What is the best SIEM software?

techdon22 · 2023-04-11T16:37:42.000Z

Hello, I’m an IT Tech for a small company and we’re trying to be CMMC compliant as soon as possible. We’ve recently checked out AlienVault but would like to know if they’re any other companies that we should look at that’ll help with us get closer to be CMMC compliant.

chris.hone · 2023-04-12T05:12:18.000Z

Have a read of this

Splunk

2022 Gartner® Magic Quadrant™ for SIEM | Splunk

Rise and 9: Splunk named a Leader for 9 years in a row

andynaisbitt · 2023-04-12T08:10:56.000Z

LogRythm is a good one that includes log mgnt. and network / endpoint monitoring.
The best SIEM software for your organization will depend on your specific security needs, budget, and IT environment.

mredus · 2023-04-12T11:51:57.000Z

We’re using the Elastic stack (Formerly the ELK stack). I guess we’re really just using the EK stack as we don’t use LogStash. It’s free and open source and has worked great for us. It is able to pull in threat intelligence from various sources, and that information can be used to trigger alerts based on network activity. It helped us to identify a potential attack against one of our webservers the other day. We have everything reporting to it, whether that be through syslog or the elastic agent.

techdon22 · 2023-04-12T11:55:28.000Z

Since it is free, is there any guarantee that it can be trusted to be on our network? Usually free software are the easiest ones to be breached. We wouldn’t mind spending a couple hundred/thousand if it means to have a safe and worthy SIEM.

mredus · 2023-04-12T12:26:41.000Z

TechDon22:

Since it is free, is there any guarantee that it can be trusted to be on our network? Usually free software are the easiest ones to be breached. We wouldn’t mind spending a couple hundred/thousand if it means to have a safe and worthy SIEM.

If money is no object, absolutely go with whatever paid solution may be better/more convenient. I agree “free/freemium” closed source software is typically a no-go, but open source is a whole different world. The code is open and can be audited by anyone.

petersaraby · 2023-04-12T13:31:39.000Z

From my experience, both Logrythm and Splunk are best suited for enterprise environments since they are both costly and require a lot of time to setup. That is not to say that they are bad solutions, but I would never recommend or use them in a small or medium size business environment. There are better suited options out there.

I would not discount open source solutions, or think that they are less secure. But, and that depends on the product, they tend to require more time to install and configure. And even though they are technically free, they do encourage you to get some sort of support subscription - so you end up still paying just not for the licenses. Going with an open source solution usually makes sense when you have somebody that is experienced with it (e.g. consultant). But again, now you’re paying the consultant.

There are a number of solutions out there that are more reasonably priced and better suited for smaller businesses. One thing you haven’t mentioned is whether you are looking for an on premise or a cloud based solution? I would take a look at EventSentry , it covers CMMC pretty well and I’ve had good experience with it. But there are tons of other products out there, although mostly require a monthly subscription which I’m not a fan of.

techdon22 · 2023-04-12T13:38:44.000Z

Thank you for this, great outlook. And we’re looking for Cloud-based.

@petersaraby

techdon22 · 2023-04-12T13:40:14.000Z

We’re looking for something that’ll cover our Firewalls, WatchGuard cloud, endpoint devices, emails, etc.

jameswalker20 · 2023-04-12T13:46:57.000Z

I agree with both @chrishone and @andynaisbitt . I like Splunk, but it all depends on your funding.

titusovermyer · 2023-04-12T17:51:09.000Z

Splunk has been pretty solid