Best Security Information and Event Management (SIEM) Software

Security information and event management (SIEM) software combines a variety of security software components into one platform. Companies use SIEM products to centralize security operations into a single location. IT and security operations teams can gain access to the same information and alerts for more effective communication and planning. These products provide capabilities to identify and alert IT operations teams of anomalies detected in their systems. The anomalies may be new malware, unapproved access, or newly discovered vulnerabilities. They provide live analysis of functionality and security, storing logs and records for retrospective reporting. They also have tools for identity and access management to ensure only approved parties have access to sensitive systems. Forensic analysis tools help teams navigate historical logs, identify trends, and better fortify their networks.

SIEM tools may be confused with incident response software, but SIEM products provide a larger scope of security and IT management features. Most also do not have the ability to automate security remediation practices.

To qualify for inclusion in the SIEM category, a product must:

  • Aggregate and store IT security data
  • Assist in user provisioning and governance
  • Identify vulnerabilities in systems and endpoints
  • Monitor for anomalies within an IT system

Security Information and Event Management (SIEM) Software Grid® Overview

The best Security Information and Event Management (SIEM) Software products are determined by customer satisfaction (based on user reviews) and market presence (based on products’ scale, focus, and influence) and placed into four categories on the Grid®:
  • Products in the Leader quadrant are rated highly by G2 Crowd users and have substantial Market Presence scores. Leaders include: Splunk Enterprise Security and AlienVault USM
  • High Performers are highly rated by their users, but have not yet achieved the Market Presence of the Leaders. High Performers include: Logz.io
  • Contenders have significant Market Presence and resources, but have received below average user Satisfaction ratings or have not yet received a sufficient number of reviews to validate the solution. Contenders include: Trustwave
  • Niche solutions do not have the Market Presence of the Leaders. They may have been rated positively on customer Satisfaction, but have not yet received enough reviews to validate them. Niche products include: AlienVault OSSIM, Solarwinds SIEM, and IBM QRadar
G2 Crowd Grid® for Security Information and Event Management (SIEM)
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Compare Security Information and Event Management (SIEM) Software
    Results: 37

    Filters
    Features
    Star Rating

    Security Information and Event Management (SIEM) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Splunk Enterprise Security (ES) is a SIEM software that provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to enables security teams to quickly detect and respond to internal and external attacks to simplify threat management while minimizing risk and safeguarding business


    Unified Security Management (USM) is AlienVault’s comprehensive approach to security monitoring, delivered in a unified platform. The USM platform includes five core security capabilities that provide resource-constrained organizations with all the security essentials needed for effective threat detection, incident response, and compliance, in a single pane of glass. Designed to monitor cloud, hybrid cloud and on-premises environments, AlienVault USM significantly reduces complexity and reduces deployment time so that users can go from installation to first insight in minutes for the fastest threat detection. Unlike traditional security point technologies, AlienVault Unified Security Management does the following: - Unifies essential security controls into a single all-in-one security monitoring solution - Monitors your cloud, hybrid cloud, and on-premises infrastructure - Delivers continuous threat intelligence to keep you aware of threats as they emerge and change - Provides comprehensive threat detection and actionable incident response directives - Deploys quickly, easily, and with minimal effort - Reduces TCO over traditional security solutions


    Trustwave is a global leader in cloud-based compliance and information security.


    Logz.io provides a popular open-source log analysis platform - ELK (Elasticsearch, Logstash and Kibana), as a simple, secured and scalable service on the cloud. Logz.io also provides advanced enterprise-grade enhancements and features on top of the ELK stack, such as alerting, user control, archiving and pre-made Kibana visualizations tailored for specific log types. Extremely easy to set up, Logz.io allows you to ship as many logs as you like, securing the data and providing high-availability and accessibility.


    Alienvault OSSIM is an open source SIEM tool that contribute and receive real-time information about malicious hosts to help user increase security visibility and control in network.


    Tap into the flexibility and efficiency of the modern security platform. At the core of a security analyst's challenge, there is too much data spread across too many tools. An integrated analytics platform offers more than a basic SIEM to streamline critical capabilities into a common workflow and help the security analyst be more efficient. The IBM Security App Exchange ecosystem extends platform capabilities on demand, adding cognitive security with Watson, user behavior analytics and more, to speed attack detection and response.


    SolarWinds SIEM is a Log & Event Manager software that Eliminate threats faster with instantaneous detection of suspicious activity and automated responses for mitigation and compliance.


    The complexity of managing network and security operations is resulting in increases in breaches worldwide. Discovery, isolation, and remediation of these incidents are measured in hundreds of days. And with a dwindling pool of skilled cyber security personnel able to manage the wide array of devices and data sources to protect their network assets, success requires a new approach. FortiSIEM provides organizations of all sizes with a comprehensive, holistic, and scalable solution for security, performance, and compliance management, from IoT to the cloud. FortiSIEM expands network visibility through the Fortinet Security Fabric's integrations with the leading security products present in most networks today.


    Juniper Secure Analytics monitors security information and events in near real time.


    ArcSight Enterprise Security Manager (ESM) is a comprehensive threat detection, analysis, triage, and compliance management SIEM platform that dramatically reduces the time to mitigate cyber-security threats.


    Award-winning, comprehensive and economical monitoring suite which ensures that all aspects of your IT infrastructure are secure and performing optimally.



    ServiceNow Security Operations is an Enterprise Security Response engine offering security incident response, vulnerability response, configuration compliance, and threat intelligence. It’s built on the intelligent workflows, automation, orchestration, and deep connection with IT of the ServiceNow platform.


    Trend Micro Hosted Email Security is a no-maintenance-required solution that delivers continuously updated protection to stop phishing, ransomware, BEC, advanced threats, spam, and malware before they reach your network. It protects Microsoft Exchange, Microsoft Office 365, Google Gmail, and other hosted and on-premises email solutions.


    Micro Focus ArcSight Express is a SIEM appliance designed to give users the insight and tools to identify and prioritize current and potential threats so they can optimize their response and improve the security of their systems.


    Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation i n hybrid IT environments that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security analytics to detect anomalies in user behavior and investigate threat patterns before a data breach occurs. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware and Windows Server. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.


    SOCVue Security Monitoring is a service that includes 24/7/365 threat detection, remediation guidance, compliance, and SIEM and log management.


    ActiveSOC automatically validates that low-scoring events (e.g.User logged in from an unusual location) are attacks. It helps triage alerts as well as generate new intelligence from low-scoring events.


    AD|Assess continuously works in the background and leverages unique algorithms to gather in-depth information about configurations of the directory, privileged accounts, security settings, GPO, endpoints connected to the domain, domain controller configurations and even inappropriate use of privileged accounts. Then, it autonomously analyzes every component for misconfigurations and backdoors attackers left behind. Once identified, an alert is sent to the central console with recommendations for remediation


    CA Compliance Event Manager helps you increase your data privacy and simplify regulatory compliance


    Cofense Triage is the first phishing-specific incident response platform that allows security operation (SOC) and incident responders to automate the prioritization, analysis and response to phishing threats that bypass your email security technologies.


    Cyber Architecture and Engineering empowers its clients to achieve their business goals with network and system integration projects that are efficient in design and operation, are delivered on time and to budget, and provide added value to the business operations as part of the assessment and design process.


    empow's security platform radically upends traditional approaches by integrating with your existing network infrastructure and breaking down your security tools into their individual components.


    EventTracker Security Center is powerful, scalable software application that installed on premise or in the cloud to address a broad range of cyber security challenges for organizations with 50 to 10,000* network nodes, it identifies malware, unusual behavior and suspicious network traffic and lets user know when it been compromised.


    GFI EventsManager offers mechanisms and applications for monitoring security activity.


    Apply artificial intelligence to accelerate incident analysis and rapidly respond to threats.


    Interset is an AI security analytics company. Our software is built to swiftly surface IP threats, originating from inside or outside the enterprise, even as they evolve.


    Janus Management System is an intuitive and user-friendly software solution which allows you to manage multiple parking locations and different types of HUB equipment (branded ZEAG, DATAPARK and FAAC) with just one tool. A parking solution for all these locations:


    Loom Systems delivers an advanced AI-powered log analysis platform that helps IT and DevOps teams predict and troubleshoot problems before they affect production. Loom predicts problems, provides their root cause and crowd-sources expert knowledge to recommend resolutions in real time. Loom is a Stevie® American Business Awards 2016 winner. Our platform mathematically models the analytical prowess of the human mind and infuses it with computational speed, accuracy and tirelessness. Our technology ingests every type of machine data, including unstructured data such as log files, learns its unique behavior over time, automatically detects anomalies and trends and recommends actions. Built for low-touch operational simplicity and usability, our solution empowers IT, DevOps, System Admins, NOC teams and Security specialists by transforming reactive users into proactive power-users. Our approach leads not only to lightning-fast identification and resolution of IT issues, but also to their prediction, allowing for preemptive measures to be taken. The four founders of Loom Systems share more than 50 combined years of experience generating actionable insights from Big Data. With deep technological and methodological background in elite technology intelligence units, as well as leadership positions at innovative companies in the private sector, they have spent their careers at the cutting edge of analytical process automation. After struggling daily with the tools currently in use in Big Data analysis, they've teamed up to create the definitive technological solution to the problem. Out of this effort grew Loom Systems - an end-to-end platform that mathematically models human analytical skills, and combines it with machines' calculation speed and diligence.


    PacketViper's patented cybersecurity platform features integrated deception, defense and intelligence that helps our customers address cybersecurity challenges in a practical, high-impact manner. PacketViper sits inline at key network transition points throughout the network. Licenses are deployed in one of three models (on-premise, cloud/AWS and bring your own hardware BYOH).


    PT Industrial Security Incident Manager is designed to detect hacker attacks on ICS/SCADA systems and help to investigate cybersecurity incidents at critical sites.


    RSA NetWitness Logs & Packets is a security solution that identifies every threat and offers different solutions.


    The TippingPoint Security Management System provides global vision and security policy control for threat intelligence and enables comprehensive analysis and correlation.


    Leo TechnoSoft's Intelligence Driven SOC is an integrated stack of security solutions and offers security incident and event management (SIEM), identity and access management (IDM), privilege identity management (PIM) and cloud access security broker (CASB), which is built on security Big Data.


    Sentinel Enterprise is a Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers actionable intelligence security professionals need to quickly understand their threat posture and prioritize response.


    Trend Micro ServerProtect for Linux 3.0 offers comprehensive real-time protection for enterprise web-servers and file-servers, preventing them from spreading viruses, spyware, and other Web threats to internal or external endpoints. Managed through an intuitive portable Web-based console, ServerProtect provides centralized virus/malware scanning, pattern updates, event reporting, and configuration.


    Verodin safely instruments security directly on your enterprise network, dynamically assessing the cumulative effectiveness of your entire security portfolio.


    Kate from G2 Crowd

    Learning about Security Information and Event Management (SIEM)?

    I can help.
    Get FREE professional recommendations in just a few minutes.