What’s Changed: 2022 Magic Quadrant for Security Information and Event Management

Magic Quadrant for Security Information and Event Management

The editors at Solutions Review highlight what’s changed in Gartner’s 2022 Magic Quadrant for Security Information and Event Management (SIEM) and provide an analysis of the new report.

Analyst house Gartner, Inc.’s 2022 Magic Quadrant for Security Information and Event Management has arrived. Gartner defines SIEM as “aggregating the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint and cloud environments.” Capabilities include threat detection through correlation, user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation, and response (SOAR). Security reporting and continuously updated threat content through threat intelligence platform (TIP) functionality are also common integrations. Although SIEM is primarily deployed as a cloud-based service, it may support on-premises deployment.

The general buying market for SIEM is security and risk management leaders in need of a security system of record with comprehensive threat detection, investigation, and response capabilities at an enterprise level.

Gartner highlights the following providers in the SIEM market: Microsoft, IBM, Splunk, Securonix, Exabeam, LogRhythm, Rapid7, Fortinet, Devo, Gurucul, Sumo Logic, Elastic, Micro Focus, ManageEngine, Logpoint, and Huawei.

In this Magic Quadrant, Gartner evaluates the strengths and weaknesses of 11 providers that it considers most significant in the marketplace and provides readers with a graph (the Magic Quadrant) plotting the vendors based on their ability to execute and completeness of vision. The graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways. This is not an in-depth analysis, only an observation of notable changes since the 2021 report.

In the Leaders quadrant, industry-giant Microsoft jumps from the Visionaries quadrant and beams out Exabeam for the top spot, pushed by a rich ecosystem of highly integrated security products and a fast-developing roadmap. IBM maintains its spot with its QRadar platform. Splunk and Securonix trade places. And Rapid7 and LogRhythm both rotated over to the Challenger’s quadrant.

Where 2021 saw no one in the Challengers quadrant, 2022 saw four vendors step up to the challenge. As mentioned before, former leaders LogRhythm and Rapid7 rotated over, in that order, respectively. Fortinet moved over from the Visionaries quadrant with the ever-expanding FortiSIEM platform. And new for 2022 in the Magic Quadrant sees Devo (not that Devo). Early in 2022, Devo achieved “In Process” status for the Federal Risk and Authorization Management Program (FedRAMP) standard and expects to whip into full authorization later in the year.

In the Visionaries, Gurucul and Sumo Logic held their positions. They are joined this year by former Niche Players Elastic with its Elastic Security platform and Micro Focus with its ArcSight platform. With Elastic and Micro Focus out of the Niche circle, ManageEngine and its Log360 move up while LogPoint moves down. Huawei and its HiSec platform hold their spot, while NetWitness, Venustech, FireEye (rebranded as Trellix this year), McAfee, and Odyssey all cleared out.

Read Gartner’s 2022 Magic Quadrant for Security Information and Event Management.

Mike Costello