What’s Changed: 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM)

The editors at Solutions Review highlight what’s changed in Gartner’s 2024 Magic Quadrant for Security Information and Event Management (SIEM) and provide an analysis of the new report.
Analyst house Gartner, Inc.’s 2024 Magic Quadrant for Security Information and Event Management has arrived. Gartner defines SIEM as “aggregating the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint, and cloud environments.” Capabilities include threat detection through correlation, user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation, and response (SOAR). Security reporting and continuously updated threat content through threat intelligence platform (TIP) functionality are also common integrations. Although SIEM is primarily deployed as a cloud-based service, it may support on-premises deployment.
What’s Changed: 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM)
The general buying market for SIEM is security and risk management leaders in need of a security system of record with comprehensive threat detection, investigation, and response capabilities at an enterprise level.
Gartner highlights the following providers in the SIEM market: Splunk, Microsoft, IBM, Securonix, Exabeam, Sumo Logic, Rapid7, Fortinet, Gurucul, Google, Devo, Elastic, OpenText, LogRhythm, Logpoint, Huawei, ManageEngine, Venustech, NetWitness, Odyssey, QAX, and Logz.io.
In this Magic Quadrant, Gartner evaluates the strengths and weaknesses of 11 providers that it considers most significant in the marketplace and provides readers with a graph (the Magic Quadrant) plotting the vendors based on their ability to execute and completeness of vision. The graph is divided into four quadrants: Leaders, Challengers, Visionaries, and Niche Players. At Solutions Review, we read the report, available here, and pulled out the key takeaways. This is not an in-depth analysis, only an observation of notable changes since the 2023 report.
Leaders
The Leaders quadrant saw most of its tenants from last year maintain their same spot, with the exception of Splunk, who, instead, claimed the top of the quadrant for themselves. Splunk is joined by returning Leaders Microsoft, IBM, Securonix, and Exabeam. Splunk’s Enterprise Security application is delivered either on-premises or via SaaS. Splunk offers pricing flexibility based on either daily ingest, or on cloud workloads, known as Splunk Virtual Compute. The majority of Splunk’s clients are larger North America-based enterprise organizations. With Cisco completing its acquisition of Splunk back in March, it will be interesting to revisit this quadrant again in 2025.
Challengers
The new top Challenger this year is former Visionary Sumo Logic. They are joined by returning Challengers, Rapid7 and Fortinet, while Devo moves over to the Visionaries quadrant. Sumo Logic Cloud SIEM Enterprise, is delivered as a SaaS-only solution as part of its SaaS log analytics platform. Licensing Cloud SIEM Enterprise is subscription-based (with pricing based on data ingestion) or credit-based(with credits being used to enable specific resource usage, such as for occasional search or continuous analytics), with tiering and packaging options. Sumo Logic’s customer base is a mix of small, midsize and enterprise customers, with the majority based in North America; however, it has a growing presence in Europe, Latin America and Asia/Pacific.
Visionaries
In the Visionaries quadrant, Gurucul holds the top position of the quadrant, while Elastic moves down to make room for Google and Devo. Micro Focus is now a part of OpenText, and they hold their position in the quadrant. Gurucul’s next-gen SIEM offers UEBA, identity analytics, fraud analytics, network analysis and SOAR. Gurucul offers flexible pricing options including all-inclusive per-asset/user pricing, ELAs, module-based, data volume/EPS-based pricing, and platform-based pricing. The extensive use of analytics for building risk-based behavioral detections should appeal to enterprise clients requiring complex or fraud-based detections. Gurucul’s customer base is composed primarily of large enterprises based in North America, EMEA, and APAC.
Niche Players
The Niche Players saw the most changes this year. ManageEngine saw themselves moving down a few spaces in the quadrant, while LogPoint and Huawei maintained their positions. New Niche Players this year include former Challenger LogRhythm, Venustech, NetWitness, Odyssey, QAX, and Logz.io; with LogRhythm claiming the top of the quadrant. LogRhythm has three platforms in the SIEM category: LogRhythm SIEM includes several add-on components to deliver endpoint, network and UEBA capabilities; LogRhythm Cloud is a cloud-hosted version of SIEM; and LogRhythm Axon is a cloud-native SIEM platform. Licensing is available on a perpetual or subscription basis (messages per second per day)or an unlimited basis (priced by the number of identities) for the self-hosted option. LogRhythm Cloud is licensed by messages per second and terabytes of online storage. LogRhythm Axon is licensed by daily ingest rate and days of searchable data. The majority of its customers are in North America and Europe. Customers are both large enterprises and midsize customers.