Vendor Landscape: Security Information & Event Management (SIEM)
Executive Summary
Situation
!
Info-Tech Insight
• Security threats continue to be more sophisticated and advanced with
•
each day, with the majority often going completely undetected.
Organizations are usually scrambling to keep up and implement new
security controls to protect themselves, which adds a new layer of
complexity.
Complication
?
• With the rise of Advanced Persistent Threats (APTs) and insider attacks,
•
it becomes extremely difficult for security staff to detect all the risks.
Many IT and IT Security staff are already stretched thin by keeping track
of many different security technologies that already exist.
1. A SIEM isn’t for everyone.
Review your appropriateness and
create a formalized SIEM selection
process to determine your needs.
2. A SIEM is not your only answer.
Proper implementation and ongoing
use is needed in order to maximize the
benefits of a SIEM solution
?
Resolution
• SIEM can provide a great deal of visibility into an organization’s networks and identify extremely sophisticated threats that
•
•
•
may have otherwise been hidden.
By integrating with other security technologies, the SIEM solution can act as a single window into the threats and possible
breaches that your organization is facing.
SIEM technology is also becoming more advanced with the capability to use advanced correlation engines as well as big
data analytics to provide insightful analysis and forensics into the overall data.
Use Info-Tech’s research to gain more insight into which vendors and products are appropriate for your business, and
follow our implementation to ensure that you are set up for success.
Info-Tech Research Group
3
SIEM Market Overview
How it got here
• SIEM used to be two separate products: Security
Event Management (SEM) and Security Information
Management (SIM).
• SIEM was created initially as a compliance
management tool. It had the ability to centralize,
review, and report on log activity.
• Soon after, the ability to correlate logs was leveraged
to provide threat detection and advanced intelligence
tools in order to examine IT systems more closely.
• SIEM solutions were initially directed towards large
enterprises with high volumes of data and resources.
This changed as more and more SIEM vendors began
offering products to the small and mid-sized market.
• SIEM products expanded use with integration into
other security technologies in order to provide a holistic
view into the security of an organization with the ability
to push out commands and data to other systems.
Where it’s going
• Advanced analytics will change the landscape of
SIEM entirely and allow for the detection of complex
and sophisticated security events.
• Organizations are looking to take advantage of big
data and SIEM vendors are no different. More SIEM
solutions will focus on leveraging and analyzing big
data to provide superior results.
• Managed SIEM providers will continue to increase in
demand for small and large organizations. Smaller
organizations won’t have internal resources or
expertise to staff a SIEM. Larger organizations may
not want to dedicate resources or decide a provider
has the necessary expertise they require.
• As organizations continue to grow larger and more
diverse, the ability to scale in heterogeneous
environments becomes more important as SIEM
products will need to keep up with the advancing
technology systems in organizations.
As the market evolves, capabilities that were once cutting edge become default and new functionality becomes
differentiating. Basic forensic analysis capabilities have become a Table Stakes capability and should no
longer be used to differentiate solutions. Instead focus on advanced detection methods and usability to get the
best fit for your requirements.
Info-Tech Research Group
4
Please complete the form to gain access to this content
