Are you using a SIEM product? If yes, which one and what has been your experience so far w.r.t  1. Implementation 2. Effectiveness 3. TCO

Elastic SIEM with DIY customizations. 1. Fairly straightforward OOTB. 2. Very.  Does exactly what we ask it to do. 3. TCO is much better than the RSA Security Analytics / Netwitness SIEM it replaced.

Anonymous Author
Elastic SIEM with DIY customizations. 1. Fairly straightforward OOTB. 2. Very.  Does exactly what we ask it to do. 3. TCO is much better than the RSA Security Analytics / Netwitness SIEM it replaced.
0 upvotes
Anonymous Author
Elastic and Splunk. Easy, effective, but expensive.
0 upvotes
Anonymous Author
We keep cycling through different options. The SaaS models for this get expensive fast, or you sacrifice data because of cost.  The on prem or open source options require a lot of dedicated time to configure.
0 upvotes