Splunk and AT&T Cybersecurity offer two of the best SIEM/data management packages in the business, with each product offering specific benefits for potential buyers.
It’s a bona fide trend that companies that started out producing SIEM solutions are now branching out to provide full data management platforms. This is indeed the case with both Splunk and AT&T Cybersecurity, formerly known as Alienvault.
SIEM, the modern tools of which have been in existence for about 14 years, is an approach to security management that combines the SIM (security information management) and SEM (security event management) functions into one security management system. SIM collects, analyzes and reports on log data; SEM analyzes log and event data in real time to provide threat monitoring, event correlation and incident response. Due to its 24/7, real-time nature, SIEM is now a required technology for large enterprises.
Both SIM and SEM functions provide on-demand analysis of security alerts generated by applications and network hardware. Security providers that can combine these two functions are in the inside lane for new business.
AT&T Cybersecurity vs. Splunk: Two of the Best in the World
AT&T Cybersecurity and Splunk, both of which have been in the market Top 10 for the better part of a decade, are two of the most popular security information and event management (SIEM) solutions now available. They also have blossomed to become top-notch data management platforms. However, each vendor offers distinct benefits to potential buyers. Both offer strong core SIEM products, but they differ in use of intelligence and integration with third-party and other security tools.
Both companies make a point of playing nicely with most other supporting products, knowing that most—if not all—IT shops already have a number of different SIEM and data management products at work on a daily basis.
What follows are some key features and analysis of each solution. Here is a face-to-face compilation of pros and cons for two of the best in the SIEM and DM tools business.
HQ: San Mateo, Calif. CEO: Barmak Meftah (2011-) Founded: 2007, Madrid, Spain Number of employees: 400 Parent organization: AT&T Communications Founders: Alberto Roman, Ignacio Cabrera, Julio Casal, Dominique Karg
What AT&T Cybersecurity brings to the IT table:
The AT&T Unified Security Management (USM) Appliance is a virtual or hardware appliance-based threat detection and incident response platform that combines SIEM and log management functionality with other security tools, such as asset discovery, vulnerability assessment and intrusion detection. USM Anywhere provides similar functionality in a cloud-based SaaS offering. A range of apps are available to add functionality, including integration with Cisco Umbrella, Palo Alto Networks, Carbon Black and others.
The former Alienvault was acquired by AT&T in August 2018, had its name changed to AT&T Cybersecurity in February 2019, and is an integral part of AT&T’s newly created Cybersecurity Solutions division. The AT&T Cybersecurity SIEM product, Unified Security Management (USM) Anywhere, is delivered as SaaS, and includes several components for asset discovery; vulnerability assessment; and intrusion detection system (IDS) for network, host and cloud; as well as for core SIEM capabilities. USM Appliance (an on-premises software deployment) is still supported, but the vendor’s emphasis is on the Anywhere SaaS offering. Additional offerings include the Open Threat Exchange (OTX) threat intelligence sharing capability and OTX Endpoint Threat Hunter service, both no-cost services. AT&T Cybersecurity also offers Open Source Security Information Management (OSSIM).