Original Post from SC Magazine
Author: Doug Olenick
SC reviewed several Security Information and Event Management (SIEM) solutions.
Although we have tested these products before, we are impressed with the
development and innovation that occurs year after year. SIEM capabilities have
expanded well beyond security and event management. They drive threat detection
and response with auto-remediation and guided responses based on machine
learning and forensic analysis. The user and entity behavioral analytics (UEBA)
capabilities layered in is rapidly moving SIEMs toward next-generation
expanding digital surface and maturing threats in the digital landscape are
winning out against organizations because of the security skills shortage and
subsequent security professional burnout rates. As organizations seek efficient
and cost-effective security investments is near desperation, SIEM solutions are
a promising piece, the glue holding other security technologies together by
alerting on detected threats and adding the visibility security teams need to
reconfigure existing technologies and bolster security posture. Therefore, SIEMs
should be considered a staple in any organization.
Although some of these solutions are more time consuming than others, they all perform up to standard and would serve any organization well. The differences arise in usability features and some SIEMs may suit certain organizations better than other options. However, we found all the technologies we evaluated this month to be impressive and worthy of consideration.
Product Group Opener
This month, SC labs took another, more concentrated look at Security Information and Event Management (SIEM) solutions. As digital technology advances so too do the cyber threats that target them. The edges of the digital surface are expanding and have long since surpassed the point of feasible, manual management. This expansion and the increasing complexity and volume of alerts have led to skill shortages and security analyst burnout. Organizations are desperate to balance efficient security solutions and cost-effective security investments. SIEM solutions target cybersecurity challenges and are geared toward simplifying security management and generating alerts on threats in an environment that security teams are unable to see or keep pace with.
testing we focused on evaluating setup processes, how long implementation took
and how helpful the documentation was. We looked at the various log ingestion
capabilities and how intuitive a solution was in driving data from various
sources into the SIEM. We examined how much pre-built content comes with each
SIEM, the flexibility of those templates and whether it sufficiently supports
compliance efforts. SIEM technologies can be laborious to implement and
challenging to manage, so we also tested the overall ease-of-use in depth for
sophistication of threats targeting infrastructures daily, the complexity of managing
and monitoring environments and stricter compliance enforcement has resulted in
a desperate need for solutions that work with and for security teams to
alleviate their burdensome workload and make security management a more
feasible task. The SIEM solutions we looked at this month are a promising step
in that direction and leverage machine-learning to automate the detection and
response processes and free up security teams to address more complex threats.
other areas of cybersecurity, we saw a leap to integrate more machine learning
into SIEMs and a steep hike in threat detection and response capabilities. Most
of these solutions go beyond security management and are very deeply rooted in
the process of responding to threats, even automatically. Security teams are
empowered with the various pre-built content that comes with the SIEMs and is
used for automated responses and guided remediations. We have reviewed these
products in the past and continue to be impressed with the rapid innovations that
keep driving their value and the enhancements they provide.
data points across an environment essentially gives security teams an
omniscient view of a network edges and everything in between. It is not
possible to detect and respond to unseen threats and SIEMs are very effective
at providing the visibility necessary to security teams. A big feature of SIEMs
is the sheer number of integrations that are supported, including those for
vulnerability scanners. This helps security teams evaluate the configurations
of other security technologies in an environment to ensure those other
solutions are working efficiently. This return on investment in addition to all
the automation and detection capabilities really drives home the value of
SIEMs. The comprehensive picture SIEMs provide analysts is so valuable for
threat management, detection and response that we strongly recommend they be
considered a staple in all organizations. Do you have a clear picture of your
Pick of the Litter
The graphics in Micro Focus ArcSight were the best we saw by far and drive the intuitive and easy-to-use feel of the entire platform. The unparalleled dashboard graphics, intuitive navigation and compliance support make this highly flexible SIEM make this an SC Labs Best Buy.
Exabeam Security Management Platform adeptly analyzes behavior to accurately identify the riskiest entities, including the ability to link incidents accurately when they are tied to different end-users. There are so many different use cases for this platform, including layering it onto an existing SIEM for added security and value, making it our SC Labs Recommended product for this month’s round of reviews.
Go to Source
Author: Doug Olenick