gartner:2015 Siem (Security information and event management) market analysis

July 20, 2015, Gartner released the 2015 annual Siem Market Analysis Report (MQ).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/70/07/wKiom1WvnGnS6N5OAAE8wbQPrQ4610.jpg "title=" 11.jpg "alt=" Wkiom1wvngns6n5oaae8wbqprq4610.jpg "/>

Compare 2014:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/37/BF/wKiom1OuLrGS8jgeAAD_XIFvuJ0205.jpg "title=" Gartner_siem_2014.png "alt=" Wkiom1oulrgs8jgeaad_xifvuj0205.jpg "/>

As you can see, Splunk has gone beyond McAfee (Intel Security), and the overall score is slightly stronger than HP Arcsight. At this point, the new three-strong Siem production, respectively, IBM, Splunk and Hp,mcafee fourth, and LogRhythm is also step-by-step.

In addition, Tiboco/loglogic and Tenable withdrew from the Siem rankings, which Gartner says is that they no longer target their products as Siem Products, although they offer some overlap with Siem's use cases, but more are complementary to the Siem.

IBM is still the boss, and Q1lab's merger continues to show its correctness, especially in the organization of IBM security, which was built with Q1lab, and I think it's a lot smarter than the HP Integration ArcSight "IBM is making most of the security business for the Q1 team, HP is putting arcsight into its own security business team. " IBM's technical performance or its product strategy layout is higher than that of peers, and this is the benchmark for our learning, especially in the product layout of this piece. BTW, we are also in the event from the flow to the package analysis of the layout, and has been small, hehe. And we've found "overtaking corners".

Gartner has also recognised the performance of ArcSight. In 2014, finally, some necessary updates were made. But even so, arcsight is too heavy, its deployment and operation of the high complexity of the user is still a lot of disease scale. In the most critical technical indicators evaluation, most of the technical indicators (scalability, performance, preset rules effectiveness, customization convenience, reporting, query, product quality and stability) are lower than the average score of the participating vendors, indicating that their technical performance is not good, thanks to performance and other aspects to any coins. Recalling ArcSight by the HP merger of these years, garnter to his assessment can be summed up in a sentence, that is--------- backward .

Splunk was not targeted for security alone, he was meant to be an enterprise analytics application for the entire IT business. Security is just one area of application (Splunk app for Enterprise Security). But over the years, the main source of revenue is to focus on security, and it seems that their team is better at cyber security. Splunk compared to several other giants, Siem functionality is not comprehensive, more adept at security analysis, but there is a lack of custom security rules, workflow processing, Gartner advises customers to purchase a separate workflow system and Splunk integration. Also, Splunk's licensing model makes its products more expensive than elsewhere.

McAfee's exit three is not to say that he has any major setbacks, more because of the progress of Splunk, McAfee is not only back. In the evaluation of several technical indicators, the product score is lower than the average score.

In addition, the performance of RSA is still not improvement, although the SA platform has been replaced by the original envision. Probably because the core of SA is not log processing and analysis, it takes more effort to do all-inclusive capture and analysis. Furthermore, RSA shares many of the SIEM/SOC related advanced features into other products.

There is a big setback for the manufacturer is NetIQ, I think the main reason is the repeated mergers and acquisitions, tossing, from NetIQ's own Siem, to later the capital was stuffed into the Novell Sentinel, to now be stuffed into the micro Focus suite. It is estimated that their research and development are exhausted, the customer is dizzy. NetIQ do enterprise-class It software is full, but always can not reach the higher realm.

In the Siem Market, 2014 reached $1.69 billion, up from $1.5 billion in 2013, 12.4%,gartner used "strong" (strong) to describe the growth of the Siem Market.

Gartner believes that the market drivers of Siem are also threat management and compliance management, and that the technology development direction is the same as the one mentioned in 2014, which is more prominent in threat intelligence integration, including the integration of some of these vendors with their own threat intelligence content.

In Big Data technology applications, IBM,HP and RSA are integrating their Siem products with their big data technologies, while McAfee and Splunk integrate with third-party big data technologies.

Finally, take a look at the descriptive definition of the Siem Market. This year, Gartner has tweaked the phrase a little bit (it has lasted 3 years). That's how it's written now:

The security information and event Management (SIEM) are defined by the customer's need to apply security Analy Tics to event data in real time for the early detection of targeted attacks and data breaches, and to Collec T, store, analyze and report on log data for incident response, forensics and regulatory compliance.

And in the previous three years, it was written like this:

The security information and event Management (SIEM) are defined by the customer's need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report O N Log data for incident response, forensics and regulatory compliance.

The difference is that the concept of security analytics is very hot, and Siem uses security analytics to improve itself, and apt and information leaks are serious and must be used as a value orientation for Siem, more specifically than previous "internal and external threats".

Of course, Siem Nature has not changed, that is, some changes in wording, it deserves attention.

Reference

gartner:2014 Siem (Security information and event management) market analysis

GARTNER:2013 Annual SIEM Market Analysis (MQ)

gartner:2012 Siem (Security information and event management) Market Analysis report

Gartner publishes 2011 Siem Market Analysis Report (Magic Quadrant)

GARTNER2010 Annual safety Information and event Management (SIEM) Analysis report

Gartner's analysis of the 2009 security information and event Management (SIEM) Report

gartner:2015 Siem (Security information and event management) market analysis