The selection of a SIEM solution depends on a lot of parameters like the size of the organization (SMB/Enterprise), the purpose of deployment, integrations required, monitoring components, etc. to name a few.
While the leading SIEM tools like QRadar, LogRythm, Splunk, etc. have their own USPs, they come with a price that many organizations in the SMB segment will find hard to buy.
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
2022-01-25T15:01:08Z
Jan 25, 2022
Well I have been looking at Webinars and whitepapers and such for Palo Alto Prisma. It looks like a very complete cutting edge solution. Now I am not associated with Palo Alto at all, but I have heard Nir Zuk, the CEO of Palo Alto speak about his vision for security and it is impressive. Prisma provides SDWAN cloud based security services (SASE) to remote locations on a zero trust basis, and the range of services is impressive. I think Prisma has not only SIEM capability but also prevention and remediation (SOAR).
Disclaimer: I am not a security SME, nor do I play one on TV. But I have been using Palo Alto firewalls for close to 8 years, and this is my impression of Prisma.
I always find that questions are never as simple as asked. The question of a SIEM has many components to it. The purpose of the security incident and event logging and monitoring is to successfully capture relevant security events from devices and monitor activity to identify events requiring further investigation.
Many to most organizations never have sufficient resources to digest and utilize the breadth and depth of data and security information generated from a SIEM, which leads to the selection of an appropriate Managed Security Services Provider.
I have both been responsible for Security within companies as well as working for MSSPs. I am currently engaged with Stratejm, based in Canada, operating and providing Cloud-based Security-as-a-Service (SECaaS). The SECaaS provides a comprehensive, holistic and scalable SIEM solution for managing security, performance and compliance delivered through a single pane-of-glass view of the organization.
Such a solution is both effective and cost-efficient. We’ve helped many organizations leverage the benefits of a cloud-based SIEM solution to reduce enterprise risk and enhance their overall security posture.
Technology alone cannot solve problems but integrating with a competent and capable MSSP service delivery extends the team and collaboratively adds security value to the enterprise.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM). Updated: November 2024.
The selection of a SIEM solution depends on a lot of parameters like the size of the organization (SMB/Enterprise), the purpose of deployment, integrations required, monitoring components, etc. to name a few.
While the leading SIEM tools like QRadar, LogRythm, Splunk, etc. have their own USPs, they come with a price that many organizations in the SMB segment will find hard to buy.
Elastic (https://www.elastic.co/) and LogSign (https://www.logsign.com/) can be good options if you are looking for a powerful and cost-effective SIEM tool.
ELK.
Why? Price, easiness, vendor-neutral and customization.
Well I have been looking at Webinars and whitepapers and such for Palo Alto Prisma. It looks like a very complete cutting edge solution. Now I am not associated with Palo Alto at all, but I have heard Nir Zuk, the CEO of Palo Alto speak about his vision for security and it is impressive. Prisma provides SDWAN cloud based security services (SASE) to remote locations on a zero trust basis, and the range of services is impressive. I think Prisma has not only SIEM capability but also prevention and remediation (SOAR).
Disclaimer: I am not a security SME, nor do I play one on TV. But I have been using Palo Alto firewalls for close to 8 years, and this is my impression of Prisma.
@Avraham Sonenthal Thanks for your views
I always find that questions are never as simple as asked. The question of a SIEM has many components to it. The purpose of the security incident and event logging and monitoring is to successfully capture relevant security events from devices and monitor activity to identify events requiring further investigation.
Many to most organizations never have sufficient resources to digest and utilize the breadth and depth of data and security information generated from a SIEM, which leads to the selection of an appropriate Managed Security Services Provider.
I have both been responsible for Security within companies as well as working for MSSPs. I am currently engaged with Stratejm, based in Canada, operating and providing Cloud-based Security-as-a-Service (SECaaS). The SECaaS provides a comprehensive, holistic and scalable SIEM solution for managing security, performance and compliance delivered through a single pane-of-glass view of the organization.
Such a solution is both effective and cost-efficient. We’ve helped many organizations leverage the benefits of a cloud-based SIEM solution to reduce enterprise risk and enhance their overall security posture.
Technology alone cannot solve problems but integrating with a competent and capable MSSP service delivery extends the team and collaboratively adds security value to the enterprise.
@Bob Steadman , Agree to your view . Will you be able to share some insights the tool you feel were fitting your requirements and the reason.