Forecast: The Gartner 2019 SIEM Magic Quadrant

Forecast: The Gartner 2019 SIEM Magic Quadrant

Every year, cybersecurity technology professionals from around the world wait on bated breath for the arrival of each Gartner Magic Quadrant report. Gartner released the 2018 SIEM Magic Quadrant in December of last year. Now, we wait for the arrival of the 2019 SIEM Magic Quadrant.

Only Apple’s keynote speeches generate as much hype in the tech world as these reports. Cybersecurity professionals base much of their solution research and purchasing decisions on Gartner’s annual marketplace analyses. Their proprietary research methodology offers great insight into each technology subcategory; in fact, many consider the Magic Quadrant Gartner’s premier report in each cybersecurity marketplace.

Obviously, cybersecurity specialists can’t sit around merely waiting for the 2019 SIEM Magic Quadrant. Hackers continue to refine their cyber attacks; each new iteration becomes more sophisticated, more capable of concealing itself in your network and penetrating your digital perimeter. Above all, IT professionals must understand what SIEM capabilities and priorities they should prioritize.

Therefore, with the Gartner 2019 SIEM Magic Quadrant still months away, we decided to share our own predictions; we share educated guesses on the content of the report and how the market may evolve.

For the sake of clarity, we base our predictions on Gartner’s definition of SIEM; in turn, they define SIEM “by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.”

Here are our predictions:

Patch Management in the 2019 SIEM Magic Quadrant

Recent studies indicate enterprises struggle with their digital vulnerability management, which leaves themselves weak to external cyber attacks. According to Balbix and the Ponemon Institute:

  • 67% of cybersecurity professionals bemoan a lack the time and resources to mitigate all of their digital vulnerabilities.
  • 59% say they have ineffective vulnerability programs.
  • 15% say patching efforts prove highly effective.

Frequently, enterprises become overwhelmed by hundreds if not thousands of systems they must manage and patch. Yet each unpatched component creates a new gateway for hackers and increases the chances of a security event. Often, SIEM solutions offer patch management capabilities to help enterprises identify their vulnerabilities and correct them.   

Therefore, we believe Gartner shall incorporate patch management as a high-priority criterion in their 2019 SIEM Magic Quadrant. Without it, enterprises can’t possibly understand their network enough to know where to deploy their SIEM solution. Moreover, with patch management on hand businesses can help IT security teams prioritize their upgrades and updates; these contain vital security threat intelligence but can otherwise disrupt business processes if not properly managed.

More Cloud in the 2019 SIEM Magic Quadrant

Indeed, few technology innovations impacted the course of business processes as much as the cloud. The promise of the cloud offers faster communications, greater collaboration, and a more profitable bottom line. Conversely, cloud infrastructure also creates new security vulnerabilities which enterprises can’t simply patch.

In fact, transitioning to the cloud results in highly obscured areas of the network and a more porous digital perimeter. It generates new threats and opens the door to more lateral threat movement.

Thus, the 2019 SIEM Magic Quadrant shall most likely heavily weigh cloud capabilities in their criteria. After all, SIEM solutions can’t possibly stand on the front lines of the next generation without cloud consideration; this is similar to how EDR now defines the endpoint protection platforms in their respective Magic Quadrant report.

Additionally, visibility should greatly alter the landscape of the new Gartner Magic Quadrant. SIEM solutions must prioritize insights into business networks as they scale and incorporate new technologies. Without visibility, the information aggregated and normalized by SIEM capabilities won’t reflect the digital reality businesses face every day.

More Consistent Alerting?

One consistent problem continues to plague SIEM solutions worldwide: alerting. Of course, SIEM and security analytics rely on alerting as a key capability; after normalizing the data and correlating its security events, solutions send security alerts to IT teams for investigation. In the best case scenarios, cybersecurity professionals can detect and mitigate the damage of a data breach or dwelling threats.  

However, many SIEM solutions send too many security alerts to enterprise teams. Often, the SIEM solution can’t distinguish between normal behaviors and security events, leading to false positives. While enterprises can adjust their solution’s correlation rules to blunt these, this takes time and resources.

Meanwhile, false positives can overwhelm IT security teams regardless of their tools; so many alerts bury legitimate leads in garbage and burns out professionals. How can they expect to find what they need under all the irrelevant warnings?

Most likely, Gartner will weigh how solutions generate security alerts in their 2019 SIEM Magic Quadrant; providers working to curtail their false positive rates and simplify their correlation rule maintenance might receive greater placement in the report.

Above all, Gartner will most likely consider how providers modify their solutions to overcome the perception of SIEM as overcomplicated and unmanageable. Too many enterprises neglect their SIEM and analytical cybersecurity. The 2019 SIEM Magic Quadrant could serve as the first step to changing that.

We’ll be sure to report on the Gartner 2019 SIEM Magic Quadrant when it arrives! In the meantime, you should check out our 2019 SIEM Buyer’s Guide. It provides your enterprise with the profiles and key capabilities of the major market players and our Bottom Line for each!

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner