The Differences Between Common SIEMs and SureLog
SureLog designed from the ground up. SureLog has many advantages when compared with other SIEMs:
- Easy to use
- Data mining and advanced taxonomy
- Advanced correlation
- User behavior rules
- Profiler rules
- Price advantage
Learning curve and SIEM
Even with a unified system interface, the work of the security analyst, and the SIEM itself, can still be highly complex. This complexity contributes to a learning curve for security analysts that is longer, and organizations requires more skilled person.
SureLog solves this complexity. SureLog GUI designed for a user which has experience with any BI tools, any CRM and any ERP tools.
A user-friendly GUI enables easier security management. It is essential to effective SIEM analysis that it has an interface that eases security professionals’ assessment and interpretation tasks. SureLog supports alerting, reporting, and exploration with a simple and intuitive UI.
Current SIEM correlations are not good at holding state for long periods of time.
Typical SIEM use case: Alert when one host name has more than 3 password change in 24 hours (Event ID :4723). If we need to detect 3 password change in 60 minutes, it is easy for most of the SIEM solutions. But when it comes to 24 hours, this is not supported by most of the well-known SIEM solutions with an average hardware requirement. SureLog has log term rules editor. Users can create their log time rules (more than weeks) with the wizard and also experienced users can develop their rules with “Rule As a Code” feature. With SureLog one can monitor state for weeks.
When we analyzed typical SIEM use case sample above, some well-known SIEM solutions try to bypass this limits by using 3 different lists. But if we need a new condition with 30 threshold value, it is not practical and operable
Baselining user activity is hard for currently enabled SIEM solutions.
With log term rule type, advanced watchlist, job lists it is easy to baseline network and user activities. And with the wizard and advanced mode editor, the user can design own baselines which are missing from current SIEM solutions.
Hard to develop complex rules with XML based wizards.
Rule as a Code.
SureLog SIEM is also a development platform. This mindset enables users to better plan and prioritize any changes needed.
Most of the time the SIEM correlation engines are not able to tie correlations to entities (Users, IPs, Host). But SureLog tie correlations to entities.
An example would be every time a user logs into a device is to have a rule that adds the username and IP to a list then have another rule do a lookup and if the username and IP are not in the list fire a rule indicating it is the first time the user has accessed the device. It is easy to maintain those list over time with SureLog and also there are no limits to how many rows can be stored. But with well-known SIEMs, these lists become hard to maintain over time as usually there are limits to how many rows can be stored before there are performance impacts to the correlation engine.
Scaling and price
Price matters. SIEM products are differentiated by cost, features, and ease of use. It is known that the more you pay, the greater the sophistication SIEM tool you have. But with SureLog, you do not pay more.