See our complete list of Top 10 SIEM Products.
Trustwave is ranked as a Niche Player in the Gartner Magic Quadrant for SIEM. Gartner said integration across Trustwave’s security product portfolio makes Trustwave SIEM Enterprise a good option for existing customers. It also should work well for midmarket organizations and buyers with diverse IT environments. Integration with third-party security solutions and analytics are areas for improvement. Threat intelligence feeds are not provided out of the box, so buyers must add Trustwave SpiderLabs research team feeds as a premium.
Trustwave is an information security company providing threat, vulnerability and compliance management services and technologies. Its roots are in PCI compliance, but has expanded from there to nearly three million business customers.
Trustwave offers log management appliances, advanced threat correlation, and analysis services as part of its range of SIEM solutions. In addition to security management, it offers network, content and data, endpoint, and application security. Its two main SIEM products are SIEM Enterprise and Log Management Enterprise (LME).
The company also offers SIEM as a managed service through Trustwave Managed Threat Detection (MTD), combining an analysis engine and the threat intelligence and security expertise of Trustwave SpiderLabs. Trustwave also offers a managed hybrid service in conjunction with MTD. SIEM acts as a customer-premises extension of the analytics platform, offering local-scope SIEM features supported by the people, processes and technology in the Trustwave cloud platform.
Trustwave SIEM Features Rated
Threats blocked: Very good. Trustwave supports over 560 logging sources, covering all major vendors of security, network and endpoint appliances, tools and applications. All collected logs are processed by Trustwave SIEM and Trustwave’s analytics platform, which include escalations/use cases, behavioral/ baseline analytics, machine learning and human analysis. Trustwave SpiderLabs threat researchers ensure that the rules and analytics in place are up-to-date with the latest threats and security landscape.
Sources ingested: Very good. Trustwave SIEM and the MTD platform currently support 568 sources of log, event, audit and alert data. Trustwave’s threat intelligence feed aggregates information from numerous sources and applies automated confidence algorithms to produce intelligence and reputation data.
Performance: Very good. On-premises SIEM appliances are available in 50, 100, 250, 500 and 750 EPD models. Virtual and public cloud licenses are available in the same increments. Multiple physical or virtual nodes may be deployed to build larger infrastructures supporting 2+ billion EPD. Low cost/small footprint remote collectors are available as well. The MTD cloud platform is capable of supporting tens of billions of events per day distributed across Trustwave’s 10 worldwide ASOCs.
Value: Very Good. User comments are largely positive about value. For its managed SIEM offering, Trustwave offers the following figures: TCO of one year of a self-managed SIEM for a typical mid-sized company at $682,089 (considering hardware and manpower), and one year of Trustwave Managed SIEM at $199,044.
Implementation: Good. Deployments may take as little as 1 day but longer deployment times are likely for large environments, user training, and configuration assistance. Deployment entirely in the MTD service require a simple log collector on the customer site and is remotely provisioned in a few hours.
Management: Very good. Management features include:
- Advanced Correlation and Threat Management Assessment
- Forensics: Boolean logic filtering enables search data for in-depth insights, threats and root causes
- Big Data: Enhancements address bigger data and analytics challenges.
Support: Good. User reports are largely positive about support.
Scalability: Best. Gartner gave its architecture good marks for scaling both horizontally and vertically across on-premises and IaaS environments.
PCI, GLBA, Sarbanes-Oxley, GPG 13, HIPAA, FISMA, NERC/CIP, EAL 3+ Common Criteria.
Available as physical appliance, virtual machine or public cloud image, as well as managed security services.
Agents are provided on an as-needed basis for specific log sources if standard methods are not available. Trustwave prefers to use standard logging channels to acquire data – syslog, DB, SCP/FTP, REST and other APIs.
Managed Threat Detection is priced by discrete per-log source, or in bands or tiers measured by maximum total devices, events/day or GB/day based on how much data is consumed. Extending MTD with SIEM on the customer premises may be achieved via up-front purchase of SIEM devices with a monthly management fee, or an OPEX license + management monthly subscription.