I have compared social networks of various SIEM tools on Twitter. Every single SIEM tool has specific weaknesses and seeing relations between particular SIEM tool and certain companies and personnel might provide valuable insight for future scope of penetration testing.
Should this maps be combined with insights from LinkedIN and job posting portals, pattern matching algorithm might reveal direct connection between a company, software they use, skills required from people a company is attempting to hire and also single individuals. This brings new layers to the attack surface.
Following pictures are maps of Twitter relations of broadly known SIEM and SIEM – like tools.
So far I have analyzed only the SIEM tools I have some experience with. Do you miss any more SIEM here? Let me know.
Sorted after categorization of nodes (Twitter accounts)
It looks like ArcSight does not reside a lot on Twitter. Since it belongs to HP now, it might be useful to track matching patterns between HP and relating corporations.
Raw picture only:
Again same story as with HP´s ArcSigh, QRadar is not really much featured on Twitter. To determine true relationship I would be needed to investigate relation between IBM and related corporation.
Last but not least, the Splunk. It is my favorite and also it is not SIEM in general. Only it has well developed app for Enterprise security monitoring.
I like Splunk for its capability to grab and normalize information from vast amount of sources.
In my opinion while it might be not self-sufficient SIEM tool for a big corporation, it can still be beneficial for smaller companies as well as additional tool for Security analysis besides corporate SIEM tool.