The editors at Solutions Review highlight what’s changed since the last iteration of Gartner’s Magic Quadrant for SIEM and provide analysis of the report.
Technology research giant Gartner, Inc. recently released the 2020 Gartner Magic Quadrant for SIEM. You can download it here. Gartner researchers define SIEM (Security Information and Event Management) by “customers’ need to analyze security event data in real-time, which supports the early detection of attacks and breaches. SIEM systems collect, store, investigate, support mitigation and report on security data for incident response, forensics and regulatory compliance.”
Additionally, in their definition of SIEM, Gartner comments on the need for data aggregation from throughout the enterprise network and normalization of that data for analysis. Moreover, SIEM works to facilitate security monitoring, user activity monitoring, and compliance.
In the 2020 Gartner Magic Quadrant for SIEM, Gartner notes that threat management (detection and response particularly) drives the majority of adoptions; businesses with limited cybersecurity resources find SIEM’s threat management attractive to larger clients or partners. Meanwhile, compliance drives some adoption but enterprises weigh it as more of a benefit rather than a core focus.
Gartner’s researchers do consider the SIEM market as competitive and mature; they note enterprises continue to seek external service support or managed services for their SIEM; the cybersecurity staffing crisis contributes to an atmosphere of uncertainty around SIEM deployment and maintenance.
In fact, one of the few predictions Gartner offers in the report concerns this emphasis on managed services. According to them, managed security services will continue to grow as the need for continual and constant monitoring becomes widespread.
Otherwise, this report largely focuses on the SIEM as it stands currently, offering almost no predictions for the future of the market. Instead, the report explores the three major use cases of SIEM deployment and provides some potential criteria for selecting a SIEM solution. These include budget, scale, and product complexity.
In the 2020 Gartner Magic Quadrant for SIEM, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute (Y-Axis) and their completeness of vision (X-Axis). The graph is divided into four quadrants: Niche Players, Challengers, Visionaries, and Leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways.
The 2020 Gartner Magic Quadrant for SIEM is the fourteenth iteration of the report; the last report was released in 2018. Gartner introduced the category in 2005—actually, their researchers coined the term SIEM itself. According to Gartner, SIEM combines SEM (monitoring and incident management) and SIM (log management and compliance).
Finally, Gartner named 16 vendors to the SIEM Magic Quadrant in 2020; however, Gartner does mention several vendors that didn’t quite make the inclusion criteria this year including Huntsman Security and Lookwise. This year’s inclusion criteria allowed FireEye and HanSight to enter as Niche Players. However, the changes in the revenue or geographic presence criteria excluded BlackStratus, Netsurion-EventTracker, and Venustech.
The 2020 Gartner Magic Quadrant for SIEM is, in essence, a tale of two quadrants—Niche Players and Leaders. This year, no vendor received the title of Challenger. Micro Focus, the previous singular challenger in the last SIEM report, instead moved down and to the left into the Niche Players Quadrant. Gartner praises its out-of-the-box compliance use cases. In the report, Gartner notes that the maturity of the market caused the number of Challengers to dwindle.
Meanwhile, only LogPoint (formerly a Niche Player) placed in the Visionaries Quadrant, moving significantly to the right in Completeness of Vision. Researchers note its native multitenant infrastructure through a federated model and its SaaS-delivered user and entity behavior analysis (UEBA). Visionaries are defined as providing strong functional products that have a lower Ability to Execute.
However, throughout the SIEM Magic Quadrant Gartner does evaluate solutions based on their SOAR capabilities, which may indicate SOAR as a future inclusion criterion. Perhaps it may push vendors into the Challenger and Visionaries Quadrants in later reports.
FireEye, AT&T Cybersecurity, McAfee, Fortinet, HanSight, ManageEngine, Micro Focus, and SolarWinds all appeared in the Niche Players Quadrant. Note that Gartner does not consider Niche Players as lesser than Leaders; instead Niche Players “provide SIEM technology that is a good match with a specific SIEM use case or a subset of SIEM functional requirements.”
In fact, Gartner strongly praises the Niche Players and their capabilities. For example, SolarWinds offers a do-it-yourself approach and out-of-the-box repository of threat detection rules. ManageEngine’s Log360 solution supports the automatic discovery of Syslog devices. Fortinet offers native, out-of-the-box compliance packages with powerful asset discovery features.
Additionally, McAfee offers bidirectional integrations for automated responses and a broad portfolio of security operation solutions. AT&T Cybersecurity provides strong integrations and frequently updated detection content. Meanwhile, FireEye offers a Managed Detection and Response with 24/7 monitoring and an extensive, open API. Finally, HanSight offers technologies that facilitate core SIEM functions.
In terms of actual movement, the majority of vendors moved closer together, almost forming a cluster. ManageEngine moved up while SolarWinds moved slightly more to the right. Fortinet moved slightly to the left and AT&T Cybersecurity (formerly AlienVault) moved down. The biggest movement came from McAfee dropping from the Leaders Quadrant into the Niche Players.
That leaves the seven Leaders in the 2020 Gartner Magic Quadrant for SIEM: Splunk, LogRhythm, Dell Technologies (RSA), Rapid7, Securonix, Exabeam, and IBM. For vendor movements, RSA moved down, now resting just on the line above the Visionaries Quadrant. Its RSA NetWitness Platform offers a multistage analytics engine.
Also, Gartner praised LogRhythm for its extensive range of compliance reports across industries and regulations worldwide. Moreover, LogRhythm gained attention for its “strong set of options for running its core SIEM solution, including physical hardware, software…and SaaS.”
Meanwhile, Securonix and Exabeam both moved up, although Exabeam moved more to the left and Securonix more to the right. Exabeam offers Smart Timelines to support newer SIEM users via machine learning, whereas Securonix offers advanced obfuscation features, with role-based access control (RBAC) workflows.
The top highest Leaders, Splunk and IBM, also had slight movements; Splunk moved leftward and IBM more up. IBM offers strong security event data collection capabilities, while Splunk received praise for its multiple delivery options.
The biggest movement hails from Rapid7, the previous sole member of the Visionaries Quadrant. It moved significantly into the Leaders Quadrant; Gartner cited its federated identity management support and endpoint protections.