Are you using a SIEM product? If yes, which one and what has been your experience so far w.r.t 1. Implementation2. Effectiveness3. TCO

Question

Are you using a SIEM product? If yes, which one and what has been your experience so far w.r.t 1. Implementation2. Effectiveness3. TCO

Answer

Elastic SIEM with DIY customizations.1. Fairly straightforward OOTB.2. Very.  Does exactly what we ask it to do.3. TCO is much better than the RSA Security Analytics / Netwitness SIEM it replaced.

Answer

Elastic and Splunk. Easy, effective, but expensive.

Answer

We keep cycling through different options. The SaaS models for this get expensive fast, or you sacrifice data because of cost.  The on prem or open source options require a lot of dedicated time to configure.