These providers have recently been named major players in SIEM in 2020 by analyst house Gartner, Inc.
Gartner defines SIEM by “customers’ need to analyze security event data in real-time, which supports the early detection of attacks and breaches. SIEM systems collect, store, investigate, support mitigation and report on security data for incident response, forensics and regulatory compliance.” Additionally, Gartner considers SIEM a mature market, offering few if any predictions about the future of the cybersecurity branch.
The following providers recently received the title of Leader in the Gartner Magic Quadrant for SIEM in 2020. The report, which highlights and scores the top products in the industry, also explores the top capabilities in the market including threat management and compliance. Each provider’s market share and product portfolios differ, which is what makes them interesting to the wider audience of SIEM customers. While niche and emerging vendors can provide enterprise use cases with necessary cybersecurity capabilities, they don’t match the market presence of the major players in SIEM in 2020.
Here, we provide a brief comment about each and links to product details so you can learn more. Note: providers listed below in alphabetical order.
Seven Major Players in SIEM, 2020
Dell Technologies (RSA)
RSA operates under the Dell Technologies umbrella, providing both enterprise endpoint security and SIEM. For SIEM, RSA offers the Netwitness Platform which features log management, user and entity behavior analysis (UEBA), and the Orchestrator component; the latter offers security orchestration, automation, and response (SOAR). The RSA Netwitness Platform offers a multistage analytics engine with modeling capabilities across users and networks.
Exabeam offers a modular security management platform to help analysts collect log data, use behavioral analytics, and automate incident response. Additionally, ti works both on-premises and in the cloud. As one of the major players in SIEM in 2020, Gartner singles out Exabeam for its multi-component solution. This includes a data lake, threat hunter, and a case manager; Exabeam delivers threat intelligence via the cloud.
IBM represents a major player in SIEM and in cybersecurity generally in 2020; they also provide risk management and identity management solutions. For SIEM, IBM receives attention for the QRadar Security Intelligence Platform; this solution includes a vulnerability manager, network insights, and user behavior analytics (UBA). Additionally, IBM offers the Security App Exchange, which enables the download of curated content developed by the provider or third parties.
LogRhythm offers the NextGen SIEM Platform, which includes the XDR Stack for SIEM; additionally, XDR Stack comprises three components for threat detection, analytics, and response. Meanwhile, LogRhythm offers add-ons including UEBA, network monitoring, and system monitoring. Further, LogRhythm offers configuration for large and mid-sized enterprises. The provider offers a cloud-based SIEM offering called LogRhythm Cloud.
Rapid7 provides the Insight Platform for enterprise-level SIEM. InsightIDR represents the core of its SIEM and UEBA offering, but it offers components for vulnerability assessment, SOAR, and log management for IT operations. InsightIDR is a Security-as-a-Service (SaaS) SIEM solution deployed via Amazon Web Services. With its Managed Detection and Response (MDR) service, it offers 24/7 threat monitoring, investigation, and response.
Securonix is one of the major players in SIEM in 2020 for its diversity of options. Its SIEM platform consists of SIEM, Data Lake, UEBA, SOAR, and Threat Intelligence. Recently, Securonix moved to a SaaS SIEM as its standard deployment model, with most customers deploying remote ingestor notes for data collection and cloud transport.
Gartner considers the Splunk Enterprise Security solution as an essential part of its SIEM offering. Also critical are Splunk UBA and Splunk Phantom, the latter solution providers SOAR capabilities to enterprise customers; SOAR automated remediation and mitigation of security events. Splunk Enterprise Security delivers security content and event-monitoring capabilities, including queries and visualizations.
Looking for a SIEM provider? Our SIEM Buyer’s Guide profiles the major players in SIEM in 2020 in detail, along with their key capabilities.
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020