Top 10 SIEM Cybersecurity Software Tools and Companies for 2019
Welcome to page two of two. Here are SIEM companies 11 to 20.
11. ManageEngine: The company’s Log360 spans three components — EventLog Analyzer, which provides SEM and SIM features like event log management, correlation-based analytics, and management/UI for reports, dashboards and log search functionality; ADAudit Plus, which provides real-time monitoring and auditing for AD; and Cloud Security Plus, which manages log event data from public cloud environments. MSSP Alert says: ManageEngine is perhaps better known as an IT management platform provider to MSPs, but we’ve been watching for a more concerted MSSP push…
12. McAfee Enterprise Security Manager: McAfee in March 2018 upgraded its Enterprise Security Manager (ESM) security information and event management (SIEM) solution. The ESM upgrade allows security operations teams to search recent events and retain and analyze data for compliance and forensic, the company said at the time. MSSP Alert says: McAfee has had a bumpy transition from Intel majority ownership to more of a private equity ownership model over the past year or two, including channel team changes and layoffs in July 2018. Still, there are multiple signs of progress — including multiple cloud and endpoint detection products that can align with the SIEM effort, and a growing focus on SOAR.
13. Micro Focus ArcSight (formerly NetIQ/ArcSight from HP Enterprise): ArcSight ESM 7.0 allows SOCs to analyze up to 100,000 correlated events per second, per cluster, the company claims. It also features a global SOC dashboard for worldwide visibility of security events. MSSP Alert says: The Micro Focus buyout of certain HP Enterprise software assets has been a bumpy process, to say the least. As of July 2018, the expected buyout synergies were running about one year behind Micro Focus’s original plan. And back in March 208, the company’s CEO resigned amid a 50-percent stock drop. Still, the ESM 7.0 release debuted in April 2018 — proving that R&D continued under Micro Focus’s ownership.
14. Rapid7 InsightLDR: InsightIDR is an intruder analytics solution that helps customers to detect and investigate security incidents. Deployments span 7,200 organizations across 120 countries, Rapid7 asserts. MSSP Alert says: Rapid7 has a partner program — but the company typically positions resellers and distributors as “sales” partners. Moreover, in some ways Rapid7 itself is an MSSP — ranking among the Top 20 Managed Detection and Response (MDR) service providers.
15. RSA NetWitness Platform: RSA positions NetWitness as an “evolved” SIEM platform that offers threat detection and response capabilities. MSSP Alert says: The company acquired Fortscale in April 2018 to evolve its SIEM offerings toward user and entity behavioral analytics (UEBA) capabilities.
16. Securonix SNYPR Security Analytics: The company’s Securonix Cloud platform is positioned as a SaaS solution for next-generation SIEM and UEBA capabilities. MSSP Alert says: The company recorded 150 percent bookings growth and 195 percent subscription revenue growth year over year in the first half of 2018. Also, Securonix posted a 98 percent customer retention rate during the time frame. Still, actual dollar figures were not disclosed. The company also partners with more than 25 managed service providers (MSPs) and MSSPs.
17. SolarWinds: SolarWinds Log & Event Manager (LEM) provides SEM and SIM functionality delivered as a virtual appliance for VMware and Hyper-V platforms. SolarWinds LEM is composed of Manager, which provides central management of the overall solution as well as log and event management and storage; Console, which provides the user interface; and Agents. MSSP Alert says: The company’s SolarWinds MSP arm supports roughly 22,000 MSPs worldwide as of October 2018, but many of them offer network- and device-centric managed services. The push is on to more aggressively promote security services. With that goal in mind, the company now promotes a Threat Monitoring Service Program for MSSPs. The program is based on SolarWinds’ Trusted Metrics acquisition.
18. Splunk Enterprise and UEBA: One of the best-known providers of SIEM-related tools, Splunk has been in rapid growth mode while attracting more partners. More recently, the company has been blending its SOAR and SIEM capabilities. Key adopters include Herjavec Group, a Top 100 MSSP. Moreover, Champion Solutions Group recently acquired a Splunk-centric partner. MSSP Alert says: To understand where Spunk is heading next, keep an eye on the company’s annual Splunk.conf18 conference.
19. Trustwave: The company’s SIEM solution spans two versions — SIEM Enterprise and Log Management Enterprise (LME). Both products complement their broader security solution offerings across network, endpoint, and content and data security. Customers consuming SIEM Enterprise as a service leverage the local collector appliance (LCA), Gartner notes. MSSP Alert says: Trustwave is a Top 100 MSSP in its own right, but the company also has a healthy, growing channel partner program.
20. Venusense: The company’s SIEM offering leverages a Unified Security Management (USM) product, which includes modules for Security Analytics (SA), Network Behavior Analysis (NBA), Configuration Verification System (CVS) and Business Security Management (BSM). Venusense SA provides log collection, normalization and storage, and an analytics engine for threat detection and compliance use cases, Gartner notes. MSSP Alert says: Venustech is best known in China, and the company’s partner program focuses mostly on more traditional distributors and resellers. There is some partner presence in Europe but we haven’t seen activity in North America.