Due to their ability to aggregate data, centralise logging and reporting, and alert staffers on potential threats, security information and event management (SIEM) solutions are a valuable tool for information security and compliance teams, particularly those running complex IT and cybersecurity environments with limited numbers.
The difficulty of properly configuring and maintaining a SIEM solution may often be considered prohibitive for small teams, even though understaffed teams are particularly likely to feel the benefits. An improperly configured solution can result in over- or under-reactive alerts, and end up creating more work than it saves. This complexity continues to pose a challenge to effective adoption in many businesses, particularly small/medium-sized businesses with limited staff resources.
However, the increasing complexity of detecting threats within a network (particularly advanced persistent threats), and the increased demand for regulatory reporting, have led to an increasing number of smaller organisations adopting SIEM solutions, or MSSPs which include SIEM services.
This was borne out by findings from our report – participants from all company sizes except ‘fewer than 50 employees’ answered our question about which SIEM solution they had found most effective, with percentages mapping closely to the overall percentage of participants at each size band of company.
In those responses, the most commonly named provider was Splunk, which received 22% of all votes cast in this category. Other standout providers included IBM (a close second place, with 17% of the vote), LogRhythm, AlienVault and Micro Focus, most of whose votes specifically named ArcSight, a solution the company acquired as part of its merger with HPE.
Interestingly, though participants from companies of a range of sizes responded to the question, there was a visible split in which providers they preferred. The vast majority of participants who voted for Splunk and Micro Focus in this category were at large companies, with over 1000 employees – a full third of Splunk’s votes came from participants at companies with more than 5000 employees.
IBM and AlienVault tended to be most popular with medium to large businesses, each getting between 40-50% of their votes from companies with 100-500 employees, but none from companies smaller than that – unlike LogRhythm, which received 20% of its votes from companies with 100 employees or fewer.