Join the 1500 companies using G2 Track to manage SaaS spend, usage, contracts & compliance.

Best Security Information and Event Management (SIEM) Software

Security information and event management (SIEM) software combines a variety of security software components into one platform. Companies use SIEM products to centralize security operations into a single location. IT and security operations teams can gain access to the same information and alerts for more effective communication and planning. These products provide capabilities to identify and alert IT operations teams of anomalies detected in their systems. The anomalies may be new malware, unapproved access, or newly discovered vulnerabilities. They provide live analysis of functionality and security, storing logs and records for retrospective reporting. They also have tools for identity and access management to ensure only approved parties have access to sensitive systems. Forensic analysis tools help teams navigate historical logs, identify trends, and better fortify their networks.

SIEM tools may be confused with incident response software, but SIEM products provide a larger scope of security and IT management features. Most also do not have the ability to automate security remediation practices.

To qualify for inclusion in the SIEM category, a product must:

  • Aggregate and store IT security data
  • Assist in user provisioning and governance
  • Identify vulnerabilities in systems and endpoints
  • Monitor for anomalies within an IT system
G2 Grid® for Security Information and Event Management (SIEM)
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
content
Features
Star Rating

Security Information and Event Management (SIEM) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Security Information and Event Management (SIEM) Software

Results: 79
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 79
Filter Results
Filter by:
Sort by
Features
Star Rating
Sort By:

    ManageEngine - Log360 ois a one-stop solution to all Log Management and Active Directory Auditing.

    Micro Focus ArcSight Data Platform is designed to enhance data collection with security context to lay the foundation for intelligent security operations.

    ArcSight Enterprise Security Manager (ESM) is a comprehensive threat detection, analysis, triage, and compliance management SIEM platform that dramatically reduces the time to mitigate cyber-security threats.

    Micro Focus ArcSight Express is a SIEM appliance designed to give users the insight and tools to identify and prioritize current and potential threats so they can optimize their response and improve the security of their systems.

    Micro Focus Sentinel is a Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers actionable intelligence security professionals need to quickly understand their threat posture and prioritize response.

    Ostendios MyVCM is a cloud-based cybersecurity and information management platform that delivers an easy to use, cost-effective way for companies to demonstrate information security compliance to multiple industry standards and regulations.

    Make decisive, appropriate responses to incidents by automating identification and resolution processes.

    Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware, Windows Server and network devices. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.

    PacketViper's patented cybersecurity platform features integrated deception, defense and intelligence that helps our customers address cybersecurity challenges in a practical, high-impact manner. PacketViper sits inline at key network transition points throughout the network. Licenses are deployed in one of three models (on-premise, cloud/AWS and bring your own hardware BYOH).

    Powertech Event Manager is a real-time cybersecurity insight and response platform, designed to help your existing staff respond to critical security threats faster.

    PT Industrial Security Incident Manager is designed to detect hacker attacks on ICS/SCADA systems and help to investigate cybersecurity incidents at critical sites.

    ScienceSoftSIEM is a SIEM platform enhanced with self-diagnostics and self-optimization features.

    SecBI uses network traffic analysis based on unsupervised and supervised machine learning to detect and investigate complex threats.

    SecureCircle provides a completely transparent cybersecurity solution which is always encrypted, trackable, and retractable, helping organizations to effectively secure data. SecureCircle helps companies within healthcare, finance, manufacturing, pharma, media, and government organizations meet data security and compliance requirements.

    The TippingPoint Security Management System provides global vision and security policy control for threat intelligence and enables comprehensive analysis and correlation.

    Leo TechnoSoft's Intelligence Driven SOC is an integrated stack of security solutions and offers security incident and event management (SIEM), identity and access management (IDM), privilege identity management (PIM) and cloud access security broker (CASB), which is built on security Big Data.

    Ignite's SenSage AP is a powerful Event Data Warehouse (EDW) that enables advanced data analysis, detailed forensics and ad hoc investigations on a wide variety of data formats at very large scale. The only EDW designed specifically for event data, it collects and stores more data, from more sources, over longer periods of time, years or even decades, so that you can conduct faster, more sophisticated analytics.

    Trend Micro ServerProtect for Linux 3.0 offers comprehensive real-time protection for enterprise web-servers and file-servers, preventing them from spreading viruses, spyware, and other Web threats to internal or external endpoints. Managed through an intuitive portable Web-based console, ServerProtect provides centralized virus/malware scanning, pattern updates, event reporting, and configuration.

    SIMBUS is a complete privacy and security management software that is designed to help any size facility get and maintain compliance.

    SOCVue Security Monitoring is a service that includes 24/7/365 threat detection, remediation guidance, compliance, and SIEM and log management.

    cloud-based threat detection and management

    With full compliance capabilities, threat detection, and 24/7 monitoring, complete security coverage is within your grasp. TSM is the first completely consolidated security device that allows organizations to have complete coverage in a simple, cost-effective, and resilient platform. TSM combines a fully integrated device with sophisticated automated defenses to harden your network.

    TraceAlert is a fully managed Security Information & Event Management (SIEM) solution.

    Unomaly provides a new way of analyzing streaming data. Unomaly analyzes data upfront and remembers everything it has seen. - A new way of highlighting and revealing must-see data Unomaly universally detects and reveals non-normal data without prior knowledge of incidents. - A new way of reducing, storing, and scaling data. Unomaly efficiently reduces the amount of data to analyze, store, and transmit. OUR DIFFERENCE What is algorithmic monitoring? Universal data tokenization - All software systems produce log data that explains what it is doing and when it is failing. Unomaly specializes in ingesting and analyzing any full stack, cross-platform raw data in real time, without concerns for format, structure, or volume. This allows Unomaly complete coverage of full stack environments. Data privacy and integrity Today, working with data comes with responsibility. Unomaly has been built from the ground up with data privacy and compliance in mind. As it reduces data and only keeps the vitally important, it helps you avoid harboring sensitive data that you later need to clean. It is designed to profile software systems — never people. Multi-type anomaly detection Incidents create anomalous data as they develop from cause to impact. Unomaly is designed to detect different types of anomalies in real time - such as new events or changing structures and parameter. By being able to isolate all relevant data, Unomaly can paint a complete picture of every issue. Rapid progressive learning The modern data center is constantly changing. Unomaly analyses streaming data in real time and progressively learns normal. It recognizes normal patterns in events, structures, parameters and frequencies and update models as new data arrives. Unomaly automatically stays up to date and relevant. Data reduction pipeline When dealing with data transmission, storage and processing quickly becomes a problem in itself. Unomaly is designed to reduce data while analyzing it. By reducing repeating data, it can focus on storing and transmitting data that actively contributes to new information. It protects your infrastructure and team from spikes and the burdens of scale. Flexible and self-managing - Software systems should not need continuous maintenance. Unomaly was built to work on its own, with very little care needed. It deploys close to where you run your software, automates analysis and effectively reduces data automatically.

    VASA helps enterprises identify and analyze cybersecurity threats in real time, allowing organizations to take a proactive security posture in a fast changing threat landscape.

    Verodin safely instruments security directly on your enterprise network, dynamically assessing the cumulative effectiveness of your entire security portfolio.

    Vijilan will deploy and implement its fully managed service in record time, and as part of the service, Vijilan will monitor and respond to any threat or suspicious behavior on the network through its technologically advanced SOC and Incident Response Team (IRT) who operate around the clock.

    The network security emergency response service is to discover and confirm network security events such as hacking, denial of service attacks, unauthorized network communication, system operation, website page tampering, abnormal traffic attacks, network worm propagation, etc. Respond to disposal to reduce possible risks and losses. The service provides customers with professional technical guidance and resources to improve security, resist attacks and perform security repairs.