Last week Gartner published its 2018 Magic Quadrant for Security Information and Event Management (SIEM). As in past years, the report supports the steady evolution of SIEM technology and the growing demand from customers for simple SIEM functionality with an architecture built to scale that meets both current and future use cases.
So how do we interpret from Gartner what it means to be a SIEM leader in 2018? Based on a quick dissection, the main characteristics of a leading SIEM tool are centered around innovation in early threat detection, adaptation to customer environments and strong market presence.
What Separates a SIEM Leader From the Rest of the Market?
The first element, early detection via analytics — more clearly stated as efficacy in threat detection and response — remains the centerpiece of any effective SIEM solution. Security analysts and security operations center (SOC) leaders today need to detect both known and unknown threats in real time. By applying analytics to a combination of threat intelligence, behavioral analytics and a wide variety of security monitoring data, organizations can improve both their time to detection and total alert volumes. While these two basic outcomes — reduced dwell time and fewer alerts — sound tactical, they can ultimately help security teams become less distracted and more effective at managing threats, which helps reduce business risks and liabilities and maintain a positive brand reputation.
The second element of Gartner’s definition of a leader, rapid adaptation to customer environments, is becoming a core factor in how much return on investment (ROI) customers realize and how quickly they realize it. Ad hoc content, add-on applications and flexibility in upgrading the platform are all required to mature a SIEM system in an affordable way once it’s installed.
Also included in this element is the ability to scale the platform in terms of both network coverage and security capabilities. By using out-of-the-box content to automate and streamline more security workflows, organizations can better combat challenges related to the shortage of skills and headcount and better enable the business to adopt new technologies that can help increase its competitive position.
The third element of a leading SIEM is strong market presence and easy access to services. Growth rates around the world still vary based on local security maturity, regulations and specific geographic needs. Customers are looking for access to local resources to help meet their unique requirements and learn lessons from a local community that has already gone through SIEM deployment. It is not uncommon for customers to first select a SIEM platform and then find a local managed service provider or systems integrator for operational support or oversight. Support for this approach provides SIEM users with multiple options to help optimize operating expenses without cutting into expertise.
Take Your SIEM Deployment to the Next Level
[to continue, click HERE]