What’s Changed? The Gartner 2018 SIEM Magic Quadrant

What’s Changed? The Gartner 2018 SIEM Magic Quadrant

It’s here at last: technology analysis and research firm Gartner, Inc. has released their 2018 SIEM Magic Quadrant Report. In this report, Gartner evaluated the strengths and weaknesses of the 17 Security Information and Event Management (SIEM) solution providers it considers the most significant in the market. They base their findings on distinct service and market share criteria. The report is available here courtesy of LogRhythm. 

Gartner’s researchers take their findings on each vendor and use them to create their proprietary Magic Quadrant graph. This graph plots the SIEM solutions providers based on the completeness of, and their ability to execute on, their security platform’s capabilities and vision. The four categories of the Quadrant are labeled as Leaders, Visionaries, Challengers, and Niche Players. Despite the labels, Gartner explicitly states it does not endorse any vendor, product, or service depicted in its research publications.

The 17 vendors selected to the 2018 SIEM Magic Quadrant are AlienVault, BlackStratus, Dell Technologies (RSA), Exabeam, Fortinet, IBM, LogPoint, LogRhythm, ManageEngine, McAfee, Micro Focus, Netsurion-EventTracker, Rapid7, Securonix, SolarWinds, Splunk, and VenusTech.

The 2018 SIEM Magic Quadrant is the thirteenth iteration of the report, which Gartner first introduced in 2005; their researchers coined the name SIEM for the category. Since then, Gartner witnessed the maturation and increasing competitiveness of the SIEM market. Even enterprises with limited cybersecurity resources have begun to deploy SIEM solutions. Gartner notes SIEM’s market growth to over $2 billion in 2017 as a direct result of this increased adoption rate.  

Gartner states in its opening lines of their report “security and risk management leaders increasingly seek SIEM solutions with capabilities that support early targeted attack detection and response.” This hints at the key reasons for its widespread adoption.

What does Gartner predict for the future of SIEM? Which vendors made it to the Leader Quadrant, and why? What capabilities does Gartner consider the most essential for SIEM?

The editors of Solutions Review read through the Gartner 2018 SIEM Magic Quadrant, available here courtesy of LogRhythm. Here’s what we learned.

A Steady Definition of SIEM

One of the first steps to any Gartner Magic Quadrant analysis is to understand how Gartner defines the market space in question.

However, Gartner did not radically change its market definition for the 2018 SIEM Magic Quadrant. According to their researchers, Gartner defines SIEM “by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.”

Gartner does elaborate on their definition by stating SIEM must aggregate event data generated by a variety of sources, especially data produced by security devices and network infrastructure. SIEM should then, according to researchers, combine this log data with contextual information to detect threats and normalize it for specific analysis.

In order for Gartner’s researchers to consider a vendor for the 2018 SIEM Magic Quadrant, the vendor must meet certain conditions and criteria both technical and market-related.

These criteria include:

  • A SIEM revenue of at least $18 million.
  • Support for data capture from heterogeneous data sources.
  • Delivery to the customer environment as a software-or-appliance-based product or as-a-service.  

Who is in the 2018 SIEM Magic Quadrant?

Gartner readjusts its Magic Quadrant evaluation criteria, usually in response to market changes, each year. Therefore, vendors who appeared in the MQ report one year may not return for the next one. By the same token, vendors who once did not make the cut in a previous report may find themselves on the next iteration.  

Gartner’s states in its report that a vendor’s appearance or disappearance from the quadrant is not a reflection of a change in quality or in opinion, but simply a result of market changes and updated inclusion criteria.      

LogPoint made the cut for the 2018 SIEM Magic Quadrant, having met all of Gartner’s inclusion criteria.

By the same token, three vendors who previously appeared did not meet the inclusion criteria in this year’s report. Gartner excluded Trustwave and FireEye, as both vendors shift focus from SIEM to managed services and platforms. In addition, Micro Focus (NetIQ) Sentinel lost Gartner’s coverage as the vendor focuses on its ArcSight product instead.

Many More Leaders in SIEM

Of the 17 vendors selected to the 2018 SIEM Magic Quadrant, Gartner placed about half of them in the Niche Players Quadrant. According to Gartner, these vendors offer SIEM solutions best suited to narrowly focused markets or use cases.  

Only one vendor received the title of Challenger, which is defined as proving capable of executing their vision while not possessing a full suite of SIEM capabilities. Simultaneously, one vendor received the title of Visionary, which is defined as having a full suite of capabilities but proving limited in their ability to execute. Gartner states the limited number of Challengers and Visionaries indicates a maturing market.  

Therefore, this year Gartner named seven vendors to the Leader Quadrant—nearly double the number from last year:

  • Splunk is lauded for its strong integration environment and its PII security capabilities.
  • IBM receives mention for its support for network data monitoring and value-added integrations.  
  • Gartner picks LogRhythm for its ease of deployment and use, noting its UX and UI elements.
  • Gartner selects Dell Technologies (RSA) for its support of enterprise-level advanced threat detection with SIEM capabilities.
  • Exabeam’s granular role-based data and workflow capabilities receive praise.
  • McAfee garners praise for its UEBA/analytics offerings and its leveraging of big data technologies.
  • Securonix places for its flexible delivery models and its data management capabilities.  

What Does It All Mean?

Threat detection, log management, and security event correlation are only going to become more important. Enterprises must prepare for the new reality of cybersecurity. The digital perimeter is only one layer of a robust platform.

If enterprises don’t make these adjustments, they may find themselves in the headlines for the worst possible reasons.

You can download the full 2018 SIEM Magic Quadrant here, courtesy of LogRhythm.

 

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *