Gartner has just published its annual Magic Quadrant report for Security Information and Event Management (SIEM) Technology. In its report, the industry research firm rates 15 vendors on how their products address customers' needs for security intelligence and analytics, ranking them on their ability to execute and completeness of vision.
Gartner graphs the rankings, with completeness of vision on the X-axis and the ability to execute on the Y-axis. The graph is sectioned into four quadrants, with the upper-right quadrant the "Leaders," the upper-left the "Challengers" (strong execution but weaker on vision), the lower-right the "Visionaries" (strong on vision but weaker on execution), and the lower-left the "Niche Players."
IBM Security QRadar rated highest in the Leaders quadrant, followed by Hewlett-Packard, McAfee, Splunk and LogRhythm.
The report gave IBM's QRadar high marks for its "integrated view of the threat environment using NetFlow DPI and full packet capture in combination with log data, configuration data and vulnerability data from monitored sources." Additionally, feedback from IBM customers indicates that the technology is "relatively straightforward to deploy and maintain in both medium-size and large environments."
Gartner deemed QRadar to be a good fit for mid-size and large enterprises that need general SIEM capabilities, and also for use cases that require behavior analysis, NetFlow analysis and full packet capture.
HP's ArcSight Express should be considered for midsize SIEM deployments, according to Gartner. ArcSight's Enterprise Security Manager (ESM) is appropriate for larger deployments, as long as sufficient in-house support resources are available, according to Gartner. ESM provides a complete set of SEM capabilities that can be used to support a security operations center. ArcSight Express provides a simplified option for midsize SIEM deployments.
Splunk is a good fit for security organizations that require customizable security monitoring and analytics, and is an especially good fit for use cases that span security and operations, and for deployments with a focus on application monitoring, according to the report.
"Splunk's strong presence in IT operations groups can provide the security organization with early hands-on exposure to its general log management and analytics capabilities, "pre-SIEM" deployment by operations for critical resources, and in-house operations support for an expanded security-focused deployment," Gartner said.
Two vendors occupy this quadrant: EMC (RSA) and NetIQ.
The report concluded that RSA Security Analytics is best suited for organizations that have high-security environments and the staff to support a complex technology that requires extensive customization, along with a need for log-based monitoring and network-level monitoring. (continued...)
Posted: 2014-07-06 @ 12:27pm PT
You can also give the charts?
Posted: 2014-07-02 @ 5:51pm PT
This just goes to show how far behind the curve Gartner is. And how selective their client stories are. SIEM is outdated and will be superseded in the near future by open source platforms. Advice to CISOs: save your money, there is no value in SIEM.