Security Information and Event Management (SIEM) insider threat Reviews

Showing reviews of the top ranking products in Security Information and Event Management (SIEM), containing the term insider threat
IBM QRadar: insider threat
PK
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

View full review »
LogRhythm NextGen SIEM: insider threat
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees

It has not only helped us meet requirements on a development program, but it has also allowed us to focus on insider threats as well as provide forensics capabilities to identify potential security risks.

View full review »
Securonix Security Analytics: insider threat
CEO/Executive Director at Iconic Engines

Our primary goal is insider trespass. We have also been using the product for account privilege misuse as well as intellectual property and data theft. Going into the cloud, we have expanded our scope to cloud applications. We never supported the cloud but now that we are using SaaS we've been able to cover cloud applications and cloud infrastructure. That use case is picking up a lot of speed. But, traditionally, it's been used for insider threat and account misuse.

View full review »
Netsurion EventTracker: insider threat
Chief Information Security Officer at Samford University

The solution saves me at least half an FTE, some 20 hours a week. If I didn't have the managed services, I would have to have another half an FTE just to do the work that they do for us.

EventTracker has assisted our server administration team as well. If they're having software problems or access problems or the like, they have the ability, with all the logs now centralized in one place, to go to one place and do those searches, rather than to go individually, server by server by server, and try to figure it out. 

It's also tied into our enterprise firewall, which is Palo Alto. It really helps them in their troubleshooting time if they're having an issue. 

There are 3 aspects that EventTracker is very helpful to our organization.  One side is the information security side where it helps us quickly investigate an incident including false-positives. A second aspect is operational efficiency.  It would really take a lot of time to try to figure it out server by server but with EventTracker they can go to one place which has all those server logs. The third aspect is log archives. Once it makes it to EventTracker, they can keep local log storage space pretty low and don't have to burn a lot disk space on the local servers.

I also feel that EventTracker has better integration. Almost any product could integrate with just about anything else, given enough time and resources. But that's part of the managed services that we contract with EventTracker. We have integrations into Sophos (for antivirus), Office 365 (for email) and for our enterprise firewall (Palo Alto), and our Cisco networking equipment. So we've got all the critical infrastructure pieces integrated and all of those were integrations out-of-the-box-that I probably could have figured out if I had enough time. But I tell them what I'm trying to do and either they have a white paper which gives me one, two, three steps to do it, or they actually take over. I give them a service account. They take over, they do it, we do some testing and we go live with it.

Everything we have is a real-time feed. We don't have anything that is just batch and then it reads it in later. Especially on those real-time alerts that I mentioned, I know about each of those literally within minutes after it happens, because it's a real-time feed. The alert fires and sends me an email or a text, whichever I have set up.

We're also very impressed with EventTracker SIEMphonic. That's what they've renamed their SIEM tool. We use it quite a bit now. They've got something called potential insider threats that we look daily. Those are things like account creations and the like. A SIEM tool doesn't necessarily know, just because an account is created, whether it should have been created or if somebody created it to try to hide their tracks. Also, seeing things like logs being cleared on servers has been very helpful to us. We would have no other good way to get visibility into those types of things. An extension of that is the alerts that we talked about. It's really been really invaluable for us to get insight into our environment. There'd be no other way for us to really get that without either SIEMphonic or one of its competitors.

View full review »
Devo: insider threat
Manager of Security Services at OpenText

I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations.

We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for them. 

We use Devo in traditional ways and in some home grown ways.

For example, if there is a current answer response, I need to see what's going on in their environment. Currently, I'll stream logs from the syslog into Devo and review those. For different tools that we use to do analytics and forensics, we'll parse those out and send that up to Devo as well. We can correlate things across multiple forensic tools against log traffic, network traffic, and cloud traffic. We can do it all with Devo.

It's all public cloud, multi-factor authentication, and multi-tenant. We have multiple tenants built in as different customers, labs, etc. Devo has us set up in their cloud, and we leverage their instance.

We are using their latest version.

View full review »