{"id":347,"date":"2016-03-11T13:43:11","date_gmt":"2016-03-11T17:43:11","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=347"},"modified":"2018-02-23T11:33:36","modified_gmt":"2018-02-23T15:33:36","slug":"three-takeaways-from-gartner-siem-critical-capabilities","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/","title":{"rendered":"Three Big Takeaways From Gartner’s 2015-2016 SIEM Critical Capabilities Report"},"content":{"rendered":"

\"GartnerSIEMCritcapa\"<\/a>Analysis and research firm Gartner, Inc. recently\u00a0released its latest Critical Capabilities Report for Security Information and Event Management (SIEM), available to download here<\/a>.<\/p>\n

In the 2015-16\u00a0version of their Critical Capabilities report for SIEM, Gartner takes the 13 vendors that it considers most significant in the SIEM market and evaluates the strengths and weaknesses of those vendors against \u2018critical capabilities\u2019 and use cases for SIEM. Gartner does not endorse any vendor, product, or service depicted in its research publications.<\/p>\n

The 13 vendors featured in the report are, in alphabetical order, AccelOps, AlienVault, BlackStratus, EMC (RSA), EventTracker, HP (ArcSight), IBM Security (QRadar), Intel Security (McAfee), LogRhythm, Micro Focus (NetIQ), SolarWinds, Splunk, and Trustwave.<\/p>\n

This is the seventh iteration of the report, which Gartner first introduced way back in 2008<\/a>, and it comes at a turbulent time for the SIEM market, which stands at a crossroads between traditional, full-blown SIEM solutions, and newer, big-data analytics focused solutions such as Splunk.<\/p>\n

I\u00a0read the 17 Page report, available for download here<\/a>, and pulled the three most important takeaways and key market indicators. But first, let\u2019s get a couple of definitions out of the way\u2026<\/p>\n

\u00a0So what are Critical Capabilities, Exactly?\u00a0<\/strong><\/p>\n

This one is pretty straightforward: Gartner defines Critical capabilities as \u201cattributes that differentiate products\/services in a class in terms of their quality and performance.\u201d<\/p>\n

For SIEM, those critical capabilities are\u00a0real-time monitoring, threat intelligence, behavior profiling, data and user monitoring, application monitoring, analytics, log management and reporting, and deployment\/support simplicity. Those capabilities are evaluated across three use cases: compliance, threat management,\u00a0and SIEM.<\/p>\n

Gartner rates each vendor\u2019s product or service on a five-point \u00a0scale in terms of how well it delivers each capability.<\/p>\n

Before jumping in, we should probably clarify exactly what Gartner analysts mean when they talk about SIEM.<\/p>\n

How Gartner Defines SIEM<\/strong><\/p>\n

Gartner Analysts Mark Nicolett and Amrit Williams coined the term SIEM way back in 2005, and though the infosec market has changed a lot since then, the definition of SIEM has remained fairly constant. In this report, Gartner defines an SIEM solution as technology that \u201caggregates event data produced by security devices, network infrastructures, systems, and applications.\u201d<\/p>\n

SIEM technology primarily deals with log data, but can also process other forms of data, including NetFlow and network packet, says Gartner. \u201cThe data is normalized, so that events, data and contextual information from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring, and compliance reporting.\u201d<\/p>\n

Simply put, SIEM allows real-time monitoring of security events, analytics, and historical analysis for incident investigation and compliance reporting.<\/p>\n

So now that we understand the evaluation criteria, as well as the subject being evaluated, let\u2019s see who came out on top.<\/p>\n

LogRhythm, Splunk, and IBM Top the Charts<\/strong><\/p>\n

LogRhythm, Splunk, and IBM Security (QRadar) came out on top of the charts in Gartner\u2019s use case comparison metrics, with average scores of 4.04, 3.87, and 3.83, respectively.<\/p>\n

That\u2019s no surprise for those of us following the SIEM and security analytics markets closely\u2014Gartner placed all three of these vendors in the leaders quadrant of the 2015 SIEM Magic Quadrant report, and LogRhythm and Splunk have made significant inroads in the market as of late.<\/p>\n

LogRhythm was singled out as \u201coptimal for organizations that require balanced SIEM capabilities combined with endpoint and network monitoring to support security operations and compliance use cases,\u201d while Gartner notes that Spunk has earned \u201chigh visibility on SIEM shortlists\u201d with the Splunk App for Enterprise Security.<\/p>\n

For their part, IBM has maintained its position as a leader of the pack in the SIEM market, even while smaller, more agile companies nip at its heels. IBM\u2019s QRadar solution earned Gartner\u2019s praise for its ability to \u201csupport a wide set of threat management and compliance use cases for modest as well as large-scale deployments.<\/p>\n

SIEM Use Case Shifts to Threat Monitoring<\/strong><\/p>\n

One of the most interesting aspects of this report is the analysts\u2019 observation of an industry-wide, seemingly\u00a0seismic shift in SIEM use cases from compliance to threat monitoring.<\/p>\n

In the past, says Gartner, \u201cthe driver for many SIEM deployments has been satisfying regulatory requirements.\u201d But today, Gartner\u2019s analysts note a \u201cstrong shift in focus in the client base to threat monitoring in the past year,\u201d with compliance now playing second fiddle.<\/p>\n

This change in focus makes sense\u2014data breaches have become commonplace, and they\u2019re often high profile embarrassments with extensive legal ramifications for the targeted organization. What\u2019s more, it takes an average of 206 days<\/a>\u00a0for an organization to detect a breach\u2014a totally unsustainable number that has many CISOs running scared.<\/p>\n

With their increasing monitoring capabilities and the capability to deal with more data than ever, modern SIEM tools are giving organizations a welcome opportunity to improve threat detection. Which brings us to our next point of observation\u2026<\/p>\n

Here Comes the Big Data (Again)<\/strong><\/p>\n

Just as in the SIEM Magic Quadrant report, Big Data is sort of the elephant in the room (or in the .PDF, if you will).<\/p>\n

Data correlation\u2014the collection of event data in near real-time to enable immediate analysis\u2014is an essential function fo any decent SIEM solution, and solutions with a big data background have an obvious expertise in that field. Additionally, many businesses are already using big data vendors for Business Intelligence applications, which makes them top-of-mind for additional security use cases.<\/p>\n

Traditional SIEM vendors are taking note\u2014some vendors, such as IBM, HP, and RSA, are now developing or deploying SIEM integrations with their big data technologies, others, such as Intel Security, have already integrated such capabilities, sometimes with third party vendors.<\/p>\n

With big data vendors such as Splunk muscling into the SIEM shortlist, and competitors adapting quickly, it\u2019s not a long shot to say that we\u2019ll be talking about this for a while.<\/p>\n

Want more? You can download the report in full here.<\/a><\/i><\/p>\n


Widget not in any sidebars
<\/p>\n
Widget not in any sidebars
\n","protected":false},"excerpt":{"rendered":"

Analysis and research firm Gartner, Inc. recently\u00a0released its latest Critical Capabilities Report for Security Information and Event Management (SIEM), available to download here. In the 2015-16\u00a0version of their Critical Capabilities report for SIEM, Gartner takes the 13 vendors that it considers most significant in the SIEM market and evaluates the strengths and weaknesses of those […]<\/p>\n","protected":false},"author":24,"featured_media":253,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1,43],"tags":[14,114,13,36,73,41,42,24],"acf":[],"yoast_head":"\nThree Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report<\/title>\n<meta name=\"description\" content=\"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Three Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report\" \/>\n<meta property=\"og:description\" content=\"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-11T17:43:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-23T15:33:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Edwards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/\",\"name\":\"Three Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg\",\"datePublished\":\"2016-03-11T17:43:11+00:00\",\"dateModified\":\"2018-02-23T15:33:36+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"description\":\"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg\",\"width\":1024,\"height\":640},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Three Big Takeaways From Gartner’s 2015-2016 SIEM Critical Capabilities Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Three Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report","description":"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/","og_locale":"en_US","og_type":"article","og_title":"Three Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report","og_description":"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2016-03-11T17:43:11+00:00","article_modified_time":"2018-02-23T15:33:36+00:00","og_image":[{"width":1024,"height":640,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg","type":"image\/jpeg"}],"author":"Jeff Edwards","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/","name":"Three Big Takeaways From Gartner's 2015-2016 SIEM Critical Capabilities Report","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg","datePublished":"2016-03-11T17:43:11+00:00","dateModified":"2018-02-23T15:33:36+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"description":"The 2015-2016 SIEM Critical Capabilities report is out. Here are the three biggest takeaways from Gartner's 17-page report.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2015\/12\/GartnerSIEMCritcapa.jpg","width":1024,"height":640},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/three-takeaways-from-gartner-siem-critical-capabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Three Big Takeaways From Gartner’s 2015-2016 SIEM Critical Capabilities Report"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/347"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=347"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/347\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/253"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}