Top SIEM Products

SHARE

Download our free SIEM Vendor Report based on nearly 300 real user experiences.


Security Information and Event Management (SIEM) is a key enterprise security technology, with the ability to tie systems together for a comprehensive view of IT security.

While each vendor has its own take on SIEM, Gartner lists the primary features for enterprise SIEM as: Ingestion of data from multiple sources; interpretation of data; incorporation of threat intelligence feeds; alert correlation; analytics; profiling; automation; and summation of potential threats.

SIEM products are differentiated by cost, features, and ease of use. Generally, the more you pay, the greater the sophistication and management complexity, so buyers must weigh their needs, budget and expertise as they decide on a SIEM system.

Despite its relative maturity, the SIEM market is still growing at double-digit rates. A major trend is the growing use of behavioral analytics and automation to filter out less urgent alerts so security teams can focus on the biggest threats. Analysts see the cloud as a growing means of delivery for SIEM services, both for SMBs and for hybrid organizations seeking easier ways to keep track of their complex environments.

Below is a brief summary of the top SIEM vendors, followed by a chart rating key features such as security, performance, value and support. Each summary links to an in-depth look at each SIEM product, including features, intelligence, analysis, pricing and more. Read more about our top security vendor methodology.

Here then are our picks for top SIEM products.

Jump ahead:

SolarWinds Log & Event Manager

SolarWinds may lack the full security suite of competitors, but it scores well in ease of deployment, cost, performance, and support. Its virtual appliance format makes it a good choice for SMEs and larger organizations with limited IT resources.

IN-DEPTH LOOK READ USER REVIEWS

ManageEngine EventLog Analyzer

ManageEngine is best suited for midsize organizations with Windows-centric and AWS/Azure environments looking for basic threat detection and IT operations monitoring.

READ USER REVIEWS

IBM Security QRadar

QRadar is rated highly by most analyst firms. Implementation complexity may limit its appeal to midsize and large enterprises that require core SIEM capabilities and those looking for a unified platform that covers a wide range of security monitoring and operational technologies.

IN-DEPTH LOOK READ USER REVIEWS

Sumo Logic SIEM

Sumo Logic is a new entrant to the SIEM market, offering a solution the company says is purpose-built for cloud, hybrid and DevSecOps environments, and machine learning surfaces recommendations for security teams to address.

Splunk Enterprise Security (ES)

Splunk's SIEM system is highly rated and popular, but licensing costs may push it beyond the reach of some SMEs. It is best fit for larger, well staffed IT organizations that are willing to pay the price for high security effectiveness.

IN-DEPTH LOOK READ USER REVIEWS

LogRhythm SIEM

LogRhythm is another SIEM vendor with high ratings and popularity. It is easier to deploy than some of the other top-of-the-line SIEM products, but may not scale to support very high event volume environments. It is best for small and mid-sized organizations that already possess some kind of threat intelligence and analytics functionality.

IN-DEPTH LOOK READ USER REVIEWS

AT&T Cybersecurity

AT&T Cybersecurity - formerly AlienVault - offers a low-cost entry with surprisingly robust features for small and mid-sized companies. It may not offer all the advanced capabilities that enterprises seek, but for small and mid-sized organizations looking for their first SIEM product, AT&T Cybersecurity is hard to beat.

IN-DEPTH LOOK READ USER REVIEWS

Micro Focus ArcSight

ArcSight is in a transitional period as Micro Focus integrates the SIEM solution with its products after acquiring HPE's security software products. ArcSight is strongest in organizations with large, complex SOC environments and for basic log collection use cases.

IN-DEPTH LOOK READ USER REVIEWS

Micro Focus Sentinel Enterprise

Large enterprises may not be the best fit for Micro Focus Sentinel Enterprise, which lags behind some competitors in enterprise functionality and completeness of vision. But it should definitely be considered by small and mid-sized organizations that do not have a high-maturity SOC and do not have requirements for full incident case management, as well as by MSSPs.

IN-DEPTH LOOK READ USER REVIEWS

McAfee Enterprise Security Manager (ESM)

McAfee might be behind IBM, Splunk and LogRhythm in overall SIEM completeness, but its turnkey appliances and ease of deployment, as well as integration with other McAfee tools, make it a strong contender on many SIEM shortlists.

IN-DEPTH LOOK READ USER REVIEWS

Trustwave SIEM Enterprise and Log Management Enterprise

Trustwave SIEM is aimed at mid-market and enterprise users. It is particularly attractive to current users of other Trustwave tools as well as buyers with diverse IT environments. One downside is a lack of threat intelligence feeds out of the box, forcing users to buy or incorporate additional threat intelligence tools.

IN-DEPTH LOOK

RSA NetWitness Suite

RSA NetWitness is popular in larger enterprises with well-trained, veteran IT security teams, particularly in financial, government, energy and telecom organizations. It may lack some of the features of SIEM leaders such as Splunk, LogRhythm and IBM, but has a definite edge in existing RSA, Dell and EMC shops.

IN-DEPTH LOOK READ USER REVIEWS

SIEM Product Comparisons

See these pages that compare two SIEM products against each other:

Honorable Mentions

In addition to our top SIEM picks, there are a number of other promising SIEM solutions out there. Here are some others to consider.

Logsign

Logsign's SIEM solution combines log management, security intelligence and compliance and integrates with everything from network devices to sensors to give a comprehensive view of security across the enterprise. The company also offers a security orchestration, automation and response (SOAR) platform for automating repetitive tasks and aiding in incident response.

Exabeam

Exabeam SMP's advanced analytics, threat hunting and incident response make it a good choice for enterprises with behavioral use cases and those seeking integrated orchestration and response capabilities.

READ USER REVIEWS

Securonix

Securonix offers SaaS and on-premises versions, advanced analytics and incident response, along with modules aimed at fraud, patient data and trade surveillance, making it an attractive option for large enterprises with sensitive data and a need for advanced features.

READ USER REVIEWS

Rapid7

Rapid7 works best for small and midsize organizations looking for SIEM as a service with the option to outsource monitoring and response to the vendor.

READ USER REVIEWS

Fortinet

Organizations and managed service providers already using Fortinet network technologies should consider FortiSIEM, as the solution is part of Fortinet's Security Fabric framework.

READ USER REVIEWS

Netsurion

SMBs with compliance needs looking for basic threat detection with the option of vendor co-management should consider EventTracker.

READ USER REVIEWS

LogPoint

Ideal for midsize organizations with monitoring requirements in Europe and those seeking to include SAP in their security and compliance monitoring.

READ USER REVIEWS

Venustech

Venustech is best suited for organizations in the Asia/Pacific region seeking a SIEM solution with analytics and network monitoring capabilities.

BlackStratus

BlackStratus is best for midsize organizations seeking a cloud-based SIEM solution with optional managed services, and MSSPs seeking a multitenant SIEM to deliver monitoring services.

SIEM Features Compared

SIEM vendor comparison