Customers look to security information and event management (SIEM) technology for real-time security monitoring, historical analysis, incident investigation, and compliance reporting. The technology aggregates event data collected by security devices, network infrastructures, systems, and applications, which it then correlates with contextual information about users, assets, threats, and vulnerabilities.
The SIEM market is defined by the customer’s need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze, and report on log data for incident response, forensics, and regulatory compliance. The vendors included in Gartner’s Magic Quadrant analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.
SIEM technology aggregates event data produced by security devices, network infrastructures, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as NetFlow and packet capture. Event data is combined with contextual information about users, assets, threats, and vulnerabilities. The data is normalized, so that events, data, and contextual information from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring, and compliance reporting. The technology provides real-time security monitoring, historical analysis and other support for incident investigation and compliance reporting.
According Gartner , a Security Intelligence article reports, SIEM is a $1.5 billion market that grew 16 percent during 2013 and is expected to grow at a rate of 12.4 percent in 2014. Gartner objectively evaluates a variety of SIEM technologies that address this market on a number of critical dimensions, including market responsiveness, customer experience, and pricing.
Dividing the field into Challengers, Leaders, Niche Players, and Visionaries, Gartner has applied a matrix of criteria to the SIEM providers in the field to rank them accordingly, examining market understanding, marketing strategy, sales strategy, product strategy, business model, vertical/industry strategy, innovation, and geographic strategy.
The Leaders quadrant consists of vendors that deliver solutions that are a good match to general SIEM market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market and show evidence of superior vision and execution. Leaders in 2014 included IBM Security, HP, Splunk, McAfee, and LogRhythm. EMC(RSA) and NetIQ fell into the Challengers quadrant, while Solar Winds, Trustwave, Tibco Software, Tenable Network Security, Event Tracker, AccelOps, and Black Stratus were Niche Players, and AlienVault was a Visionary.
The report provides strengths and cautions for each vendor assessed, as well as explanations of the criteria and the state of the market as a whole. The report may be downloaded here.