DCIG, LLC Announces 2014-15 SIEM Appliance Buyer’s Guide

Share Article

Latest Buyer’s Guide Dedicated to Evaluating Security Information and Event Management Appliances as watchdogs in the hostile world of cybersecurity threats

Large companies regularly issue warnings to customers that critical information may have been compromised. Each year, it seems that more supposedly secure companies are breached than the year before. When these events occur, it can take organizations several days, weeks or even longer to discover the breach and determine what data was compromised and much longer to sort out whom is responsible.

Security Information and Event Management (SIEM) appliances provide a fix to this problem by acting as a security system that tracks intruders and immediately alerts administrators of any suspicious activity. In short, these appliances give security administrators visibility into what is going on in their environment at all times.

“Ideally, companies would not have to worry about always looking over their shoulder to make sure no one is stealing vital information, but that is not the reality in which we live,” said Jerome Wendt, president and lead analyst, DCIG, LLC. “Security Information and Event Management solutions take the edge off of these concerns by acting as a constant watchdog that performs several services, like logging information, correlating event data, alerting security administrators of data breach detections, and providing dashboards to give a quick picture of is happening in the environment at any given time.”

For the 2014-15 SIEM Appliance Buyer’s Guide, DCIG, LLC evaluated 29 offerings from nine companies. After an initial questionnaire of more than 100 questions was completed, product capabilities were assessed from the questionnaire and from information available in the public domain. Solutions were then evaluated for 100 features, and weighted after conversations with end-users. After scores were compiled, solutions were assessed and ranked either Best-in-Class, Recommended, Excellent, Good, and Basic across functionality and capability relative to the overall market landscape.

The intent for this Buyer’s Guide, as with all DCIG Buyer’s Guides, is to provide an “at-a-glance” comparison from which end users can select the most appropriate solution for their existing needs. This Buyer’s Guide also provides perspective on how solutions from less well known SIEM Appliance providers compare against established and better known brands.

The DCIG 2014-15 SIEM Appliance Buyer’s Guide’s Top 10 solutions include (in alphabetical order):, BlackStratus MIDWAY, Hewlett-Packard ArcSight AE-7526, AE-7566, and AE-7581, IBM Security QRadar SIEM 3105 and 3124 All-In-One, LogRhythm All-in-One (XM) 4300 and 6300, McAfee ETM-6000, and the TIBCO LogLogic MX4025.

The LogRhythm All-in-One (XM) 6300 SIEM appliance achieved the Best-in-Class ranking in this inaugural DCIG 2014-15 SIEM Appliance Buyer's Guide. Scoring at or near the top in every category (Hardware, Software, Management and Support) evaluated in this Buyer’s Guide, it represents the best of what SIEM appliances currently have to offer.    In comparison to its counterparts, the LogRhythm All-in-One model stood out in the following ways:

  • Represented the best balance of strengths across all the scoring categories
  • Included the most robust set of features and functions across all of the products reviewed
  • Stood head and shoulders above the competition in its ability to detect breaches and then respond and recover from them

Other features that users will find useful on the LogRhythm All-in-One 6300 model include:

  • Able to monitor in excess of 2,000 systems, collect over 10,000 events per second, and provide multiple ways in which to collect data
  • Provides enterprise organizations with a robust solution to centrally monitor and manage a large number of devices

The DCIG 2014-15 SIEM Appliance Buyer’s Guide achieves the following objectives:                                                         

  • Provides an objective, third party evaluation of SIEM solutions that weights, scores and ranks their features from an end user’s viewpoint            
  • Includes recommendations on how to best use this Buyer’s Guide            
  • Scores and ranks the features on each SIEM appliance based upon criteria that matter most to end users so they can quickly know which products are the most appropriate for them to use and under what conditions        
  • Provides data sheets for 29 SIEM appliances from nine (9) different providers so end users can do quick comparisons of the features that are supported and not supported on each product        
  • Gives any organization the ability to request competitive bids from different providers of SIEM appliances to do apples-to-apples comparisons of these products

“SIEM Appliances fill a glaring need that every organization, no matter its size, needs to address,” said Wendt. “An organization with critical systems especially needs to protect itself against a cyberattack, and to accurately follow the Identify, Protect, Detect, Respond and Recover guidelines established by the U.S. Commerce Department’s National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, an organization must take the time and investment necessary to implement a SIEM solution into its environment.”

Disclosure and Methodology
DCIG identified nine companies that provide SIEM Appliance solutions. Each model had to meet the following criteria:

  • The appliance must be available as hardware solution and ship as a single SKU. A number of SIEM solutions are sold and/or are available as software. To best address the most common SIEM appliance products that serve the widest range of business needs, only solutions that shipped with both hardware and software as a single SKU were considered for this Buyer’s Guide.            
  • The SIEM appliance must provide traditional SIEM capabilities, such as:

-- The SIEM appliance must offer data and log aggregation.                
-- The SIEM Appliance must support log data protection and prevention.    
-- The SIEM Appliance must provide correlation abilities. An appliance must be able to correlate data together from various sources to produce a holistic snapshot of the information that it gathers about an environment.                    
-- The SIEM Appliance must contain alerting capabilities. It has to have ability to alert security administrators of unusual activity in the network.
-- The SIEM appliance must present a dashboard. A dashboard gives a brief, high-level picture of what is happening in the security environment.            

  • Must be generally available by January 1st, 2014. A cut-off date had to be put in place or this Buyer’s Guide would never be published.

In every case the participating vendor had the opportunity to review and respond to the survey and the information regarding their product displayed on the data sheets included in this Buyer’s Guide. SIEM solutions were then put into this Buyer’s Guide based upon their starting price point.

There were some cases where SIEM providers elected not to respond to DCIG’s inquiries or requests. While those products were still covered in this Buyer’s Guide, the information as presented in this Guide may be incomplete or not represent all of the product’s capabilities. In cases where no responses were received, a notation is included on the bottom of that product’s data sheet indicating that all information displayed is strictly drawn from publicly available sources.

DCIG also spoke to various end-users to get a sense of how they would weight their needs in these various areas. DCIG then evaluated the vendors’ capabilities by applying weighting indicated from our conversations with these end-users. No vendors, whether clients or not, were afforded preferential treatment in the Buyer’s Guide. All research was based upon information provided directly by vendors, research and analysis by DCIG and other publicly available information.

It is worth noting that each Buyer’s Guide is not intended to be a substitute for internal testing. DCIG encourages any organization that is considering the purchase of any solution included in a Buyer’s Guide to do its own in-house testing.

The DCIG 2014-15 SIEM Appliance Buyer’s Guide is available immediately and may be downloaded for no charge with registration at the following URL: http://dcigbuyersguides.com

DCIG Blog: http://www.dcig.com

About DCIG
DCIG analysts provide informed, insightful, third party analysis and commentary on IT hardware, software and services.

DCIG independently develops and licenses access to DCIG Buyer's Guides that provide actionable intelligence through comprehensive, in-depth analysis of data center infrastructure product features. DCIG also develops sponsored content in the form of blog entries, case studies, product reviews, special reports and executive, standard and full-length white papers.

DCIG's research serves the need of C-level executives, IT managers, systems and storage engineers and architects for multiple industries as well as the needs of enterprise, SME, channel, reseller and service providers.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jim Nash
+1 952-807-6416
Email >
Visit website