What is the best SIEM tool for a large financial services firm?
Do you have recommendations for the best SIEM tool to invest in for a large financial services provider? What particular features of your recommended tool make it the best choice?
Senior Technical Marketing Engineer at Securonix Solutions
Real User
2020-08-24T08:41:29Z
Aug 24, 2020
Hello,
First off, look for a SIEM that offers customized content for financial services. Use cases such as SWIFT fraud, insider threat and data exfiltration, trade surveillance are the sort of support you should be looking for.
I work for Securonix, and our solution has content tailor-made for the financial services industry. Specific financial services firms may have different requirements, but our prebuilt content provides broad coverage. Needless to say, I would recommend Securonix, but one aspect to consider with any solution - for financial services, the creation of new threats is much faster than for other industries. Consider a SIEM tool with strong analytics (UEBA) pedigree and good data ingestion and scaling capabilities.
Search for a product comparison in Security Information and Event Management (SIEM)
Works at a healthcare company with 5,001-10,000 employees
Real User
2021-01-04T14:51:41Z
Jan 4, 2021
I would take a long hard look at IBM QRadar. The user behavior analytics will give you insight into insider activity. You will want to run CIS internals on your endpoints and get detailed logs using their Wincollect server functionality. Using that alongside of something like Varonis and a decent DLP solution will give you complete insight into what your users are doing, when they did it, and what information was involved. Installing it is easy configuring it is formidable but the results will give you attribution and specificity. In addition the capabilities of QRadar allow the development of specific use cases that will detect anomalous behavior and provide excellent IOAS and IOCs.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM). Updated: November 2024.
Hello,
First off, look for a SIEM that offers customized content for financial services. Use cases such as SWIFT fraud, insider threat and data exfiltration, trade surveillance are the sort of support you should be looking for.
I work for Securonix, and our solution has content tailor-made for the financial services industry. Specific financial services firms may have different requirements, but our prebuilt content provides broad coverage. Needless to say, I would recommend Securonix, but one aspect to consider with any solution - for financial services, the creation of new threats is much faster than for other industries. Consider a SIEM tool with strong analytics (UEBA) pedigree and good data ingestion and scaling capabilities.
I would take a long hard look at IBM QRadar. The user behavior analytics will give you insight into insider activity. You will want to run CIS internals on your endpoints and get detailed logs using their Wincollect server functionality. Using that alongside of something like Varonis and a decent DLP solution will give you complete insight into what your users are doing, when they did it, and what information was involved. Installing it is easy configuring it is formidable but the results will give you attribution and specificity. In addition the capabilities of QRadar allow the development of specific use cases that will detect anomalous behavior and provide excellent IOAS and IOCs.