Best Security Information/Event Management (SIEM)

Winner: ArcSight for ArcSight ESM

ArcSight ESM is the core analysis engine for managing threats and risks with the ArcSight platform. It provides real-time correlation of threats and risks across all systems in the enterprise. ESM helps enterprises understand who is on the network, what data they are seeing, and which actions they are taking. It identifies the relevance of any given event by placing it within the context of who, what, where, when and why that event occurred and its impact on business risk. ArcSight ESM correlates and analyzes all the log, event and transaction information generated by an enterprise's systems to find potential security threats and risks. It provides the real-time monitoring, historic analysis and automated response necessary to manage the higher level of risk associated with doing business in today's digital world.

ArcSight was purpose-built for flexibility and its products are customer-driven. ArcSight's first customers were U.S. intelligence agencies that couldn't tell the company the devices they wanted to monitor, so it had to build a very flexible technology that could easily adapt to changing use cases.

Other companies build technologies for specific uses in specific verticals, which produced limited architectures that are not easily adaptable or scalable. ArcSight, however, has the broadest interoperability, most flexible and powerful correlation engine and the ability to scale like no one else. In addition, ArcSight has recently updated its solution with new platform features to support a partner economy and broader customer deployment. As the industry leader in SIEM, according to Gartner and IDC, ArcSight has dozens of partners that have built solutions incorporating ESM. These new features make it even easier for partners to build new applications and services around the platform.

Customers are also able to scale the solution as their needs and infrastructure grow – from monitoring a single database all the way up to the largest network in the world. With ArcSight, customers get an objective, neutral third party that can consolidate monitoring across other vendors' products and correlate incidents among them to surface subtle problems that are otherwise impossible to see.

According to IDC, ArcSight ESM is the leader in security information event management (SIEM), with 19 percent market share.


• ArcSight for ArcSight ESM

• Q1 Labs for QRadar SIEM

• RSA, the security division of EMC, for RSA
enVision Platform

• Symantec for Symantec Security Information Manager

• Tripwire for Tripwire Log Center

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.