20162171025_Anish_Shah(CS)

Practical-3

A Cybersecurity consultant has hired you for a 1000-employee organization that deals
with debt collection. The organization is spread across the globe and has employees
working from home and in varied locations. The data for the company is distributed
over physical and cloud servers located in different venues. Listed below is the list of
the tools that the company is considering for the final implementation.

SIEM (Enterprise Tools)

 Datadog Security Monitoring
 SolarWinds Security Event Manager
 ManageEngine EventLog Analyzer.
 Splunk Enterprise Security
 OSSEC
 LogRhythm NextGen SIEM Platform
 AT&T Cybersecurity
 AlienVault Unified Security Management
 RSA NetWitness
 IBM QRadar
 McAfee Enterprise Security Manager

SIEM (Non-Enterprise Tools)

 OSSIM
 The ELK Stack
 OSSEC open source
 Wazuh
 Apache Metron
 SIEMonster
 Prelude
 SecurityOnion
 MozDef
 Snort
 Suricata

The organization wants a SIEM tool which can be integrated with various first-party
and third party integration. It also requires the tool to help meet compliance
requirements like PCI-DSS and SOX. Please prepare a detailed list of comparisons and
mention the features, pricing, suitable for which business scenario, pros and cons of
each tool before making a final suggestion for the tool.
20162171025_Anish_Shah(CS)

Also, prepare a synopsis of the difference between the enterprise tools and the non-
enterprise tools.

SIEM Tool Features Pricing Suitable for Pros Cons

Datadog Real-time High Tech Scalable, cloud- Expensive, may

Security threat companies, native have limited
Monitoring detection, log cloud-based architecture on-premises
management, support
analytics

SolarWinds Event Moderate- SMBs, Mid- User-friendly Limited

Security Event correlation, log High sized interface, easy scalability for
Manager analysis, threat enterprises to set up large
detection enterprises

ManageEngine Log Low- SMBs Affordable Limited

EventLog management, Moderate pricing, easy advanced
Analyzer compliance deployment features
reporting,
threat
detection

Splunk Advanced High Large Powerful and High cost and

Enterprise analytics, enterprises customizable complexity
Security threat
intelligence,
incident
response
20162171025_Anish_Shah(CS)

OSSEC Host-based Free and Small to Open-source Resource-

intrusion Open- mid-sized and intensive for
detection, log source businesses customizable large
analysis environments

LogRhythm Threat High Enterprises Extensive Complexity

NextGen SIEM detection, automation may require
Platform compliance capabilities specialized
automation training

AT&T Threat Moderate- Enterprises, Global threat Integration

Cybersecurity intelligence, High government intelligence challenges with
behavior network some systems
analysis

AlienVault Threat Moderate SMBs, Mid- Affordable all- Limited

Unified Security detection, sized in-one solution customization
Management asset discovery enterprises and scalability

RSA Real-time High Large High Expensive and

NetWitness visibility, enterprises performance complex to set
advanced and powerful up
analytics analytics

IBM QRadar Threat High Large Scalable and High cost and
detection, enterprises comprehensive complexity
incident
response
20162171025_Anish_Shah(CS)

McAfee Real-time High Enterprises Integrates well High pricing

Enterprise monitoring, with other and resource
Security compliance McAfee requirements
Manager automation products

Synopsis: Difference Between Enterprise Tools and Non-Enterprise Tools

 Enterprise Tools and Non-Enterprise Tools refer to software solutions designed to meet
the distinct needs of large organizations and smaller businesses or individual users,
respectively. These two categories of tools exhibit several differences in terms of
features, scalability, pricing, support, and target user base.

1. Target User Base:

 Enterprise Tools: Primarily developed to cater to the requirements of large
organizations, corporations, and enterprises with extensive IT infrastructure and
complex operational needs.
 Non-Enterprise Tools: Designed for small to medium-sized businesses (SMBs),
individual users, or freelancers with simpler needs and more modest budgets.

2. Features and Functionality:

 Enterprise Tools: Tend to have comprehensive and sophisticated feature sets to
address the diverse and intricate demands of large-scale operations. These tools
often include advanced analytics, integrations with other enterprise systems,
compliance features, and enhanced security capabilities.
 Non-Enterprise Tools: Generally offer a more focused set of features, prioritizing
ease of use and affordability. While they may still provide valuable functionalities,
they might lack the depth and complexity found in enterprise-grade solutions.

3. Scalability:
 Enterprise Tools: Built to handle significant data volumes, traffic, and user loads.
They are designed to scale seamlessly with the growing needs of large
organizations without compromising performance.
 Non-Enterprise Tools: Typically have limitations in scalability, which might not be
suitable for handling substantial growth or increased demands beyond a certain
point.

4. Pricing:
20162171025_Anish_Shah(CS)

 Enterprise Tools: Often come with higher price points due to their advanced
capabilities, enterprise-grade support, and scalability. Pricing models might involve
licensing fees, subscriptions, or customized plans based on the organization's size
and requirements.
 Non-Enterprise Tools: Tend to be more affordable, with pricing structures tailored
to smaller businesses or individual users. Many non-enterprise tools also offer free
versions or basic plans with limited features.

5. Support and Maintenance:

 Enterprise Tools: Typically provide robust customer support, including dedicated
account managers, 24/7 technical assistance, and service-level agreements (SLAs) to
ensure smooth operation and minimal downtime.
 Non-Enterprise Tools: Support offerings might be more limited, with self-help
resources, community forums, or email support. Phone or real-time support might
be less common.

6. Integration and Customization:

 Enterprise Tools: Often offer extensive integration options with other enterprise
systems, databases, and third-party applications. They may also allow for greater
customization to fit specific organizational workflows.
 Non-Enterprise Tools: While some level of integration and customization might be
available, it is usually not as comprehensive as in enterprise-grade solutions.

Conclusion:
In conclusion, the main differentiating factors between Enterprise Tools and Non-
Enterprise Tools are the target user base, feature sets, scalability, pricing, support, and
level of integration/customization. Organizations should carefully consider their specific
requirements and budget constraints when choosing the most suitable type of tool for
their needs.