On September 21, 2018, Forrester formally released a vendor assessment report for the 2018 Security Analytics platform (Platform Wave), an assessment similar to Gartner's MQ.
The SAP market segment was presented by Forrester in 2016 and was first given a Forrester Wave assessment in 2017 (see the FORRESTER:2017 Annual Security Analytics Platform Vendor assessment (Forrester Wave)). The definitions for SAP and SA have been explained in the previous article and are not described here.
In the 2017 report, Forrester said that Siem vendors were evolving to SA, while in the 2018 report, Forrester made it more straightforward to say "SAP is the next generation of Siem". As in 2017, Forrester identified the core features of the next generation of Siem (i.e. SAP) as distinct from the previous generation of Siem: Nav, Suba, and Sao, as well as big data architectures. The first three of the Gartner statements we generally use are NTA, Ueba, and Soar, which are network traffic analysis, user entity behavior analysis, and security orchestration and automated response. It can be said that, although the concept of different nouns, but the connotation is basically consistent.
Back to this Forrester wave itself, as shown in:
The top part of this ranking is also more similar to Gartner SIEM MQ2017.
In this assessment, Forrester has set 30 evaluation metrics, including: Data architecture, deployment methods, data logger, customization capabilities, correlation analysis, real-time monitoring, advanced detection technology, risk computing, UBA, cloud security, integrated NTA, integrated data security information, integrated endpoint security information, log management, Threat intelligence, integrated vulnerability data, survey and event disposition, dashboards and reports, compliance XXX, scalability, security orchestration and automation, user experience, and more.
Finally, Forrester has analyzed security experts ' requirements for future SAP, including:
1) SAP has a variety of deployment methods, hardware, software, virtual, cloud, and so on;
2) data and analysis decoupling. For example, users have their own data lake, or can use different analysis tools for the data;
3) More flexible and diversified licensing methods, not only the purchase-type authorization, but also a lease-type authorization;
4) More flexible pricing methods, especially in the form of EPS or data-based pricing other users are difficult to accept, like Splunk, the brunt.
Reference
FORRESTER:2017 Annual security Analysis Platform Vendor assessment (Forrester Wave)
FORRESTER:2018 Annual security Analysis Platform Vendor assessment (Forrester Wave)