July 11, 2013

Log Management and SIEM Vendors

Filed under: Log Analysis,Security Information Management,Security Market — Raffael Marty @ 4:12 pm

LogManagement and SIEM Vendors Overview

This is a slide I built for my Visual Analytics Workshop at BlackHat this year. I tried to summarize all the SIEM and log management vendors out there. I am pretty sure I missed some players. What did I miss? I’ll try to add them before the training.

Enjoy!

Here is the list of vendors that are on the slide (in no particular order):

Log Management

  • Tibco
  • KeyW
  • Tripwire
  • Splunk
  • Balabit

SIEM

  • HP
  • Symantec
  • Tenable
  • Alienvault
  • Solarwinds
  • Attachmate
  • eIQ
  • EventTracker
  • BlackStratus
  • TrustWave
  • LogRhythm
  • ClickSecurity
  • IBM
  • McAfee
  • NetIQ
  • RSA

Logging as a Service

  • SumoLogic
  • Loggly
  • PaperTrail
  • Torch
  • AlertLogic
  • SplunkStorm
  • logentries
  • eGestalt

Update: With input from a couple of folks, I updated the slide a couple of times.

12 Comments »

  1. LogMatrix is dead … About 2-2.5 years ago, the log management/SIEM product was sold to Nitro (now McAfee). The remaining LogMatrix product is the old NerveCenter tool, which is primarily SNMP type of network monitoring like OpenView or MOM/SCOM.
    Also, Symantec is “back in the picture” (?) with their Security Information Manager (“SSIM”) product. It’s not fantastic, but it’s not bad either.

    Comment by William — July 11, 2013 @ 5:32 pm

  2. Thanks for the comments. Of course, Symantec. Totally forgot them. I will put an updated version together. Thank you!

    Comment by Raffael Marty — July 11, 2013 @ 5:48 pm

  3. Balabit with their SSB products

    Comment by Seb — July 12, 2013 @ 1:17 pm

  4. and you can classified Balabit as Log Management

    Comment by Seb — July 12, 2013 @ 1:19 pm

  5. Surprised that you didn’t include AlienVault in the SIEM list.

    Comment by Dave — July 13, 2013 @ 7:29 am

  6. Seb, added Balabit. And Dave, don’t be surprised. Totally my mistake. Added them in. Along with eGestalt also.

    Comment by Raffael Marty — July 13, 2013 @ 9:06 am

  7. Hi Raffy,
    You have LogLogic in the slide, but not in the list.

    Comment by Steve Lodin — July 22, 2013 @ 9:49 am

  8. Steve, how’s it going? :)

    LogLogic is only on the slide in parenthesis because they were bought by Tibco. Tibco is on the list.

    See you at BlackHat?

    Comment by Raffael Marty — July 22, 2013 @ 1:42 pm

  9. I’m curious, where are you drawing the line today between Log Management and SIEM? Many of the LM products include sophisticated correlation engines, visualization capabilities, and event management at least comparable to many of the products listed as SIEM. Is it just how the vendor positions the product?

    I’m finding it difficult to continue applying these labels to today’s products. What was once SIEM is now expected as part of intelligent log management, and SIEM is rapidly being replaced with security’s version of business intelligence and predictive analytics(tackling big data).

    Comment by Jon Speer — July 24, 2013 @ 9:35 am

  10. Thanks for the question, Jon. I have to agree with you. It’s hard to put players into these categories these days. i have to be honest, this is definitely not scientific. I probably have to redo the chart at some point, using some other criteria to differentiate things.
    As to your point of SIEM moving into the BI pendant and predictive analytics, I don’t share that view at all. Quite frankly, I do have no idea what predictive analytics would be in cyber security. You predict new attacks? Tell me, please, how you would do that. Even if you follow the kill chain. No way you can do that. I have thought about that quite a bit lately and haven’t come to a solution. But definitely curious to hear any opinions on that. As far as other BI capabilities go, I haven’t seen much interesting stuff that actually works and is useful in the SIEMs today. Have you? This entire discussion should probably it’s own blog post ;)

    Comment by Raffael Marty — July 26, 2013 @ 11:49 am

  11. Update – Symantec is killing their customer site log management/SIEM product (SSIM – Symantec Security Information Manager). Only offering for log management at this point is going to be cloud hosted, probably MSS and maybe something else.

    Comment by William — July 29, 2013 @ 7:07 am

  12. Hi Raffy,

    You don’t have Tier-3 on the list (www.tier-3.com). They have been selling SIEM solutions to Government and other larger organisations since 1999 – typically selling against HP ArcSight.

    Comment by Adrian — March 11, 2014 @ 7:39 am

RSS feed for comments on this post. | TrackBack URI

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .