AlienVault Unified Security Management by Alien Vault
AlienVault Unified Security Management™ (USM) provides full function Security Information and Event Management (SIEM) and log management software capabilities, with the added advantage of integrated host and network IDS, netflow analysis, and vulnerability assessment for complete security monitoring.
Enterprise Security Manager by McAfee
Effective security starts with real-time visibility into all activity on all systems, networks, databases, and applications. McAfee Enterprise Security Manager enables your business with true, real-time situational awareness and the speed and scale required to identify critical threats, respond intelligently, and ensure continuous compliance monitoring. Security teams now have access to real-time, risk relevant information to obtain a stronger security posture while shortening response time.
Advanced risk and threat detection — Enterprise Security Manager connects evolving threat data with a real-time understanding of the risk, asset importance, and security posture throughout the enterprise. This dynamic context, combined with our highly intelligent correlation engine, provides risk scoring and threat prioritization that continually adapts to the enterprise environment. In addition, available integration with McAfee Global Threat Intelligence (GTI) and McAfee ePolicy Orchestrator (McAfee ePO) software help you detect, correlate, and remediate threats in minutes across your entire IT infrastructure.
Policy-aware compliance management — As compliance requirements evolve, so must your SIEM. Enterprise Security Manager makes compliance management easy with hundreds of pre-built dashboards, complete audit trails, and reports for PCI DSS, HIPAA, NERC-CIP, FISMA, GLBA, SOX, and others. Our support for the Unified Control Framework also allows you to report your policies against more than 240 global regulations and control frameworks.
Critical facts in minutes, not hours — Our highly tuned appliance can collect, process, and correlate billions of events from multiple years and keep all information available locally for immediate ad hoc queries, forensics, rules validation, and compliance.
Global Threat Intelligence — An optional live feed of McAfee GTI IP Reputation data provides valuable, real-time information on external threats gathered from hundreds of millions of sensors around the globe, allowing you to pinpoint malicious activity on your network. Enterprise Security Manager can use the GTI IP Reputation data to quickly identify conditions where an internal host has communicated with a known bad actor.
Hawkeye AP by Hexis Cyber Solutions
With the increase in sophisticated attacks and the explosion of big data, large enterprises and government organizations are seeking solutions with advanced data analysis capabilities to address new found needs of collecting, storing, searching, and analyzing Big Data.
HawkEye AP, formerly Sensage’s Log Management solution, delivers an unparalleled solution with the industry’s most unique approach to analytics and intelligence – a flexible event data collection process and a clustered, columnar-based event data warehouse.
HawkEye AP at a Glance:Security Intelligence
Event Data Collection
Event Data Warehouse
NetIQ Sentinel by NetIQ
Pure Power. Serious Simplicity.
Here's a security solution that isn't as complex as the problem.
NetIQ Sentinel™ is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true ""actionable intelligence"" security professionals need to quickly understand their threat posture and prioritize response.
Smart SIEM features - The information you need at your fingertips Government and internal audit policies mandate the need to collect, retain, and report against log data—but with so much information in so many different systems and formats, finding the information you need requires powerful ease of use.
Detects new threats quickly and easily - Sentinel 7 ships with packaged intelligence to detect many threats out-of-the-box without time consuming rule-writing and configuration. Built-in anomaly detection automatically establishes baselines of normal activity and detects changes that can represent emerging threats. New or custom rules can be created easily by business users through an intuitive graphical user interface.
Greater visibility into user activities - Understanding the ""who, what, when, and where"" of user system access is essential for controlling insider-based risks to information assets. Enriching security data with unique user identity information provides an enhanced level of user activity monitoring for greater visibility of internal threats to the environment.
Only need log management? - Sentinel Log Manager enables the collection, storage, analysis and management of IT infrastructure event and security logs, providing flexible and cost-efficient log management for mitigating risk and addressing compliance reporting needs.
Tenable Log Correlation Engine™ by Tenable Network Security
A Different Approach to SIEM
Tenable's security information and event management (SIEM) solution leverages the log management capabilities of the Log Correlation Engine (LCE) to collect all logs, software activity, user events, and network traffic. It analyzes all data for correlated events and impact on security and compliance posture. Event context and threat-list intelligence about any system is provided by Tenable Nessus vulnerability and configuration scans and real-time monitoring with the Tenable Passive Vulnerability Scanner (PVS).
RSA Security Analytics by EMC-RSA
Big Data Security
Capture massive amounts of diverse and rapidly changing security-relevant data – including network packets, logs, and asset information – and pivot on terabytes of data in real time, executing forensic investigations that once took days in just minutes.
Gain the insight to perform both short- and long-term free-form contextual analysis, eliminating blind spots and enabling security analysts to view and understand data better and faster than ever before.
Fuse threat intelligence from the global security community and RSA FirstWatch with your organization’s data to know what to look for and leverage what others have already uncovered.
Automate the generation of compliance reports and support long-term forensic analysis, proving compliance as an outcome of good security practices.
SolarWinds Log & Event Manager by Solarwinds
Log & Event Manager
“Just Right” SIEM for the Resource Sensitive Security Pro!
TIBCO LogLogic by Tibco
With the ability to process over 1,000,000 events per second from more than 10,000 devices, TIBCO LogLogic® prepares you to manage – and take advantage of – the explosive growth in machine data.
TIBCO® LogLogic is the only log management solution that offers you: -
Key enterprise-class features give you:
Trustwave SIEM by Trustwave
Trustwave SIEM Portfolio
SIEM technologies are helping businesses improve compliance management, and helping safeguard them from data breaches and fraud. Proactively "seeing" and preparing for evolving and advanced and persistent threats, and minimizing the impact of those threats by enabling you to collect, analyze, and assess security and non-security events for rapid identification, prioritization, and response are core benefits of our SIEM solutions.
Reduce Cost and Enhance Security
When you choose a Trustwave Security Information and Event Management (SIEM) solution to monitor and protect your data, you get superior quality and mature security and compliance coverage.
A Unified Security Approach
Trustwave SIEM solutions help businesses of all sizes protect their environment as part of both organizational compliance and defense-in-depth security strategies. We offer a variety of SIEM deployment options including software, managed security services and appliances that:
EventLog Analyzer by ManageEngine
EventLog Analyzer is an IT Compliance & Event Log Management Software for SIEM
Your organizations IT infrastructure generate huge amount of logs every day and these machine generated logs have vital information that can provide powerful insights and network security intelligence into user behaviors, network anomalies, system downtime, policy violations, internal threats, regulatory compliance, etc. However, the task of analyzing these event logs and syslogs without automated log analyzer tools can be both time-consuming and painful if done manually.
EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market. Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate internal threats, monitor file integrity, conduct log forensics analysis, monitor privileged users and comply to different compliance regulatory bodies by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, regulatory compliance reports, historical trend reports, and more.
EventTracker Enterprise by EventTracker
Improve Security, Maintain Compliance and Increase Operational Efficiency
The common element in the continually changing security environment is the loss of control. Ownership no longer means security or trust. Information can be stolen, manipulated and altered. Threats are no longer just external, but can be internal assets – employees who unwittingly, or deliberately – place the enterprise’s security in jeopardy.
Regulated industries are under greater scrutiny and pressure to protect confidential information and sensitive data. Meeting compliance requirements can be a costly endeavor as time and resources are constrained.
With EventTracker Enterprise, organizations have complete visibility into their IT infrastructure. Know what’s happening now, what happened previously, what changed, and be compliant. EventTracker offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need – whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices.
The new language of effective security requires us to treat all endpoints in the system (users, devices, packets, URLs) as potential vulnerabilities or hostiles.
Traditional security controls like firewalls and antivirus are no longer effective: it is increasingly difficult to recognize when your enterprise has been breached or infected, and context is a necessary part of real-time security decisions. Organizations have different options to meet these turbulent and rapid changes, but adapting in the new security landscape requires a powerful and dynamic Security Information Event Management (SIEM) and event log management solution that can deliver vital and actionable data.
EventTracker Enterprise enables your organization to be aware of potential security risks and internal or external threats can be identified and eliminated before they are exploited. It guarantees your organization has the ability to respond to a security incident and have the necessary data and tools for forensic analysis. The total time required to investigate and mitigate a security incident can be reduced by up to 75 percent, minimizing the potential exposure and costs.
EventTracker Enterprise empowers organizations to maintain regulatory compliance and simplifies the audit process, reducing audit times by up to 90%. Detailed reporting minimizes the time and effort to determine potential gaps in compliance requirements, and address them efficiently.
EventTracker Enterprise processes hundreds of millions of discrete log messages to distill critical information to the organization and provides a 360o view of the entire IT infrastructure, offering real-time alerting and reporting. EventTracker allows organizations to maintain continuous compliance.
EventTracker Enterprise has built-in monitoring and reporting for FDCC, FFIEC, FISMA, GLBA, HIPAA, NERC, NISPOM, PCI-DSS and Sarbanes-Oxley (SOX 404).
EventTracker Enterprise greatly improves the efficiency and productivity of the IT staff by prioritizing operational incidents, and with real-time alerting, enables them to address the most critical incidents first.
Splunk App for Enterprise Security by Splunk
Splunk App for Enterprise Security
The Big Data Approach to Security Intelligence
Today's attackers have realized that many security teams simply can't see threats buried within operations data, due to organizational data silos, data collection issues, scalability challenges or a lack of analytics capabilities. They also have the resources to create attack scenarios that bypass security point products and traditional security information and event management (SIEM) systems. How can security professionals identify threats when they're hiding with terabytes of data generated through normal user activities?
Monitoring for known and unknown threats has become part of the revised security charter. Detecting advanced threats requires a flexible approach that can only be enabled by a scalable security intelligence platform. Splunk is able to make all data security relevant, empowering the business and security teams to work together to create business driven security and risk priorities. Only Splunk can turn tens of terabytes of data per day into information fueling comprehensive analysis of business risks.
LogRhythm Security Intelligence Platform by LogRhythm
SIEM with LogRhythm
Your infrastructure is increasingly under attack. The next generation SIEM capabilities delivered by LogRhythm's Security Intelligence Platform empower organizations to defend themselves from today’s rapidly evolving advanced cyber threats.
A New Standard in Security Information and Event Management
LogRhythm stands apart from first generation SIEM solutions by fully integrating log management and SIEM capabilities with File Integrity Monitoring and Machine Analytics combined with deep Host and Network Forensics. LogRhythm’s next generation SIEM analyzes all available log and machine data and combines it with deep forensic data capture at both the host and network level for true enterprise visibility. This insight is leveraged by AI Engine, LogRhythm’s patented Machine Analytics technology, to deliver automated, continuous analysis of all activity observed within the environment. The integrated architecture ensures that when threats and breaches are detected customers can quickly access a global view of activity enabling exceptionable security intelligence and rapid response.
LogRhythm's Next Gen SIEM platform delivers:
SecureVue by EiQ Networks
SecureVue Log Management & SIEM provides industry leading event and log collection, storage, correlation, reporting, and search functions. The solution supports a broad range of event sources including network infrastructure, security solutions, operating systems, and applications.
SecureVue improves on traditional log management through the collection and leverage of important contextual information from additional networked systems including vulnerability scanners, identity and access management systems, and network flow data. The SecureVue solution is also easily extended to support proprietary customer applications and legacy systems.
ArcSight ESM by HP
HP ArcSight Enterprise Security Manager (ESM) provides a Big Data analytics approach to enterprise security, transforming Big Data into actionable intelligence that can reduce the cost of a breach and help minimize risk to business.
In order for businesses to protect their critical data and intellectual assets, security teams need solutions that can provide timely, relevant intelligence to help them quickly detect and respond to breaches. Data volumes have exploded, making it difficult to identify the high-risk anomalies or trends that exist in your event logs. Cyber criminals have become more sophisticated, camouflaging their attacks inside mountains of your data.
Without the right tools, organizations cannot respond quickly, losing valuable time through inefficient analysis of forensic data after a breach. Most often, companies find out about breaches when they are notified by a third party, unaware their security systems had been compromised.
Advanced software to detect and defend against network security threats
IBM® QRadar® Security Intelligence Platform products provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management. These products offer advanced threat detection, greater ease of use and lower total cost of ownership.
IBM QRadar Security Intelligence Platform products deliver: