Once a niche product deployed only by the largest enterprises, Security Information and Event Management—SIEM—transformed itself into an essential cybersecurity component for enterprises of all sizes. SIEM offers the threat detection, log management, and security event correlation necessary to discovering threats dwelling on the network and containing them. Without these capabilities, enterprises lack the visibility to recognize when threats penetrate their digital perimeter.
Yet no two SIEM solutions are created alike. Each has their own strengths, weaknesses, sizes, and focuses. Enterprises looking for a next-gen SIEM solution must cut through a mature and populated marketplace to find the right fit for their network. Which vendors could be called well-rounded examples of SIEM? Who do researchers consider pillars of the marketplace?
Technology research firm Gartner named the following providers the Seven 2018 Gartner SIEM Magic Quadrant Leaders. According to their report, Gartner finds these solutions offer the capabilities most aligned with market needs with the ability to execute their visions. The Seven 2018 Gartner SIEM Magic Quadrant Leaders offer insight into the benchmarks experts and enterprises have for new vendors entering the SIEM field.
The Seven 2018 Gartner SIEM Magic Quadrant Leaders
Securonix provides the SNYPR Security Analytics Platform. This tool can leverage Hadoop for its event and data collection. SYNPR, in turn, can be leveraged to scale based on enterprise needs and size.
McAfee offers numerous components for their SIEM capabilities, of which their Enterprise Security Manager is the core. The other components provide capabilities such as long-term log management and anomaly detection.
Exabeam provides six products with straightforward licensing and pricing models, including Exabeam Cloud Connectors. Their capabilities include a Data Lake, Advanced Analytics, and a Threat Hunter.
Dell Technologies (RSA) offers the RSA Netwitness Platform, which in turn offers data acquisition, forwarding, storage, and analysis. The vendor also delivers security orchestration, automation and response (SOAR).
LogRhythm has their NextGen SIEM Platform, configured for either large enterprises or for mid-sized enterprises. They’ve recently added cloud-based add-ons to their UEBA tools and improved their alarm features.
IBM provides the QRadar Security Intelligence platform, built around the IBM QRadar SIEM. Other components include application visibility, UBA modules, forensic investigation, and incident management.
Splunk offers an SIEM solution technically composing of four different solutions. Splunk Enterprise, the cornerstone of their Security Intelligence Platform, offers event and data collection, visualizations, and incident response.
You can read the full 2018 Gartner SIEM Magic Quadrant here.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019