Features
Top Performing Features
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 7.7
Host and network-based intrusion detection
Ability to detect both endpoint intrusion and network ingress detection
Category average: 7.4
Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 9
Custom dashboards and workspaces
dashboards that can be customized to meet the needs of specific groups
Category average: 8
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 9
Correlation
Correlation of logs and events to pinpoint significant threats
Category average: 8.4
Event and log normalization/management
Ability to normalize event syntax so that logs can be compared and are machine-understandable
Category average: 8.5
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 7.7
Integration with Identity and Access Management Tools
Integration with access control tools like Active Directory and LDAP
Category average: 7.7
Custom dashboards and workspaces
dashboards that can be customized to meet the needs of specific groups
Category average: 8
Host and network-based intrusion detection
Ability to detect both endpoint intrusion and network ingress detection
Category average: 7.4