Star Rating
Languages Supported
Pricing Options
Features

Security Information and Event Management (SIEM) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Best Security Information and Event Management (SIEM) Software for Medium-Sized Businesses

    Products classified in the overall Security Information and Event Management (SIEM) category are similar in many regards and help companies of all sizes solve their business problems. However, medium-sized business features, pricing, setup, and installation differ from businesses of other sizes, which is why we match buyers to the right Medium-Sized Business Security Information and Event Management (SIEM) to fit their needs. Compare product ratings based on reviews from enterprise users or connect with one of G2's buying advisors to find the right solutions within the Medium-Sized Business Security Information and Event Management (SIEM) category.

    In addition to qualifying for inclusion in the Security Information and Event Management (SIEM) Software category, to qualify for inclusion in the Medium-Sized Business Security Information and Event Management (SIEM) Software category, a product must have at least 10 reviews left by a reviewer from a medium-sized business.

    Top 10 Security Information and Event Management (SIEM) Software for Medium-Sized Businesses

    • Sumo Logic
    • LogRhythm
    • AlienVault USM (from AT&T Cybersecurity)
    • SolarWinds Security Event Manager
    • Logz.io
    • IBM Security QRadar
    • Splunk
    • FortiSIEM
    • Graylog
    • Blumira Automated Detection & Response

    Compare Medium-Sized Business Security Information and Event Management (SIEM) Software

    G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
    Sort By:
    Results: 12
    View Grid®
    Adv. Filters
    (244)4.3 out of 5
    Optimized for quick response
    Entry Level Price:Free

    Sumo Logic is the pioneer of continuous intelligence, a new category of software, which enables organizations of all sizes to address the data challenges and opportunities presented by digital transformation, modern applications and cloud computing. The Sumo Logic Continuous Intelligence Platform™ automates the collection, ingestion and analysis of application, infrastructure, security and IoT data to derive actionable insights within seconds. More than 2,000 customers around the world rely on S

    (120)4.2 out of 5
    Optimized for quick response

    LogRhythm empowers more than 4,000 customers across the globe to measurably mature their security operations program. LogRhythm's award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid detection, response, and neutralization of threats.

    (107)4.4 out of 5
    Optimized for quick response

    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physica

    Security Event Manager (SEM) is an ACTIVE monitoring SIEM solution that automatically detects, alerts and responds to suspicious behavior on multi-vendor network devices, servers, workstations and applications. SEM comes as a downloadable virtual appliance for quick deployment, and enables threat intelligence and real-time event correlations right out-of-the-box enabling faster response to cyber-attacks.

    (110)4.6 out of 5
    Optimized for quick response

    Logz.io is a cloud observability platform for modern engineering teams. The Logz.io platform consists of three products—Log Management, Infrastructure Monitoring, and Cloud SIEM — that work together to unify the jobs of monitoring, troubleshooting, and security. We empower engineers to deliver better software by offering the world's most popular open source observability tools— the ELK Stack, Grafana, and Jaeger—in a single, easy to use, and powerful platform purpose-built for monitoring distrib

    (191)4.3 out of 5
    Optimized for quick response
    Entry Level Price:FREE for 14 Days

    IBM Security QRadar helps security teams accurately detect, understand and prioritize threats that matter most to the business. The solution ingests asset, cloud, network, endpoint, and user data, correlates it against vulnerability information and threat intelligence, and applies advanced analytics to identify and track the most serious threats as they progress through the kill chain. Once a credible threat is identified, AI-powered investigations provide rapid, intelligent insights into the

    (173)4.2 out of 5

    Splunk Enterprise Security is an analytic-driven SIEM solution that can combat threats with actionable intelligence and advanced analytics at scale. With the goal of perfecting your security operations and reducing risks, Splunk is the security platform that enables you to detect, investigate, and respond in real-time. With Splunk, you can streamline your entire security stack, minimize unplanned downtime, and explore and visualize business processes for increased transparency all in one platfor

    (24)4.2 out of 5

    The complexity of managing network and security operations is resulting in increases in breaches worldwide. Discovery, isolation, and remediation of these incidents are measured in hundreds of days. And with a dwindling pool of skilled cyber security personnel able to manage the wide array of devices and data sources to protect their network assets, success requires a new approach. FortiSIEM provides organizations of all sizes with a comprehensive, holistic, and scalable solution for security,

    (112)4.4 out of 5
    Optimized for quick response

    Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. Tens-of-thousands of IT professionals rely on Graylog’s scalability, comprehensive access to complete data, and exceptional user experience to solve security, compliance, operational, and DevOps issues every day. Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threa

    (19)4.8 out of 5
    Optimized for quick response
    Entry Level Price:$144 User/Year

    Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility. Blumira's cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisc

    (213)4.2 out of 5
    Entry Level Price:$0 Per host, per month

    Datadog is the monitoring, security and analytics platform for developers, IT operations teams, security engineers and business users in the cloud age. The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration,

    (15)4.6 out of 5

    EventTracker is the only cybersecurity solution that delivers SIEM and EDR with the full support of a global Security Operations Center (SOC). This enables us to provide threat management and compliance results, all with a focus on streamlined deployment and reasonable pricing for mid-size organizations. EventTracker Security Center An award winning SIEM platform that unifies machine learning, behavior analytics, and security orchestration to make security analysts more efficient and effective.

    Select Grid® View
    Select Company Size
    G2 Grid® for Security Information and Event Management (SIEM)
    Filter Grid®
    Filter Grid®
    Select Grid® View
    Select Company Size
    Check out the G2 Grid® for the top Security Information and Event Management (SIEM) Software products. G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on our proprietary G2 Grid®, which you can use to compare products, streamline the buying process, and quickly identify the best products based on the experiences of your peers.
    Leaders
    High Performers
    Contenders
    Niche
    Datadog
    Sumo Logic
    SolarWinds Security Event Manager
    Logz.io
    Splunk
    AlienVault USM (from AT&T Cybersecurity)
    Netsurion EventTracker
    LogRhythm
    FortiSIEM
    IBM Security QRadar
    Graylog
    Blumira Automated Detection & Response
    Market Presence
    Satisfaction

    Learn More About Security Information and Event Management (SIEM) Software

    What is Security Information and Event Management (SIEM) Software?

    SIEM is one of the most commonly used tools for security administrators and security incident response professionals. They provide a single platform capable of facilitating event and threat protection, log analysis and investigation, and threat remediation. Some cutting-edge tools provide additional functionality for creating response workflows, data normalization, and advanced threat protection.

    SIEM platforms help security programs operate by collecting security data for future analysis, storing these data points, correlating them to security events, and facilitating analysis of those events.

    Companies using SIEM solutions deploy sensors across digital assets to automate the collection of data. Sensors relay information back to the SIEM’s log and event database. When additional security incidents arise, the SIEM platform detects anomalies and correlates similar logs to provide context and threat information for security teams as they attempt to remediate any existing threats or vulnerabilities.

    What Does SIEM Stand For?

    SIEM stands for security information and event management (SIEM), which is actually a combination of two different acronyms for security technology: security information monitoring (SIM) and security event management (SEM).

    SIM is the practice of collecting, aggregating, and analyzing security data, typically in the form of logs. SIM tools automate this process and document security information for other sources such as intrusion detection systems, firewalls, or routers. Event logs and their associated informational components are recorded and stored for long periods of time for either retrospective analysis or compliance requirements.

    SEM is a family of security software for discovering, analyzing, visualizing, and responding to threats as they arise. SEM is a core component of a security operations system. While SIM tools are designed for log collection and storage, SEM tools typically rely on SQL databases for storing specific logs and other event data as it is generated in real time by security devices and IT systems. They typically also provide the functionality to correlate and analyze event data, monitor systems in real time, and alert security teams of abnormal activity.

    SIEM combines the functionality of both SIM and SEM to centralize control over log storage, event management, and real-time analysis. For the most part, SIM and SEM have become defunct technologies as SIEM’s rise has provided a dual-purpose functionality. SIEM software offers a single tool capable of performing data aggregation, information correlation, and event management.

    What Types of Security Information and Event Management (SIEM) Software Exist?

    Traditional SIEM

    Traditional SIEM solutions are deployed on premises with sensors placed on IT assets to analyze events and collect system logs. The data is used to develop baseline references and identify indicators of compromise. When a system becomes compromised, the SIEM tool alerts security teams for intervention. 

    Cloud or virtual SIEM

    Cloud-based and virtualized SIEM software are tools typically used to secure cloud infrastructure and services delivered by a cloud provider. These tools are often less expensive than on-premises solutions and easier to implement as no physical labor is required. These tools are ideal for companies without local IT infrastructure.

    Managed SIEM services

    Companies that do not have a full-fledged security program in place may choose managed SIEM services to aid in management and reduce work for internal employees. These solutions are delivered by managed service providers who deliver the customer data and dashboards with security information and activity, but the provider handles implementation and remediation. 

    What are the Common Features of Security Information and Event Management (SIEM) Software?

    The following are some core features within SIEM software that can help users in collecting security data, analyzing logs, and detecting threats:

    Activity monitoring: SIEM systems document the actions from endpoints within a network. The system alerts users of incidents and abnormal activities and documents the access point. Real-time monitoring will document these as they happen for analysis as an event takes place.

    Asset management: These SIEM features keep records of each network asset and its activity. The feature may also refer to the discovery of new assets accessing the network.

    Log management: Log management functionality documents and stores event logs in a secure repository for reference and analysis or for compliance reasons.

    Event management: As events occur in real time, the SIEM system alerts users of incidents. This allows security teams to intervene manually or triggers an automated response to resolve the issue.

    Automated response: Response automation reduces the amount of time spent diagnosing and resolving issues manually. The features are typically capable of resolving common network security incidents quickly.

    Incident reporting: Incident reports document cases of abnormal activity and compromised systems. These can be used for forensic analysis or as a reference point for future incidents.

    Threat intelligence: Threat intelligence feeds integrate information to train SIEM systems to detect emerging and existing threats. These threat feeds store information related to potential threats and vulnerabilities to ensure issues are discovered and teams are provided with the information necessary to resolve issues as they occur.

    Vulnerability assessment: Vulnerability assessment tools may scan networks for potential vulnerabilities or audit data to discover noncompliant practices. For the most part, they’re simply used to analyze an existing network and IT infrastructure to outline access points that can be easily compromised.

    Advanced analytics: Advanced analytics features allow users to customize analysis with granular or individually specific metrics that are pertinent to the business’ relevant resources.

    Data examination: Data examination features typically facilitate the forensic analysis of incident data and event logs. These features will allow users to search databases and incident logs to gain insights on vulnerabilities and incidents.

    What are the Benefits of Security Information and Event Management (SIEM) Software?

    Below are a few of the main reasons SIEM software is commonly used to protect businesses of all sizes:

    Data aggregation and correlation: SIEM systems collect huge amounts of information from an entire network environment. This information is gathered from virtually anything interacting with a network, from endpoints and servers to firewalls and antivirus tools, and is either given directly to the SIEM or using agents (decision-making programs designed to identify irregular information). The platform is set up to deploy agents and collect and store similar information together according to security policies set in place by administrators.

    Incident alerting: As information comes in from a network’s various connected components, the SIEM system correlates them using rule-based policies. These policies are used to inform agents of what normal behavior and threats look like. If any action violates these policies or malware or intrusion is discovered while the SIEM solution monitors network activity, it is labeled as suspicious, security controls restrict access, and administrators are alerted.

    Security analysis: Retrospective analysis may be performed by searching log data during specific periods or based on specific criteria. Security teams may suspect a certain misconfiguration or kind of malware caused an event. They also may suspect an unapproved party went undetected at a specific time. Teams will analyze the logs and look for specific characteristics in the data to determine whether their suspicion was right. They also may discover vulnerabilities or misconfigurations leaving them susceptible to attack and remediate them.

    Software Related to Security Information and Event Management (SIEM) Software

    Many network and system security solutions are related to the collection and analysis of event logs and security information, but SIEM systems are typically the most all-encompassing solutions available for this purpose. Still, many other kinds of security solutions may integrate with SIEM systems for added functionality or complementary use. These are a few other technology categories that are related to SIEM software.

    Threat intelligence software: Threat intelligence software is an informational service that provides SIEM tools and other information security systems with up-to-date information on web-based threats. They can inform the system of zero-day threats, new forms of malware, potential exploits, and other kinds of vulnerabilities.

    Incident response software: Incident response may be facilitated by SIEM systems, but these tools are specifically designed to streamline the remediation process or add investigative capabilities during security workflow processes. Incident response solutions will not provide the same level of compliance maintenance or log storage capabilities but can be used to increase a team’s ability to tackle threats as they emerge.

    Network security policy management (NSPM) software: NSPM software has some overlapping functionality used to ensure security hardware and IT systems are properly configured, but they do not have the ability to detect and resolve threats. They are typically used to ensure devices like firewalls or DNS filters are functioning properly in alignment with the security rules put in place by security teams.

    Intrusion detection and prevention systems (IDPS): While SIEM systems specialize in log management, alerting, and correlation, IDPS provide both additional detection and protection features to prevent unapproved parties from accessing sensitive systems and preventing network breaches. They will not facilitate the analysis and forensic investigation of logs with the same level of detail as a SIEM system.

    Managed security services providers: There are a variety of managed security services available for businesses without the resources or staff necessary to operate a full-fledged security administration and operations team. Managed services are a viable option and will provide companies with skilled staff working to protect their customers’ systems and keep their sensitive information protected.

    Challenges with Security Information and Event Management (SIEM) Software

    Staffing: There is an existing shortage of skilled security professionals. Managing SIEM software and maintaining a well-rounded security posture require dedicated personnel with highly-specialized skills. Some smaller or growing companies may not have the means to recruit, hire, and retain qualified security pros. In such cases, businesses can consider managed services to outsource the labor. 

    Compliance: Some industries have specific compliance requirements determined by various governing bodies, but SIEM software can be used across a number of industries to maintain compliance standards. Many different industry-specific compliance requirements exist, but most of them require security teams to ensure sensitive data is protected, restrict access to unapproved parties, and monitor changes made to identities, information, or privileges. For example, SIEM systems can be used to maintain GDPR compliance by verifying security controls and data access, facilitating long-term storage of log data, and notifying security staff of security incidents, as is required by GDPR.

    Which Companies Should Buy Security Information and Event Management (SIEM) Software?

    Vertical industries: Vertical industries, such as healthcare and financial services, often have additional compliance requirements related to data protection and privacy. SIEM is an ideal solution to keep outline requirements, map threats, and remediate vulnerabilities. 

    SaaS business: SaaS businesses utilizing resources from a cloud service provider are still responsible for a significant portion of the security efforts required to protect a cloud-native business. These companies may jump for cloud-native SIEM tools but will benefit from any SIEM to prevent, detect, and respond to any threat that arises. 

    How to Buy Security Information and Event Management (SIEM) Software

    Requirements Gathering (RFI/RFP) for Security Information and Event Management (SIEM) Software

    The first step to purchasing a SIEM solution is to outline the options. Companies should be sure whether they need a cloud-based or on-premises solution. They should also outline the number of interconnected devices they will need and whether they want physical or virtual sensors to secure them. Additional and possibly obvious requirements should also include budgetary considerations, staffing limitations, and required integrations

    Compare Security Information and Event Management (SIEM) Software Products

    Create a long list

    Once the requirements are outlined, buyers should rank the tools by priority and identify the ones with as many of the features that fit the budget window. It is recommended to restrict the list to products with desired features, pricing, and deployment methods to identify a dozen or so options. For example, if the business needs a cloud-native SIEM for less than $10k a year, half of the options for SIEM will be eliminated. 

    Create a short list

    Narrowing down a short list can be tricky, especially for the indecisive, but these decisions need to be made. Once the long list is limited to affordable products with the desired features, it’s time to search for third-party validation. At this point, for each tool, the buyer must analyze end-user reviews, analyst reports, empirical security evaluations. Combining these specified factors should help rank options and eliminate poorly performing products.  

    Conduct demos

    With the list narrowed down to three to five possible products, businesses can reach out to vendors and schedule demos. This will help to get first-hand experience with the product, ask targeted questions, and gauge the vendors quality of service. 

    Selection of Security Information and Event Management (SIEM) Software

    Choose a selection team

    To choose a selection team, decision makers need to involve subject matter experts from all teams that will use the system. For backup software, this primarily involves product managers, developers, IT, and security staff. Any manager or department-level leader should also include individuals managing any solution the backup product will be integrating with. 

    Negotiation

    Depending on the maturity of the business, the seniority of the negotiation team may vary. It is advisable to include relevant directors or managers in the security and IT departments as well as from any other cross-functional departments that may be impacted.

    Final decision

    If the company has a chief information security officer (CISO), that individual will likely make the decision. If not, companies must trust their security professionals’ ability to use and understand the product. 

    What Does Security Information and Event Management (SIEM) Software Cost?

    If the buyer chooses a cloud-based SIEM tool that offers pricing on the SaaS, pay-as-you-use model, potential growth should be considered. Some solutions are inexpensive at the start and offer affordable low-tier pricing. Alternatively, some may rapidly increase pricing and fees as the company and storage needs to scale. Some vendors offer permanently free backup products for individuals or small teams.

    Cloud SIEM: SIEM as a service pricing may vary, but will traditionally scale as the storage increases. Other additional costs may come for increased features such as automated remediation, security orchestration, and integrated threat intelligence. 

    On premises SIEM: On-premises solutions are typically more expensive and require more effort and resources to implement. They will also be more expensive to maintain and require dedicated staff. Still, companies with high compliance requirements should adopt on-premises security regardless. 

    Return on Investment (ROI)

    Similar to its lower-average cost, cloud-based SIEM solutions will also provide a quicker ROI. It’s pretty cut and dry since there is a much lower initial investment and lower demand for dedicated staffing. 

    However, for on-premises systems, the ROI will depend on the scale and scope of business IT systems. Hundreds of servers will require hundreds of sensors, potentially more as time takes its toll on computing equipment. Once implemented, they will need to be operated and maintained by (expensive) security professionals.