Top 10 SIEM Cybersecurity Software Tools and Companies for 2019
Tracking SIEM (security information and event management) technology companies is no small task. Among the tricky parts: Sometimes, researchers and the media don’t use the same technology terms to describe the key players in the market.
A case in point: A research report from Forrester essentially highlights all the major SIEM players. However, the researchers prefer to zero in on analytics as the key term for the report — which is titled the Forrester Wave: Security Analytics Platforms, Q3 2018.
Still, companies in the report — 13 of them, rather than the 10 promised in MSSP Alert’s headline — have SIEM expertise. We’ve also sprinkled in a few of our own choices. Here’s a look at each SIEM provider (sorted alphabetically) and their various MSSP, MSP and channel partner activities. We’ve profiled 20 SIEM solutions overall.
1. AlienVault USM Anywhere: AlienVault claims Unified Security Management (USM) addresses threat detection, incident response, and compliance mandates for customers. The SaaS-based platform can discover and eliminate threats across public clouds, on-premises networks, endpoints, SaaS apps and the dark web, AlienVault asserts. MSSP Alert says: AlienVault has a strong track record with MSSPs and came down-market to smaller MSPs through a ConnectWise integration. Some partners were worried when AT&T acquired AlienVault in mid-2018, and we continue to watch the company closely for potential channel conflicts. But so far the MSSP-friendly partner push continues. The effort includes AT&T’s partner program supporting AlienVault’s offerings.
2. BlackStratus: This SIEM technology and service-focused vendor has solutions aimed at large enterprises, small or midsize businesses (SMBs), MSSPs and MSPs. The portfolio includes LOGStorm, SIEMStorm and CYBERShark. MSSP Alert says: CYBERShark has a very strong brand among MSPs in the SMB sector, but some partners have been trying to figure out if there are lower cost alternatives. The company has a relationship with Tech Data, and supports these MSP ticketing systems and PSA tools. In terms of product or media announcements, the company has been quiet since June 2018 through the data of this blog entry in November 2018.
3. EventTracker: The Netsurion company specifically helps MSPs to predict, prevent, detect, and respond to cybersecurity threats. The EventTracker SIEM platform has been recognized for 10-plus years by Gartner on the Magic Quadrant. Also, SIEMphonic Essentials is a managed SIEM service built on top of the EventTracker platform specifically designed for MSPs to deliver the results SMBs need in a practical and cost-effective model. MSSP Alert says: EventTracker has made a serious commitment to MSPs and MSSPs. Key partners include Carvir — a Master MSSP that Continuum acquired in mid-2018.
4. Exabeam Security Management Platform: Exabeam claims to be the “smarter” SIEM company — and increasingly targets Splunk in its competitive statements. MSSP Alert says: Exabeam raised $50 million in Series D funding in August 2018. Some of that money will help the company to more aggressively engage MSSPs. Recent integrations include Carbon Black, Cybereason and Okta, among others.
5. FireEye: The company by 2017 was a new entrant in the SIEM Magic Quadrant. By October 2018, the company launched a new FireEye Helix release — which blends SIEM capabilities with security orchestration. Delivered via the cloud, FireEye Helix offers customers one central platform to detect threats, automate response, and simplify compliance reporting, the company claims. MSSP Alert says: FireEye has struggled to maintain healthy, pure channel relationships ever since the company acquired Mandiant for IT consulting and forensics expertise. However, the company’s overall security solutions are respected by partners, and partner momentum was accelerating in late 2018, the company asserts.
6. Fortinet FortiSIEM: Fortinet’s multivendor security oncident and events management solution addresses visibility, correlation, automated response and remediation, the company asserts. MSSP Alert says: Fortinet was one of the first major cybersecurity companies to build a partner program specifically for MSSPs. More recently, the company’s VAR-oriented partner program gained a bridge toward managed security services. The company described its MSP and public cloud partner momentum in mid-2018. True believers include Infosec Partners, an MSSP in Britain. The most recent Fortinet move involved acquiring ZoneFox for threat analytics capabilities.
7. Gurucul Risk Analytics: The offering combines three products — User and Entity Behavior Analytics (UEBA), Identity Analytics and Cloud Security Analytics. MSSP Alert says: The company’s partner program is specifically designed for MSSPs, global systems integrators, and consulting services organizations — though Gurucul hasn’t said much about the MSSP effort in recent months. On the technology front, the company introduced Gurucul Labs managed security analytics service in September 2018. And in June 2018, the company hired IBM security veteran Jasen Meece as president — overseeing sales, business development, channel and partnership programs.
8. Huntsman Security: Huntsman is the operating name of Tier-3 Pty Ltd, a privately owned Australian cybersecurity software developer. The company has offices in Sydney and London with operations in Tokyo and the Philippines. MSSP Alert says: The company has a multi-tenant SIEM solution for MSSPs — though we have not heard directly from the company.
9. IBM QRadar Security Intelligence: IBM QRadar has SIEM at its core. It includes out-of-the-box analytics, correlation rules and dashboards to help customers address security use cases without major customizations, the company asserts. MSSP Alert says: IBM itself has been a Top 100 MSSP for 2018 and 2017, but the company has been working more closely with MSSP partners in recent years.
10. LogRhythm NextGen SIEM Platform: Reduce your administrative costs and more effectively identify prioritized threats with embedded security orchestration and task automation to accelerate threat detection across TLM, the framework of a SOC. MSSP Alert says: Private equity firm Thoma Bravo acquired majority control of LogRhythm in Q3 2018. At the time, more than 2,500 enterprise customers leveraged LogRhythm’s SIEM offerings. The company also is active on the partner front. A Technology Alliance Partner Program surfaced in 2017. And major MSSPs like Deloitte Canada leverage LogRhythm’s technology for a managed threat services.
Continue to page two of two for SIEM companies 11 through 20, sorted alphabetically