2021 Gartner Magic Quadrant for SIEM (Security Information and Event Management)

2021 Gartner Magic Quadrant for SIEM (Security Information and Event Management)

The editors at Solutions Review highlight what’s changed since the 2021 iteration of Gartner’s Magic Quadrant for SIEM and provide analysis of the report.

Technology research giant Gartner, Inc. recently released the 2021 Gartner Magic Quadrant for SIEM. You can download it here. Gartner researchers define SIEM (Security Information and Event Management) as “catering to customers’ need to: collect security event logs and telemetry in real-time for threat detection and compliance use cases; analyze telemetry in real-time and over-time to detect attacks and other activities of interest; investigate incidents to determine their potential severity and impact on a business” and more. 

Additionally, Gartner notes the importance of data normalization, network security event monitoring, user activity monitoring, and compliance reporting. However, Gartner also makes note that their market analysis “focuses on transformational technologies and approaches to meeting the future needs of end-users. It does not focus on the market as it is today.”

This means that the report does not present concrete predictions as seen in previous iterations; the entire report could be read as a prediction for this mature and competitive market.  

In 2021, threat management remains the primary driver of SIEM solution adoption, with general monitoring and compliance serving as secondary drivers. Among U.S. customers, compliance reporting support represents the bare minimum. 

The SIEM market continues to grow, even as more conservative technology adopters turn to these cybersecurity solutions, favoring deployment and operational support. Therefore, larger companies often turn to cloud-based SIEM as a Service. 

First Impressions: 2021 Gartner Magic Quadrant for SIEM

In the 2021 Gartner Magic Quadrant for SIEM, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute (Y-Axis) and their completeness of vision (X-Axis). The graph is divided into four quadrants: Niche Players, Challengers, Visionaries, and Leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways. 

The 2021 Gartner Magic Quadrant for SIEM is the fifteenth iteration of the report; the last report was released in 2020. Gartner introduced the category in 2005—actually, their researchers coined the term SIEM itself. According to Gartner, SIEM combines SEM (monitoring and incident management) and SIM (log management and compliance). 

Gartner included 20 vendors in the report in 2021. Changes in the inclusion and exclusion criteria meant the addition of Elastic, Gurucul, Huawei, Microsoft, Odyssey, Sumo Logic, and Venustech. Meanwhile, AT&T Cybersecurity, HanSight, and SolarWinds were all excluded from this year’s report for various reasons ranging from changes in platform to commercial criteria. All three appear as Honorable Mentions, alongside Devo, Graylog, Logsign, and Netsurion. 

Who’s Where and Why? 

Looking at the 2021 Quadrant, we can see vendors beginning to cluster closer to the center of the chart than ever before; this is especially evident at the line between Niche Players and Visionaries, although many of the Leaders trend closer to the center as well. This could perhaps suggest a growing universality of capabilities; Niche Players are expanding into Visionaries, and Visionaries are finding new channels of specialization. 

At the same time, the entire Challengers Quadrant remains blank. Gartner defines Challengers as having strong execution but limited sets of SIEM capabilities. Its emptiness thus suggests a maturity of the marketplace and solutions therein. 

Looking at the other Quadrants individually, we can see that ManageEngine, Micro Focus, FireEye, and McAfee all reappear in the Nice Players Quadrant this year. According to the report, Niche Players “are primarily vendors that provide SIEM technology that is a good match for a specific SIEM use case or a subset of the SIEM market’s functional requirements.” This year’s inclusions of Elastic, Huawei, Odyssey, and Venustech also appear in this Quadrant. 

Netwitness, an RSA division that replaced Dell from the previous iteration, moved from the Leader’s Quadrant to the Niche Players; in part, this movement appears based on Netwitness being spun out from the Dell Technologies umbrella although Gartner praised its SOC support. Similarly, LogPoint moved Visionaries to the left, possibly because of its limited customer footprint and lack of SaaS options, but Gartner does note its ability to provide for more complex IT environments. 

Again the vast majority of these vendors shift right to the line between their Quadrant and Visionaries. Meanwhile, in the Visionaries Quadrant, Microsoft, Sumo Logic, and Fortinet all appear close to the line on their own side. Gurucul appears as the closest to the Leaders Quadrant, perhaps owing to its strengths in user and identity monitoring capabilities. 

Finally, we come to the Leaders Quadrant featuring LogRhythm, Rapid7, Splunk, Securonix, IBM, and Exabeam. IBM and Splunk both move down and left (Splunk is close to the Challenger), while Exabeam and Securonix move up and right, in Exabeam’s case quite an amount. LogRhythm moves significantly down close to the line between Leaders and Visionaries, whereas Rapid7 moves to the left close to the Challenger line. 

Exabeam receives praise for its long-term, searchable log storage. IBM is noted for its simplified deployment and management of analytics. Securonix’s strengths include its threat intelligence support. Meanwhile, Splunk garners attention for its support for buyers wanting core SOC tools to support existing technology investments. Rapid7’s managed detection and response service help earn its spot among the Leaders. LogRhythm gains attention for its investigation and case management workflow. 

Read the full 2021 Gartner Magic Quadrant for SIEM. You can also read the SIEM Buyer’s Guide from Solutions Review

Ben Canner