Jun 25, 2012
IT Pro Ranking: SIEM
InformationWeek surveyed 322 business technology professionals who use or have used or evaluated security information and event management (SIEM) products in the past 12 months. We asked respondents to rate these products in two major categories: overall performance and SIEM-specific capabilities such as real-time alerts, search and log management. Our survey listed 17 vendors; of those, eight received a sufficient number of responses to be rated: HP/ArcSight, IBM/Q1 Labs, NetIQ, Novell, Quest Software, Splunk, Symantec and Tripwire.
Users and evaluators of IBM/Q1 Labs rated it leader for overall performance, with a score of 76%. However, Novell and HP/ArcSight are just behind with scores of 75% and 74%, respectively. When it comes to SIEM features, respondents again rated IBM/Q1 Labs as leader, at 84%. Novell was rated 81%. From here, the gap between scores begins to fall more steeply, with HP/ArcSight rated third at 77%.
Our survey also looks at primary drivers for SIEM use, most important features, challenges that users face with the products and other aspects of SIEM operation. We also provide the mean average ratings for vendors in each of the general performance and feature-specific criteria used for our scoring. (R5030612)
Survey Name InformationWeek 2012 Security Information and Event Management Vendor Evaluation Survey
Survey Date April 2012
Region North America
Number of Respondents 322
Purpose To determine preference for vendors supplying security information and event management products to enterprise IT organizations.
Methodology InformationWeek surveyed business technology decision-makers at North American companies. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek subscribers. Individual evaluations were conducted for vendors whose products have been used or evaluated in the past 12 months by 50 or more respondents. Respondents were asked to evaluate only those vendors/products for which they reported recent use or evaluation.