How is SureLog Different from Other SIEM Products?

SureLog designed from the ground up. SureLog has many advantages when compared with other SIEMs:

· Easy to use

· Advanced taxonomy [1]

· Advanced correlation

· User behavior rules [2,3]

· Profiler rules [4]

· Capacity&performance

· Price advantage

Learning curve and SIEM.

Even with a unified system interface, the work of the security analyst, and the SIEM itself can still be highly complex. This complexity contributes to a learning curve for security analysts that is longer, and organizations require a more skilled person.

SureLog solves this complexity. SureLog GUI designed for a user which has experience with any BI tools, any CRM and any ERP tools.

A user-friendly GUI enables easier security management. It is essential to effective SIEM analysis that it has an interface that eases security professionals’ assessment and interpretation tasks. SureLog supports alerting, reporting, and exploration with a simple and intuitive UI.

Current SIEMs are not good at holding state for long periods of time. But SureLog SIEM does not have those drawbacks.

A typical SIEM use case is alert when one hostname has more than three password change in twenty-four hours.
If we try to detect three password change in sixty minutes, it is easy for most of the SIEM solutions. However, when we try to detect this action within twenty-four hours, this is not supported by most of the well-known SIEM solutions.
SureLog has long term rules editor. Users can create their log time rules (more than weeks) with the wizard and also experienced users can develop their rules with “Rule As a Code” feature [5]. With SureLog one can monitor state for weeks.

Baselining user activity is hard for currently enabled SIEM solutions.

With SureLog log term rule type,it is easy to baseline network and user activities.

Rule as a code.

Most of the time the SIEM correlation engines are not able to tie correlations to entities (Users, IPs, Host). But SureLog tie correlations to entities.

An example would be every time a user logs into a device is to have a rule that adds the username and IP to a list then have another rule do a lookup and if the username and IP are not in the list fire a rule indicating it is the first time the user has accessed the device. It is easy to maintain those list over time with SureLog and also there are no limits to how many rows can be stored.

Scaling and price.

Price matters. SIEM products are differentiated by cost, features, and ease of use. It is known that the more you pay, the greater the sophistication SIEM tool you have. But with SureLog, you do not pay more.

References

1. https://medium.com/@eakbas/why-is-taxonomy-important-and-extensive-surelog-siem-taxonomy-features-824ed40d89b3
2. https://medium.com/@eakbas/surelog-siem-user-behaviour-monitoring-rules-18bcc94d334d
3. https://medium.com/@eakbas/a-quick-guide-to-help-you-understand-and-create-user-behavior-rule-with-surelog-siem-1-e59776dba80f
4. https://medium.com/@eakbas/surelog-siem-profiler-181dd9841c9f
5. https://medium.com/which-generation-of-siem/rule-as-a-code-surelog-correlation-engine-and-beyond-90dc6ab9a52c