Difference between revisions of "Security Information and Event Management"
From MgmtWiki
(→Gartner Magic Quadrant) |
(→Gartner Magic Quadrant) |
||
| Line 26: | Line 26: | ||
| [https://www.ibm.com/products/qradar-siem IBM QRadar] || Watson || separate division || everywhere || | | [https://www.ibm.com/products/qradar-siem IBM QRadar] || Watson || separate division || everywhere || | ||
|- | |- | ||
| − | | [https://www.securonix.com/ Securonix] || [https://www.securonix.com/security-monitoring-for-the-top-10-aws-threats/ AWS] || [https://www.forbes.com/sites/davidteich/2021/04/01/security-in-the-cloud-is-enhanced-by-artificial-intelligence/?sh=62feb45c3967 forbes article] || TX & India || | + | | [https://www.securonix.com/ Securonix] || [https://www.securonix.com/security-monitoring-for-the-top-10-aws-threats/ AWS] || [https://www.forbes.com/sites/davidteich/2021/04/01/security-in-the-cloud-is-enhanced-by-artificial-intelligence/?sh=62feb45c3967 forbes article] and [https://aithority.com/it-and-devops/cloud/securonix-announces-bring-your-own-snowflake-program-to-power-security-data-lake-for-snowflake-customers-2/ AIthority] || TX & India || |
|- | |- | ||
| [https://www.comodo.com/is-splunk-a-siem.php#:~:text=Splunk%20is%20a%20technology%20that,on%20a%20real%2Dtime%20basis.&text=Splunk%20is%20not%20a%20SIEM,in%20the%20form%20of%20indexers. Splunk] || open source || comodo is one provider || NJ || | | [https://www.comodo.com/is-splunk-a-siem.php#:~:text=Splunk%20is%20a%20technology%20that,on%20a%20real%2Dtime%20basis.&text=Splunk%20is%20not%20a%20SIEM,in%20the%20form%20of%20indexers. Splunk] || open source || comodo is one provider || NJ || | ||
| Line 32: | Line 32: | ||
| [https://www.rapid7.com/solutions/siem/ Rapid7] || || Erick Galinkin = Principal Artificial Intelligence Researcher || SF CA || | | [https://www.rapid7.com/solutions/siem/ Rapid7] || || Erick Galinkin = Principal Artificial Intelligence Researcher || SF CA || | ||
|- | |- | ||
| − | | | + | |[https://logrhythm.com/ Logrhythm] || || || || |
|- | |- | ||
|Gunucul || || || || | |Gunucul || || || || | ||
Revision as of 20:26, 5 November 2021
Full Name
SIEM = Security Information and Event Management
Originally this term was applied to data collection about the security state and events in an enterprise. It has since broadened to cover pro-active security state determination and remediation of cyber threats as well, although often under a wide variety of different names.
Context
- Web sites have long kept logs of incoming HTTP traffic to diagnose web site problems.
- Core functionality of a SIEM includes log management and centralization, security event detection and reporting, and search capabilities.
References
- Wikipedia page on SEIM
- Connect to the Intelligent Security Graph using a new API is a Microsoft variant for the Azure cloud current as of 2018-04-17.
- Collect and consume log data from your Azure resources
Solutions
Gartner Magic Quadrant
The companies that were in the visionary half of the 2021 chart were ranked in the following order.
| Vendor | Cloud | AI | Location | Notes |
| Exabeam | user and entity behavior analytics | SV CA | ||
| IBM QRadar | Watson | separate division | everywhere | |
| Securonix | AWS | forbes article and AIthority | TX & India | |
| Splunk | open source | comodo is one provider | NJ | |
| Rapid7 | Erick Galinkin = Principal Artificial Intelligence Researcher | SF CA | ||
| Logrhythm | ||||
| Gunucul | ||||
| Microsoft | ||||
| Sumo Logic | ||||
| Fortnet |
The leader of the field in longevity is ArcSight by Microfocus (after merger from HP) which is rather poorly rated by Gartner. They were the ones who identifier the problem for the customer as "too much data" back in 2001. Microfocus targets legacy infrastructure.
