Security information and event management (SIEM) solutions can often be seen as unwieldy and complex, and there is a common belief that they are therefore only fit for large organisations who can handle them effectively. However, this viewpoint overlooks the more progressive SIEM solutions designed for businesses of all sizes. These challenges can make choosing the right solution difficult, after all every business is different, and there is no ‘one size fits all' solution.
Over 388,000 professionals have used IT Central Station research to inform their purchasing decisions. Its latest paper looks at Rapid7 InsightIDR and Splunk, two of the highest reviewed solutions in the SIEM market.
Below is a brief summary of the report, highlighting what real IT Central Station users think of each solution - from their most valuable features, to how they've improved individual businesses, as well as what each solution could do better.
Rapid7 InsightIDR
Gives you the insight you need to make better decisions across the incident detection and response lifecycle
Frequently compared to Splunk and Darktrace, Rapid7 InsightIDR is a popular choice for those looking for a new SIEM solution. It appeals to business leaders from a range of industries, including computer software, comms services, and media firms. It also has features that ensure it proves popular with businesses of all sizes, from small, sub-200 employee organisations to large companies with workforces of over 1000.
One of the key features that appeals to users is the web interface which is both very useful and user-friendly. Furthermore, an impressive incident case management function ensures that InsightIDR customers can sort through all logs, network, and endpoint data and add it to an incident case as part of an investigation quickly and easily. However, the solution could be improved with updates to how it carries out cloud risk assessments, and critics argue that the addition of configurable honeypots would also be welcomed by users.
Splunk
Splunk's vision is to make machine data accessible, usable, and valuable to everybody
With a rating of 8.3 from 29 reviews, Splunk is a highly respected, and popular, choice in the SIEM market. Financial services firms, energy/utilities companies, and retailers all make use of the solution, and hail from companies of all sizes. 58% of reviewers come from large organisations with over 1000 employees, whilst 14% come from midsize enterprises, and 27% from small businesses with less than 200 members of staff.
Splunk's plaudits highlight its log management feature as its most valuable, stressing its ability to move more logs than any other solution and ensure that troubleshooting problems can be done with ease. Users also appreciate how easy initial setup is, praising its simplicity and the short time it takes to get running. Despite these features, Splunk has a few areas which could be improved. Critics of the solution would like to see data onboarding made easier, and improvements made to the cybersecurity and infrastructure monitoring features.