As part of our ongoing coverage of the Security Information and Event Management—SIEM—market, we try to keep a close eye on the numerous and distinct solution providers that comprise this oft-confusing but essential sector of the cybersecurity world. The key word here is distinct. This may not surprise enterprises looking for the right solution for them, but no two SIEM vendors offer exactly the same products and services—each has their own strengths and weaknesses, sizes and focuses. While it’s natural for the latest innovations and gadgets to take up the most of our collective attention, there also needs to be a recognition of the pillars of the markets.
The following providers have recently been named Leaders in Gartner’s 2017 Magic Quadrant for Security Information and Event Management (SIEM) Solutions (the 2018 version is available here). While each company’s market share differs, these tools shape the foundation of the SIEM market according to Gartner. Their report suggests that the success these vendors achieved over time serves as an inspiration and benchmark for new vendors entering the SIEM field. These providers stand out as cornerstones in the market, offering tools for a wide variety of use cases, and thus in Gartner’s report are worthy of the Leader title.
The 4 Leaders Gartner named in their SIEM Magic Quadrant report are:
Splunk offers their Security Intelligence Platform, composed of Splunk Enterprise, Enterprise Security, and Splunk User Behavior Analytics (UBA). Their products provide use-case-agnostic data analysis and prepackaged security-specific queries, visualizations, and dashboards. Splunk released performance and usability enhancements for their products over the course of 2017.
LogRhythm provides core SIEM capabilities via their Threat Lifecycle Platform and various optional add-ons. Their solution’s components can be run individually or in tandem with one another depending on need. LogRhythm made significant usability improvements across their functions and features in 2017. Their solution can be deployed as software or as physical or virtual appliances.
IBM offers the QRadar Security Intelligence Platform, which comes with components for complementary security monitoring and operations including log management. QRadar can be deployed on-premises, via distributed architecture, as-a-service on the cloud, or co-managed with IBM Managed Security Services. Event Collectors and Event Processors count among their solution’s core components.
McAfee has recently become independent after being under the umbrella of Intel Security. They now offer their Enterprise Security Manager for core SIEM functionality. Their Event Receiver product provides real-time security event analytics and the Enterprise Log Search product offers log search functionality. McAfee licenses their solution as a perpetual model.
SIEM is seeing a broadening appeal as its focus shifts from compliance to threat management. Detection is fast becoming the cybersecurity paradigm, and SIEM can provide greater visibility into disparate enterprise IT environments. Preventive measures are important, but they can’t hope to stop 100% of all incoming digital threats. You owe it to yourself and to your enterprise to start investigating SIEM solutions and finding the right one for your use case. The Gartner SIEM Magic Quadrant is one place to start.
You can read the full 2018 Gartner SIEM Magic Quadrant report here. You can also check out our 2018 SIEM Buyer’s Guide for more information.
Latest posts by Ben Canner (see all)
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019
- The 11 Top Enterprise Threat Intelligence Platforms of 2019 - October 9, 2019