Products

SIEM Capabilities

SIEM Capabilities

SecureVue NGS integrated Security Information and Event Management (SIEM) and Network Behavior Analysis (NBA) provides unrivaled automation in the detection of potentially harmful security threats.

Buyers of a SIEM need to recognize that many solutions available today do not provide adequate capabilities to detect modern day threats. Many legacy SIEMs have evolved over multiple years, represented by EiQ in three discernible generations, in an attempt to detect advanced threats – but have come up short for many reasons. SecureVue Next-Gen SIEM is the most advanced SIEM and goes well above first and second generation SIEMS to meet the challenge of complex IT threats head-on. The following table provides a comparison on key capabilities that should be considered when acquiring a SIEM:

 

 

 

SIEM 1.0 SIEM 2.0 Next-Gen SIEM
Drivers Log Consolidation and Sarbanes Oxley drive need for SIEM 1.0 Driven by compliance mandates SIEM 1.0 evolves into  SIEM 2.0 Driven by advanced security threats SIEM 2.0 evolves into  Next-Gen SIEM
Time Line 2000 – 2004 2005 – 2010 2011 – Present
Use Cases
  • Log Management
  • Compliance
  • Event Management
  • Log Management
  • Compliance
  • Reporting
  • Correlation
  • Basic Security Search
  • Event Management
  • Log Management
  • Compliance
  • Reporting
  • Correlation
  • Intelligent Security Search
  • Threat Detection
  • Real-Time Analytics
  • User Activity Monitoring
Correlation Capabilities Basic

  • Event specific alerting
 Check box oriented

  • Event categorization
  • Event reduction at source results in limited Threat detection
  • Statistical correlation
  • Rule based correlation
 Advanced

  • Event categorization Threat and anomaly detection
  • Correlates all data
  • Statistical correlation
  • Rule based correlation
  • Risk based correlation
  • User behavior & profiling
Deployment Time to Value (TTV) Days Months Hours
Total Cost of Ownership (TCO) Moderate High, due to:

  • Managing multiple products
  • High implementation services costs
  • Customization and tuning services costs
 Low, due to:

  • One fully integrated product
  • Built for Security and compliance management
  • No onsite services required
Architecture Single product for Log Management Two separate products:

  • Log Management
  • Event Management / Correlation
 One unified, fully integrated product:

  • Log Management
  • Event Management / Correlation
  • NBA
  • IntelligentSecurity Search
Database Technology
  • No relational database
  • No DBA required
  • Highly scalable
  • Oracle or MS SQL
  • Administrative overhead
  • Limited scalability
  • Purpose-built Non-relational database
  • No DBA required
  • Purpose- built
  • Highly scalable
Reporting Speed
  • Reasonable
  • Slow
  • Performance degrades as reporting time window and number of nodes increases
  • Fast
  • Same sub 5 second response time regardless of report scope
Events per second (eps) Less than 5,000 Less than 10,000 Unlimited
Search Speed up to 1,000,000 records per second 10,000 to 25,000 records per second more than 1,000,000 records per second
Ease of Use
  • Good
  • Focused on log search
  • Average
  • Significant customization is required
  • Excellent
  • Out of the box support for both Security and Compliance
Data Type / Sources
  • Log & Event data only
  • Log & Event data
  • Limited Network flow analysis
  • Log & Event data
  • Network flow analysis
  • NBA
Users
  • IT Operations
  • Security Operations (perimeter focus)
  • IT Operations
  • Security Operations
  • Compliance
  • IT Operations
  • Security Operations
  • Compliance
  • IT Security
  • Network Operations
  • Legal
Table: Next-Gen SIEM replaces SIEM 1.0 and SIEM 2.0