer1409433 - PeerSpot reviewer
May 12, 2022
Licensing is mostly dependent on the EPS, events per second. Depending upon the number of products that are integrated with the platform, we have to come to an optimal EPS value. I'm not very sure about the financials, however, the licensing cost cannot be as much as that for Sentinel, which is not very low. For customers who need medium EPS values, we advise QRadar. The basic out the box cost covers, the EPS value that you have specified, and then some archiving maybe. It should include at least six months of archiving and other functionalities. Most of the customers will go for the standard package and we don't have to go for extra archival or enhanced DPS. 10% to 15% of DPS can always be increased. It will not completely shut down the system, however, it'll start sending us notifications that the DPS is getting increased and then we can go for a higher licensing.
Related Articles
Julia Miller - PeerSpot reviewer
Mar 19, 2024
Mar 19, 2024
Today, Security Information and Event Management (SIEM) solutions play a pivotal role in bolstering organizational defenses against an array of cybersecurity threats. Through the lens of real-world success stories and an evaluation of top SIEM technologies, this comprehensive article illustrates the transformative impact of SIEM systems across industries and highlights leading solutions, includ...
Ertugrul Akbas - PeerSpot reviewer
Jan 24, 2023
Jan 24, 2023
It is important to retain logs for a significant amount of time in order to be able to investigate and analyze past attacks. This allows security teams to identify patterns and trends that can aid in the detection and prevention of future attacks. The retention period will vary depending on the organization's specific requirements and regulations, but it is generally recommended to keep logs f...
Product Comparisons
Related Articles
Julia Miller - PeerSpot reviewer
Mar 19, 2024
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Today, Security Information and Event Management (SIEM) solutions play a pivotal role in bolsteri...
Ertugrul Akbas - PeerSpot reviewer
Jan 24, 2023
Features of Today's SIEMs – Requirements for Today’s Attacks and Breaches
It is important to retain logs for a significant amount of time in order to be able to investiga...
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Wazuh, LevelBlue, and more! Updated: November 2024.
DOWNLOAD NOW
823,795 professionals have used our research since 2012.