Summarize the SIEM platform shown in GovWare 2022

In the last week Singapore International Cyber Week GovWare 2022, a lot of vendors showed their Security Information and Event Management (SIEM) platform. SIEM is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure. It also provide a combine platform to apply different kind of cyber security threats research technology especially such as big data, ML&AI.

In this document, we will do a short review of different SIEM platform and their threat monitoring dashboards shown by several leading security vendor in the Govware 2022. We will introduce the user interface features, threat detection and analytics features and main function/control features of the Anomali, BitSight, Exabeam, Extrahop, LogRhythm and Splunk in the first section. The key features comparison table will be show in the second section.?

We will summarize the analysis result by below steps:

So you can use it as a reference to select the SIEM platform which can suitable for your business.?

Anomali Intelligence SIEM Platform

Vendor Company: Anomali Inc.

User Interface Features

Platform dashboard View:?

• Customizable widgets and layout.?
• Research community website integrated.
• Easy to use : automation and flexibility.

Function/Control Features?

• Automate threat detection, investigation, response.?
• Automated threat intelligence collection, curation and distribution.?
• Automate the discovery, definition and ingestion of unstructured intelligence.
• Threat analysis tools selection.?
• Third party threat detection/analysis tools integration

-------------------------------------------------------------------------------------------------------------

BitSight Security Monitoring?

Vendor Company: BitSight Technologies

User Interface Features

Platform dashboard View:?

• Customizable widgets and layout.
• Security rating system to show how robust a system against the threat.?
• Security awareness training completion rating platform.?

Function/Control Features

• Security Ratings Service (“SRS”) serves.
• Grade system for botnet,?Peer to peer file sharing, potentially exploited machines, and unsolicited communications.
• Focus more on the users in an organization.?

Detection and Analytics Features

• UEBA (User and entity behavior analytics)
• Risk and detail credit scoring.?

-------------------------------------------------------------------------------------------------------------

Exabeam Threat Data Lake

Vendor Company: Exabeam, Inc.

User Interface Features

Platform dashboard View:

• Customizable page layout and chart builder.?
• Patented smart timeline display. (A timeline presents the operational events underlying a security incident in sequential order)

Function/Control Features

• Data Lake unlimited logging, open architecture and scalability of data config.?
• Customizable searching.?
• Alert handling control/config (smart timeline).?

Detection and Analytics Features

• UEBA (User and entity behaviour analytics)
• Risk scoring.?
• Machine learning for host classification.
• Dynamic peer grouping.
• Fully rule based matching and filtering supported.?

-------------------------------------------------------------------------------------------------------------

Extrahop Potential Security Monitoring?

Vendor Company: ExtraHop Networks

User Interface Features

Platform dashboard View:

• Drag and drop for editing widgets and layout.?
• SOC visibility triad: NDR (Network detection and response), SIEM and EDR(Endpoint detection and response)

Function/Control Features

• Intelligence searching function.
• Support user uploading a custom threat collection/sample to their ExtraHop-managed threat sensors.
• Dashboard one time link access for sharing or costumer free trail.?

Detection and Analytics Features

• SOAR (Security orchestration, automation, and response)
• Risk scoring.?
• Machine learning detection and behavioural analysis.??
• Built-in rule-based threat detection.
• Customize rule-based threat detection.?

-------------------------------------------------------------------------------------------------------------

LogRhythm NextGen SIEM Platform

Vendor Company: LogRhythm, Inc

User Interface Features

Platform dashboard View:

• Customizable widgets and layout.?
• More chart control (chart split/partial detail zoom) and hot key control config.

Function/Control Features

• Customizable data searching.?
• Alarm configuration and control.
• Task planning and event filtering

Detection and Analytics Features

• NextGen SIEM UEBA and SOAR
• Risk scoring, cloud AI event scoring and user anomaly scoring.?
• Cloud AI threats detection management.
• Diagnostic alarm rules with AI engine.?

-------------------------------------------------------------------------------------------------------------

Splunk Enterprise SIEM Platform

Vendor Company: Splunk Technology

User Interface Features

Platform dashboard View:

• Customizable widgets and layout, support 3rd party visualizations widgets plug in.
• Splunk UBA(User behaviours analysis) SDK dev page for customized model build

Function/Control Features

• Splunk knowledge/data management function.
• User can design their own events from a data set based on certain criteria.
• Dashboard sharing and exporting.

Detection and Analytics Features

• Analytics-driven Cloud SIEM and Splunk SOAR
• 120+ use cases in UEBA products.?
• Customizable anomaly scoring (Fraud Risk Scoring).
• Multi-pass machine learning for threat detection.?
• Rule based matching.?

-------------------------------------------------------------------------------------------------------------

Trustwave Fusion SIEM Portal

Vendor Company: Trustwave Holdings, Inc.

User Interface Features

Platform dashboard View:

• Customizable dashboard.?
• Multiplatform UI optimization (web browsers, mobile Android / IOS App).

Function/Control Features

• Search assets, data set finding and data searching.
• Managed asset view.
• Combined findings.
• Support area with chart.
• Task management and periodic report generation.

Detection and Analytics Features

• SOAR (Security orchestration, automation, and response)
• Risk and Rigorous scoring.?
• Trustwave’s Global Threat Operations (GTO) team’s three tiers analytics.
• Rule creation and tuning.

Function and feature compare tables

We will do the detailed analysis for each SIEM platform one by one in the future. Hope this can help you to choose the suitable one for your business.