Join the 1500 companies using G2 Track to manage SaaS spend, usage, contracts & compliance.

Best Security Information and Event Management (SIEM) Software

Security information and event management (SIEM) software combines a variety of security software components into one platform. Companies use SIEM products to centralize security operations into a single location. IT and security operations teams can gain access to the same information and alerts for more effective communication and planning. These products provide capabilities to identify and alert IT operations teams of anomalies detected in their systems. The anomalies may be new malware, unapproved access, or newly discovered vulnerabilities. They provide live analysis of functionality and security, storing logs and records for retrospective reporting. They also have tools for identity and access management to ensure only approved parties have access to sensitive systems. Forensic analysis tools help teams navigate historical logs, identify trends, and better fortify their networks.

SIEM tools may be confused with incident response software, but SIEM products provide a larger scope of security and IT management features. Most also do not have the ability to automate security remediation practices.

To qualify for inclusion in the SIEM category, a product must:

  • Aggregate and store IT security data
  • Assist in user provisioning and governance
  • Identify vulnerabilities in systems and endpoints
  • Monitor for anomalies within an IT system
G2 Grid® for Security Information and Event Management (SIEM)
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
content
Features
Star Rating

Security Information and Event Management (SIEM) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Security Information and Event Management (SIEM) Software

Results: 79
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 79
Filter Results
Filter by:
Sort by
Features
Star Rating
Sort By:

    Splunk Enterprise Security (ES) is a SIEM software that provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to enables security teams to quickly detect and respond to internal and external attacks to simplify threat management while minimizing risk and safeguarding business

    Build, run and secure your AWS, Azure, Google Cloud Platform or Hybrid applications with Sumo Logic, a cloud-native, machine data analytics service for log management and time series metrics.

    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM

    Trustwave is a global leader in cloud-based compliance and information security.

    Advanced Security Manager is a computer security software that secures information from unwanted intruders in a computer.

    Logz.io provides an intelligent and scalable machine data analytics platform built on ELK and Grafana. Designed for monitoring modern applications, Logz.io combines cloud-native simplicity and scalability with crowdsourced artificial intelligence to help engineers identify critical issues before they occur and empower them to monitor, troubleshoot and secure mission-critical applications using one unified platform.

    The complexity of managing network and security operations is resulting in increases in breaches worldwide. Discovery, isolation, and remediation of these incidents are measured in hundreds of days. And with a dwindling pool of skilled cyber security personnel able to manage the wide array of devices and data sources to protect their network assets, success requires a new approach. FortiSIEM provides organizations of all sizes with a comprehensive, holistic, and scalable solution for security, performance, and compliance management, from IoT to the cloud. FortiSIEM expands network visibility through the Fortinet Security Fabric's integrations with the leading security products present in most networks today.

    Log & Event Manager (LEM) is an ACTIVE monitoring SIEM solution that automatically detects, alerts and responds to suspicious behavior on multi-vendor network devices, servers, workstations and applications. LEM comes as a downloadable virtual appliance for quick deployment, and enables threat intelligence and real-time event correlations right out-of-the-box enabling faster response to cyber-attacks.

    EventTracker is the only cybersecurity solution that delivers SIEM, EDR and a global Security Operations Center (SOC) to deliver optimal threat management and compliance results with a focus on streamlined deployment and reasonable pricing for mid-size organizations. EventTracker Security Center A SIEM platform that unifies machine learning, behavior analytics, and security orchestration to make security analysts more efficient and effective. A mainstay in the cybersecurity space, EventTracker has been recognized by Gartner, Inc. in its Magic Quadrant for Security Information and Event Management for over 10 years. EventTracker SIEMphonic More and more organizations are seeking SIEM-as-a-Service to realize optimal security and compliance results. Netsurion offers a Co-Managed SIEM, EventTracker SIEMphonic, complete with 24/7 SOC, powered by threat intelligence. EventTracker EDR Immediate threat detection is crucial to reducing dwell time and mitigating the impact of a breach. However, today’s typical enterprise endpoint threat detection and response (EDR) solutions take a software-only approach putting the onus on organizations to staff, train, and retain security analysts and malware/ransomware experts, which is impractical and expensive in today’s environment of cybersecurity skill shortage. EventTracker EDR is a managed endpoint threat detection and response powered by our AAA SE-Labs rated technology and our 24/7 SOC.

    Alienvault OSSIM is an open source SIEM tool that contribute and receive real-time information about malicious hosts to help user increase security visibility and control in network.

    IBM QRadar helps security teams accurately detect, understand and prioritize threats that matter most to the business. The solution ingests asset, cloud, network, endpoint, and user data, correlates it against vulnerability information and threat intelligence, and applies advanced analytics to identify and track the most serious threats as they progress through the kill chain. Once a credible threat is identified, AI-powered investigations provide rapid, intelligent insights into the root cause and scope of the threat, enabling organizations to up-level their first-line security analysts, accelerate security operations processes and reduce the impact of incidents.

    LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled Security Operations Center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.

    SolarWinds SIEM is a Log & Event Manager software that Eliminate threats faster with instantaneous detection of suspicious activity and automated responses for mitigation and compliance.

    Graylog
    (17)4.4 out of 5
    Optimized for quick response
    Optimized for quick response

    Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. Tens-of-thousands of IT professionals rely on Graylog’s scalability, comprehensive access to complete data, and exceptional user experience to solve security, compliance, operational, and DevOps issues every day. Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can quickly and easily find meaning in data and take action faster. Graylog is fully multi-tenant, includes multi-threaded Elasticsearch, and is easily integrated with other components in your tech stack - even other log management solutions - to meet all your organization's log management needs.

    Award-winning, comprehensive and economical monitoring suite which ensures that all aspects of your IT infrastructure are secure and performing optimally.

    DICE Central Station is built to reduce central station activity and data entry, providing a seamless interface for operators.

    Juniper Secure Analytics monitors security information and events in near real time.

    Cloud Security Command Center helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and data risk so that you can quickly mitigate threats to your cloud resources and evaluate overall health.

    Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware, Windows Server and network devices. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.

    Rapid7 InsightIDR is a fully integrated detection and investigation solution that gives you the confidence to identify a compromise as soon as it occurs. InsightIDR leverages attacker analytics to detect intruder activity earlier in the attack chain, cutting down false positives and unnecessary work for security professionals. Hunt for actions indicative of compromised credentials, spot lateral movement across assets, detect malware, and set intruder traps. Make investigations 20x faster by uncovering insight hidden in your user activity, logs, and endpoints. With InsightIDR you can get up and running in hours, gaining the insight you need to make better decisions, faster.

    ArcSight Enterprise Security Manager (ESM) is a comprehensive threat detection, analysis, triage, and compliance management SIEM platform that dramatically reduces the time to mitigate cyber-security threats.

    ServiceNow Security Operations is an Enterprise Security Response engine offering security incident response, vulnerability response, configuration compliance, and threat intelligence. It’s built on the intelligent workflows, automation, orchestration, and deep connection with IT of the ServiceNow platform.

    CA Compliance Event Manager helps you increase your data privacy and simplify regulatory compliance

    GFI EventsManager offers mechanisms and applications for monitoring security activity.

    Trend Micro Hosted Email Security is a no-maintenance-required solution that delivers continuously updated protection to stop phishing, ransomware, BEC, advanced threats, spam, and malware before they reach your network. It protects Microsoft Exchange, Microsoft Office 365, Google Gmail, and other hosted and on-premises email solutions.

    Loom Systems delivers an advanced AI-powered log analysis platform that helps IT and DevOps teams predict and troubleshoot problems before they affect production. Loom predicts problems, provides their root cause and crowd-sources expert knowledge to recommend resolutions in real time. Loom is a Stevie® American Business Awards 2016 winner. Our platform mathematically models the analytical prowess of the human mind and infuses it with computational speed, accuracy and tirelessness. Our technology ingests every type of machine data, including unstructured data such as log files, learns its unique behavior over time, automatically detects anomalies and trends and recommends actions. Built for low-touch operational simplicity and usability, our solution empowers IT, DevOps, System Admins, NOC teams and Security specialists by transforming reactive users into proactive power-users. Our approach leads not only to lightning-fast identification and resolution of IT issues, but also to their prediction, allowing for preemptive measures to be taken. The four founders of Loom Systems share more than 50 combined years of experience generating actionable insights from Big Data. With deep technological and methodological background in elite technology intelligence units, as well as leadership positions at innovative companies in the private sector, they have spent their careers at the cutting edge of analytical process automation. After struggling daily with the tools currently in use in Big Data analysis, they've teamed up to create the definitive technological solution to the problem. Out of this effort grew Loom Systems - an end-to-end platform that mathematically models human analytical skills, and combines it with machines' calculation speed and diligence.

    Micro Focus ArcSight Data Platform is designed to enhance data collection with security context to lay the foundation for intelligent security operations.

    Micro Focus ArcSight Express is a SIEM appliance designed to give users the insight and tools to identify and prioritize current and potential threats so they can optimize their response and improve the security of their systems.

    The TippingPoint Security Management System provides global vision and security policy control for threat intelligence and enables comprehensive analysis and correlation.

    Trend Micro ServerProtect for Linux 3.0 offers comprehensive real-time protection for enterprise web-servers and file-servers, preventing them from spreading viruses, spyware, and other Web threats to internal or external endpoints. Managed through an intuitive portable Web-based console, ServerProtect provides centralized virus/malware scanning, pattern updates, event reporting, and configuration.

    SOCVue Security Monitoring is a service that includes 24/7/365 threat detection, remediation guidance, compliance, and SIEM and log management.

    SIEM software management provides network monitoring solutions through a single view.

    ActiveSOC automatically validates that low-scoring events (e.g.User logged in from an unusual location) are attacks. It helps triage alerts as well as generate new intelligence from low-scoring events.

    AD|Assess continuously works in the background and leverages unique algorithms to gather in-depth information about configurations of the directory, privileged accounts, security settings, GPO, endpoints connected to the domain, domain controller configurations and even inappropriate use of privileged accounts. Then, it autonomously analyzes every component for misconfigurations and backdoors attackers left behind. Once identified, an alert is sent to the central console with recommendations for remediation

    Cofense Triage is the first phishing-specific incident response platform that allows security operation (SOC) and incident responders to automate the prioritization, analysis and response to phishing threats that bypass your email security technologies.

    CorreLog is a ISV for cross-platform IT security log management and event log correlation.

    CRYPTOSIM is a SIEM software with exceptional correlation and analysis features, serving as a detection and controlling platform that can be integrated with CRYPTOLOG log manager, to provide organizations with threat detection and security risk evaluation on network behavior and performance.

    Cyber Architecture and Engineering empowers its clients to achieve their business goals with network and system integration projects that are efficient in design and operation, are delivered on time and to budget, and provide added value to the business operations as part of the assessment and design process.

    Abacode's custom security program, Cyber Lorica, is centered on Security Information and Event Management, or SIEM. Years of investigation have shown us that the first step taken by growing companies to address cybersecurity risks should be 24/7 monitoring of all devices. Cyber Lorica provides this by offering a SIEM program monitored around the clock by IT Security Professionals. In this way, the platform acts as an alarm that prevents cyber attacks before they become full-blown breaches.

    CyberReveal, a suite of products for enhancing cyber security operations and protecting your business in the connected world.

    empow's security platform radically upends traditional approaches by integrating with your existing network infrastructure and breaking down your security tools into their individual components.

    eVigilPro offers direct analysis of security events generated by computer hardware, network, and applications. It detects anomalies and policy violations through real-time monitoring and stops them by reconfiguring other enterprise security controls. eVigilPro comes with Advanced correlation engine to help analyze large amount of event data for a deeper insight on threats against sensitive data and assets. It provides infrastructure-wide visibility to identify critical threats, respond intelligently, and to provide continuous compliance monitoring. Thus the SIEM application helps in strengthening your overall security posture and leveraging organization’s security technology investment.

    FireEye Helix is a intelligence-led platform designed to simplify, integrate and automate security operations.

    The Telesoft FlowProbe provides detailed un-sampled traffic statistics in the form of flow records from large scale networks up to 2 x 100GbE per high performance 1U appliance.

    Everything you need to proactively stop Advanced Persistent Threats (APTs). Illusive deceptions help you avert a crisis by cutting off advanced attackers before they reach critical assets

    Ridiculously easy log management is just the beginning

    IntelliTrack Security Control gives your Security Team the power to manage your business security more effectively, more productively and more accurately.

    Interset is an AI security analytics company. Our software is built to swiftly surface IP threats, originating from inside or outside the enterprise, even as they evolve.