How to Use Gartner’s SIEM Magic Quadrant and Critical Capabilities Reports

Gartner is one of the biggest voices in enterprise technology— they’re generally the first source consulted when it comes to evaluating enterprise IT solutions, and enterprise security information and event management (SIEM) is no exception. But while the Gartner Magic Quadrant for SIEM is a great way to find out who the top enterprise SIEM contenders are, it doesn’t give a particularly in-depth analysis behind what each solution offers and how they perform across different industries.

There are a few other Gartner resources out there that act as companions to the Magic Quadrant, one of them being the Critical Capabilities for SIEM. The Gartner Critical Capabilities reports are relatively new, but they offer a more nuanced look at where these solutions excel and where some fall out of contention.

While the Magic quadrant is great for identifying which vendor is on top in terms of market share and generalized capabilities, the Critical Capabilities Report give a more definitive take on who’s on top consistently and why they are there.

Gartner defines Critical capabilities as “attributes that differentiate products/services in a class in terms of their quality and performance. For SIEM, that means real-time monitoring, threat intelligence, behavior profiling, data and user monitoring, application monitoring, analytics, log management and reporting, deployment/support simplicity, and use cases (compliance, threat management, SIEM).

Gartner rates each vendor’s product or service on a five-point (five points being best) scale in terms of how well it delivers each capability.

Critical Capabilities reports include comparison graphs for each use case, along with in-depth descriptions of each solution based on the various points of comparison.

Additionally, buyers looking for a straight forward, side-by-side comparison of what each solution provides should check out the new 2016 Solutions Review SIEM Buyer’s Guide to get a little more background information on today’s top 24 SIEM providers.

I advise starting with the Magic Quadrant to make a shortlist of the top-ranked solutions in mind, then using the Solutions Review Buyer’s Guide to figure out which SIEM components each solution provides and what key features they offer. From there, decide which capabilities are important to you and consult the Critical Capabilities Report to eliminate solutions that don’t have the capabilities you need.

Together, these three documents can cut a lot of time and effort out of the decision-making process, letting buyers skip tedious internet searches and research on solutions that will never meet their needs.