Security Operations, Content

Top 10 SIEM Cybersecurity Software Tools and Companies for 2019

Tracking SIEM (security information and event management) technology companies is no small task. Among the tricky parts: Sometimes, researchers and the media don't use the same technology terms to describe the key players in the market. A case in point: A research report from Forrester essentially highlights all the major SIEM players. However, the researchers prefer to zero in on analytics as the key term for the report -- which is titled the Forrester Wave: Security Analytics Platforms, Q3 2018. Still, companies in the report -- 13 of them, rather than the 10 promised in MSSP Alert's headline -- have SIEM expertise. We've also sprinkled in a few of our own choices. Here's a look at each SIEM provider (sorted alphabetically) and their various MSSP, MSP and channel partner activities. We've profiled 20 SIEM solutions overall. 1. AlienVault USM Anywhere: AlienVault claims Unified Security Management (USM) addresses threat detection, incident response, and compliance mandates for customers. The SaaS-based platform can discover and eliminate threats across public clouds, on-premises networks, endpoints, SaaS apps and the dark web, AlienVault asserts. MSSP Alert says: AlienVault has a strong track record with MSSPs and came down-market to smaller MSPs through a ConnectWise integration. Some partners were worried when AT&T acquired AlienVault in mid-2018, and we continue to watch the company closely for potential channel conflicts. But so far the MSSP-friendly partner push continues. The effort includes AT&T's partner program supporting AlienVault's offerings. 2. BlackStratus: This SIEM technology and service-focused vendor has solutions aimed at large enterprises, small or midsize businesses (SMBs), MSSPs and MSPs. The portfolio includes LOGStorm, SIEMStorm and CYBERShark. MSSP Alert says: CYBERShark has a very strong brand among MSPs in the SMB sector, but some partners have been trying to figure out if there are lower cost alternatives. The company has a relationship with Tech Data, and supports these MSP ticketing systems and PSA tools. In terms of product or media announcements, the company has been quiet since June 2018 through the data of this blog entry in November 2018. 3. EventTracker: The Netsurion company specifically helps MSPs to predict, prevent, detect, and respond to cybersecurity threats. The EventTracker SIEM platform has been recognized for 10-plus years by Gartner on the Magic Quadrant. Also, SIEMphonic Essentials is a managed SIEM service built on top of the EventTracker platform specifically designed for MSPs to deliver the results SMBs need in a practical and cost-effective model. MSSP Alert says: EventTracker has made a serious commitment to MSPs and MSSPs. Key partners include Carvir -- a Master MSSP that Continuum acquired in mid-2018. 4. Exabeam Security Management Platform: Exabeam claims to be the "smarter" SIEM company -- and increasingly targets Splunk in its competitive statements. MSSP Alert says: Exabeam raised $50 million in Series D funding in August 2018. Some of that money will help the company to more aggressively engage MSSPs. Recent integrations include Carbon BlackCybereason and Okta, among others. 5. FireEye: The company by 2017 was a new entrant in the SIEM Magic Quadrant. By October 2018, the company launched a new FireEye Helix release -- which blends SIEM capabilities with security orchestration. Delivered via the cloud, FireEye Helix offers customers one central platform to detect threats, automate response, and simplify compliance reporting, the company claims. MSSP Alert says: FireEye has struggled to maintain healthy, pure channel relationships ever since the company acquired Mandiant for IT consulting and forensics expertise. However, the company’s overall security solutions are respected by partners, and partner momentum was accelerating in late 2018, the company asserts. 6. Fortinet FortiSIEM: Fortinet’s multivendor security oncident and events management solution addresses visibility, correlation, automated response and remediation, the company asserts. MSSP Alert says: Fortinet was one of the first major cybersecurity companies to build a partner program specifically for MSSPs. More recently, the company's VAR-oriented partner program gained a bridge toward managed security services. The company described its MSP and public cloud partner momentum in mid-2018. True believers include Infosec Partners, an MSSP in Britain. The most recent Fortinet move involved acquiring ZoneFox for threat analytics capabilities. 7. Gurucul Risk Analytics:  The offering combines three products -- User and Entity Behavior Analytics (UEBA), Identity Analytics and Cloud Security Analytics. MSSP Alert says: The company's partner program is specifically designed for MSSPs, global systems integrators, and consulting services organizations -- though Gurucul hasn't said much about the MSSP effort in recent months. On the technology front, the company introduced Gurucul Labs managed security analytics service in September 2018. And in June 2018, the company hired IBM security veteran Jasen Meece as president -- overseeing sales, business development, channel and partnership programs. 8. Huntsman SecurityHuntsman is the operating name of Tier-3 Pty Ltd, a privately owned Australian cybersecurity software developer. The company has offices in Sydney and London with operations in Tokyo and the Philippines. MSSP Alert says: The company has a multi-tenant SIEM solution for MSSPs -- though we have not heard directly from the company. 9. IBM QRadar Security Intelligence: IBM QRadar has SIEM at its core. It includes out-of-the-box analytics, correlation rules and dashboards to help customers address security use cases without major customizations, the company asserts. MSSP Alert says: IBM itself has been a Top 100 MSSP for 2018 and 2017, but the company has been working more closely with MSSP partners in recent years. 10. LogRhythm NextGen SIEM Platform: Reduce your administrative costs and more effectively identify prioritized threats with embedded security orchestration and task automation to accelerate threat detection across TLM, the framework of a SOC. MSSP Alert says: Private equity firm Thoma Bravo acquired majority control of LogRhythm in Q3 2018. At the time, more than 2,500 enterprise customers leveraged LogRhythm’s SIEM offerings. The company also is active on the partner front. A Technology Alliance Partner Program surfaced in 2017. And major MSSPs like Deloitte Canada leverage LogRhythm’s technology for a managed threat services. Continue to page two of two for SIEM companies 11 through 20, sorted alphabetically Welcome to page two of two. Here are SIEM companies 11 to 20. 11. ManageEngine: The company's Log360 spans three components — EventLog Analyzer, which provides SEM and SIM features like event log management, correlation-based analytics, and management/UI for reports, dashboards and log search functionality; ADAudit Plus, which provides real-time monitoring and auditing for AD; and Cloud Security Plus, which manages log event data from public cloud environments. MSSP Alert says: ManageEngine is perhaps better known as an IT management platform provider to MSPs, but we've been watching for a more concerted MSSP push... 12. McAfee Enterprise Security Manager: McAfee in March 2018 upgraded its Enterprise Security Manager (ESM) security information and event management (SIEM) solution. The ESM upgrade allows security operations teams to search recent events and retain and analyze data for compliance and forensic, the company said at the time. MSSP Alert says: McAfee has had a bumpy transition from Intel majority ownership to more of a private equity ownership model over the past year or two, including channel team changes and layoffs in July 2018. Still, there are multiple signs of progress -- including multiple cloud and endpoint detection products that can align with the SIEM effort, and a growing focus on SOAR. 13. Micro Focus ArcSight (formerly NetIQ/ArcSight from HP Enterprise): ArcSight ESM 7.0 allows SOCs to analyze up to 100,000 correlated events per second, per cluster, the company claims. It also features a global SOC dashboard for worldwide visibility of security events. MSSP Alert says: The Micro Focus buyout of certain HP Enterprise software assets has been a bumpy process, to say the least. As of July 2018, the expected buyout synergies were running about one year behind Micro Focus's original plan. And back in March 208, the company's CEO resigned amid a 50-percent stock drop. Still, the ESM 7.0 release debuted in April 2018 -- proving that R&D continued under Micro Focus's ownership. 14. Rapid7 InsightLDR: InsightIDR is an intruder analytics solution that helps customers to detect and investigate security incidents.  Deployments span 7,200 organizations across 120 countries, Rapid7 asserts. MSSP Alert says: Rapid7 has a partner program -- but the company typically positions resellers and distributors as "sales" partners. Moreover, in some ways Rapid7 itself is an MSSP -- ranking among the Top 20 Managed Detection and Response (MDR) service providers. 15. RSA NetWitness Platform: RSA positions NetWitness as an "evolved" SIEM platform that offers threat detection and response capabilities. MSSP Alert says: The company acquired Fortscale in April 2018 to evolve its SIEM offerings toward  user and entity behavioral analytics (UEBA) capabilities. 16. Securonix SNYPR Security Analytics: The company's Securonix Cloud platform is positioned as a SaaS solution for next-generation SIEM and UEBA capabilities. MSSP Alert says: The company recorded 150 percent bookings growth and 195 percent subscription revenue growth year over year in the first half of 2018. Also, Securonix posted a 98 percent customer retention rate during the time frame. Still, actual dollar figures were not disclosed. The company also partners with more than 25 managed service providers (MSPs) and MSSPs. 17. SolarWinds: SolarWinds Log & Event Manager (LEM) provides SEM and SIM functionality delivered as a virtual appliance for VMware and Hyper-V platforms. SolarWinds LEM is composed of Manager, which provides central management of the overall solution as well as log and event management and storage; Console, which provides the user interface; and Agents. MSSP Alert says: The company’s SolarWinds MSP arm supports roughly 22,000 MSPs worldwide as of October 2018, but many of them offer network- and device-centric managed services. The push is on to more aggressively promote security services. With that goal in mind, the company now promotes a Threat Monitoring Service Program for MSSPs. The program is based on SolarWinds' Trusted Metrics acquisition. 18. Splunk Enterprise and UEBA: One of the best-known providers of SIEM-related tools, Splunk has been in rapid growth mode while attracting more partners. More recently, the company has been blending its SOAR and SIEM capabilities. Key adopters include Herjavec Group, a Top 100 MSSP. Moreover, Champion Solutions Group recently acquired a Splunk-centric partner.  MSSP Alert says: To understand where Spunk is heading next, keep an eye on the company's annual Splunk.conf18 conference. 19. Trustwave: The company's SIEM solution spans two versions — SIEM Enterprise and Log Management Enterprise (LME). Both products complement their broader security solution offerings across network, endpoint, and content and data security. Customers consuming SIEM Enterprise as a service leverage the local collector appliance (LCA), Gartner notes. MSSP Alert says: Trustwave is a Top 100 MSSP in its own right, but the company also has a healthy, growing channel partner program. 20. Venusense: The company's SIEM offering leverages a Unified Security Management (USM) product, which includes modules for Security Analytics (SA), Network Behavior Analysis (NBA), Configuration Verification System (CVS) and Business Security Management (BSM). Venusense SA provides log collection, normalization and storage, and an analytics engine for threat detection and compliance use cases, Gartner notes. MSSP Alert says: Venustech is best known in China, and the company’s partner program focuses mostly on more traditional distributors and resellers. There is some partner presence in Europe but we haven't seen activity in North America.
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.