Digital information in 2018 is more akin to a deluge or flash flood than a trickle. A Fortune 500 enterprise’s infrastructure can easily generate 10 terabytes of plain-text data per month. If improperly managed the logs, threat intelligence feeds, forensics, and IAM systems can create such a waterfall of data that many enterprises end up underwater while the pertinent security data floats by and breaches go undetected.
Security Information and Event Management (SIEM) solutions are specifically designed to help enterprises manage the increasing volumes of logs coming from disparate online sources and lessen the damage of sophisticated cyber-attacks by proactively monitoring networks for suspicious activity in real-time. SIEM solutions can also log activity for historical review, enabling administrators to examine past security concerns and look for patterns in attack behavior.
Traditionally, SIEM is deployed primarily for threat management—the real-time monitoring and reporting of activity and access and to help enterprises meet stringent compliance requirements such as HIPAA, PCI DSS, SOX, and more. However, as information security has evolved, so have SIEM capabilities. Today’s SIEM systems are quickly embracing new capabilities such as user and entity behavioral analytics (UEBA), which can help enterprises detect potential threats from both people and programs and eliminate them before they turn into costly breaches.
Today, the SIEM market is mature and full of vendors capable of meeting the basic log management, compliance, and event monitoring requirements of a typical customer. At the same time, it is rapidly turning into a competitive market as more and more companies launch their own SIEM platforms or upgrade their UEBA tools. As we hurtle towards 2018, many companies are gearing up for business in a perilous market, consolidating their platforms and partnerships to compete on a stage that could continue to grow or suddenly shrink with innovations. 2018 has the potential to be a year of upheaval for SIEM, so here are my top six vendors to watch in alphabetical order.
AlienVault’s 2017 was marked by expanding their market and reaching out to new customers. In late November their Unified Security Management (USM) platform became available on the Amazon Web Services (AWS) Marketplace and received the AWS Security Competency, which recognizes technical proficiency and proven customer satisfaction. They also recently partnered with ConnectWise, a business management solutions provider, to offer a new product integration. In addition, the USM platform tied for first place at the Cybersecurity Excellence Award for SIEM Products. These moves could signal that AlienVault is preparing to take the SIEM field by storm next year.
2. Cygilant (formerly EiQ Networks)
September saw the dual announcement from Boston-based EiQ Networks that they had raised $7 million in growth capital and its rebranding to Cygilant to emphasize its commitment to protection. With this windfall investment, they are developing a new Security Operations and Analytics Platform called SOCVue and working on customer acquisition. Cygilant also recently released a vulnerability and patch management subscription service to assist overwhelmed IT departments. These were big steps from a vendor that deliberately positions itself to attract mid-sized to global enterprises, and they could prove the steps that rocket them into the front of the pack in 2018.
The other first place winner at the Cybersecurity Excellence Award for SIEM Products, Maryland-based EventTracker also made Gartner’s Magic Quadrant for SIEM for the tenth year in a row, making 2017 a good year for the vendor in terms of industry recognition. They also launched Security Center 8.3, the latest version of their SIEM platform designed to expand the platform’s threat intelligence and ransomware response in June of this year. 2018 may represent another chance not just for praise but for even greater innovation as the war against hackers escalates.
2017 proved a good year for Colorado-based vendor LogRhythm. They unveiled CloudAI, a cloud-based security add-on subscription to help customers prevent data breaches, in October. The new service features machine learning and self-evolving analytics to better detect user-based threats. LogRhythm received plenty of industry praise in 2017 as well; they won the award for “Best SIEM” by the SANS Institute this year and the Gold place distinction for SIEM in Gartner’s Peer Insights Customer Choice Awards, the result of a committed focus on improving usability. LogRhythm appears to be going into 2018 with plenty of innovation and energy.
A long-time security powerhouse from Massachusetts, RSA is one to watch in any year. Most recently in the realm of SIEM, The Department of Defense placed the RSA NetWitness Suite to their Approved Products List. Given the recent scandals surrounding vendors’ codes on federal computers, this is a prestigious recognition especially because at time of writing they are the only centralized SIEM solution on the list. This could promote their SIEM solution to federal agencies and major corporations, adding to their status and market share in 2018.
In late 2017, Solarwinds went into a flurry of activity. They unveiled the integration of their RMM and Backup Document solutions and the upgraded Cloud Software as a Service portfolio which includes application and infrastructure monitoring. Earlier this year, they announced two new unified network management solutions, which provide fault availability and performance monitoring, as well as bandwidth and traffic monitoring and switch port monitoring. To top it all off, they won the Platinum Award for SIEM at the 2017 ASTORS Homeland Security Awards. These moves might indicate that Solarwinds is centralizing their products to prepare for a 2018 of change and competition.
Is SIEM the right solution for your enterprise’s cybersecurity needs? Detection is fast becoming more important to proper digital security platforms than ever as preventative measures—while still valuable—prove to be unable to intercept 100% of all incoming threats. Reducing attacker dwell time and increasing visibility into your disparate IT environment can be essential to mitigating the damage a threat attack wreaks on your servers.
While SIEM can prove instrumental in fulfilling your regulatory and industrial compliance mandates, it’s greatest asset is its threat management capabilities. The real question why you haven’t selected your SIEM solution today.
Latest posts by Ben Canner (see all)
- The Top Ten Capabilities for AWS SIEM for Enterprises - May 23, 2019
- Forecast: The Gartner 2019 SIEM Magic Quadrant - May 17, 2019
- LogRhythm Releases LogRhythm Cloud—a Cloud-Based SIEM Solution - May 16, 2019