Is the Cybersecurity and SIEM Market Oversaturated? A Critique

SIEM market oversaturated?

Help Net Security today posted an article titled “Are there too many cybersecurity companies?” written by Ken Elefant, Managing Director at Sorenson Capital. You can read the full article here.

Ken makes quite a few assertions about the cybersecurity and SIEM market in his article, many of which we agree with; more CEOs will lose their jobs as a result of high-profile security breaches, and that changing architecture such as in container programs will create new surface areas needing digital protection. However, the main thrust of the article is what caught our attention:

“As companies struggle against the rapid expansion of attack surfaces and increasingly sophisticated attacks, there are over 200 threat analysis and protection vendors in network security alone that have raised capital. But unless these vendors cover one of those new attack surfaces and are well-integrated into the overall process management of an enterprise, they are not helping CISOs.”

According to Ken, he spoke to several CISOs and discovered that they have deployed an average of 80 security solutions for their respective enterprises.

Now, this article appears to be more anecdotal and opinion-oriented than statistically and scientifically focused. Ken doesn’t offer evidence beyond his conversations. In our own findings enterprises’ cybersecurity budgets have proven insufficient or non-existent, so enterprises deploying a plethora of cybersecurity solutions strikes us as outlier examples.   

But the idea that the cybersecurity or specifically SIEM market is oversaturated seems incorrect to us, and so we must politely disagree with Ken. That there is so much competition indicates that the market is in fact healthy and thriving. To us, it means there is a constant push for innovation, study, and evolution in the field that wouldn’t exist if only a few solutions providers dominated the cybersecurity or SIEM market. Competition is the opposite of stagnation, in other words, which is good: stagnation is what hackers are counting on.

The problem that Ken discusses—of enterprises deploying dozens of solutions at once—doesn’t strike us as an issue with the cybersecurity or SIEM market. Instead, it seems to us a problem with enterprises’ research and self-evaluation processes. Selecting the right cybersecurity or SIEM solution is not a matter of throwing darts at a board or trying out a whole bunch of them at once. That will leave enterprises with significant integration issues and security holes that lay out the welcome mat for hackers.

CISOs need to coordinate with their board of directors and their IT security teams to determine their digital security priorities, needs, and policies. It needs to be done cautiously and after great preparation so that whatever solution selected is deployed and managed properly.

If you’ll forgive a little self-promotion, this is why we wrote the SIEM Buyer’s Guide the way we did. It is not only meant to give enterprises a sense of the SIEM market (although it certainly does that) but also to prompt them to consider where they are weakest and where they need more protection. We ask enterprises directly if they can manage an SIEM solution, if they might need a log management solution instead, and how a solution would fit with their budget.  

In summation, we feel that oversaturation isn’t the problem in the cybersecurity and SIEM market. The problem may be enterprises’ lacking the information they need to make a clear decision—a problem we as an industry do need to take steps to correct.

 

Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *