Cybersecurity Architecture and Technology Lead at Appxone
Consultant
2017-07-25T06:15:56Z
Jul 25, 2017
IBM QRadar is the best option because they are using UBA for the quick detection of insider threats, targeted attack and financial fraud instead of tracking devices or security event by using machine learning algorithm.
Search for a product comparison in Security Information and Event Management (SIEM)
The siemcomparison.com appears to be heavily weighted in LogRhythm's favor; however, I didn't spend much time adjusting the variable options, so perhaps I am jumping to conclusions. Best advice I can give is to consider the normal factors when selecting any software/services vendor. 1. Do they have a significant presence in your industry/market? 2. Can they provide reference accounts you can speak to directly (and privately)? 3. Do the features provided match your requirements/systems being monitored? 4. Will the company be around 3-5 years from now? 5. How big and qualified is your team to run one of these systems? (do you need a co-managed option for 24/7 SOC?) 6. Can you afford the software, staff and upkeep? 7. How will it impact your infrastructure (Storage, Compute, etc.)? There are a lot of good options out there...all with their own good, bad and ugly.
Check out InfoTech's SIEM Comparison Tool. While I've seen LogRhythm win multiple RFPs and I have personally had excellent success with it, the tool may help you in your search based upon the scenario and criteria you enter. Their tool compare 10 vendors, consisting of: AlienVault, EventTracker, HP, IBM, LogRhythm, Intel Security, NetIQ, RSA, SolarWinds, and Splunk.
In my opinion, LogRythm can provide more for banks and is easier to deploy/manage.
Some of the most important eval params would be in the case of small to medium banks thus:
- product must be easy to deploy with minimum overhead (personnel)
- Manageability of the product after implementation
- Compatibility with e.g. AS400 which is what most banks use to run (save) the core banking data
The rest is up to each company and their respective requirements.
If you are just limiting your options to those 2, you are leaving out key players such as Splunk and Eventtracker (who also provides 24/7 co- management and software for less than most players charge for software alone)
Why only consider AlienVault and LogRhythm? In any case, this is a very open question and I do not see how one could expect anything other than a broad answer... :-(
if it is only in between Alien Vault and LogRhythm, Then go with LogRhythm. There are number of parameters we have to consider before finalizing the solution. Centralized or standalone, Multitenancy, log formats, Number of EPS, use cases, Law and Regulatory reuirements, Shipping logs to SIEM tool.
As per my opinion go ahead with LogRhytham .
If you are considering other vedors aswell, Then IBM Q Radar and Splunk is fine. But in middle east Splunk is not that much popular. I experienced banks in Muscat with HP ARC SIGHT and IBM Q Radar.
LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM...
IBM QRadar is the best option because they are using UBA for the quick detection of insider threats, targeted attack and financial fraud instead of tracking devices or security event by using machine learning algorithm.
The siemcomparison.com appears to be heavily weighted in LogRhythm's favor; however, I didn't spend much time adjusting the variable options, so perhaps I am jumping to conclusions. Best advice I can give is to consider the normal factors when selecting any software/services vendor. 1. Do they have a significant presence in your industry/market? 2. Can they provide reference accounts you can speak to directly (and privately)? 3. Do the features provided match your requirements/systems being monitored? 4. Will the company be around 3-5 years from now? 5. How big and qualified is your team to run one of these systems? (do you need a co-managed option for 24/7 SOC?) 6. Can you afford the software, staff and upkeep? 7. How will it impact your infrastructure (Storage, Compute, etc.)? There are a lot of good options out there...all with their own good, bad and ugly.
Check out InfoTech's SIEM Comparison Tool. While I've seen LogRhythm win multiple RFPs and I have personally had excellent success with it, the tool may help you in your search based upon the scenario and criteria you enter. Their tool compare 10 vendors, consisting of: AlienVault, EventTracker, HP, IBM, LogRhythm, Intel Security, NetIQ, RSA, SolarWinds, and Splunk.
siemcomparison.com
if ur forced Between Alien Vault and LogRhythm,alien vault is the better
Alien Vault-2 be sure
I would need more info on this - specifically what regulations are required and what are good additions?
I thing you have to go solution Splunk or Qradar Siem is best option
In my opinion, LogRythm can provide more for banks and is easier to deploy/manage.
Some of the most important eval params would be in the case of small to medium banks thus:
- product must be easy to deploy with minimum overhead (personnel)
- Manageability of the product after implementation
- Compatibility with e.g. AS400 which is what most banks use to run (save) the core banking data
The rest is up to each company and their respective requirements.
If you are just limiting your options to those 2, you are leaving out key players such as Splunk and Eventtracker (who also provides 24/7 co- management and software for less than most players charge for software alone)
Why only consider AlienVault and LogRhythm? In any case, this is a very open question and I do not see how one could expect anything other than a broad answer... :-(
Define 'suitable'... What do you want to do?
Also consider Splunk and HPE ArcSight, and maybe more solutions.
if it is only in between Alien Vault and LogRhythm, Then go with LogRhythm. There are number of parameters we have to consider before finalizing the solution. Centralized or standalone, Multitenancy, log formats, Number of EPS, use cases, Law and Regulatory reuirements, Shipping logs to SIEM tool.
As per my opinion go ahead with LogRhytham .
If you are considering other vedors aswell, Then IBM Q Radar and Splunk is fine. But in middle east Splunk is not that much popular. I experienced banks in Muscat with HP ARC SIGHT and IBM Q Radar.
Let me know if there any help is required.
personally, I never worked on Alien-Vault or LogRhythm, but if you have the third vendor name in mind, can consider Splunk as well.
AlienVault should be the way to go here I think!
You can integrate ANY custom log source to the siem and comes with over 3000+ pre-built correlation rules
Having a good partner to assist with integration and implementation is also key.
... and well, I work with a partner firm who sells and deploy both siem solutions, hence, my candid input on subject matter
Regards
Ibukun