Gartner Research

SIEMese Twins: The Security Information Management and Security Event Management Markets

Published: 20 December 2007

ID: G00203371

Analyst(s): Bob Blakley

Summary

The security information and event management (SIEM) space has matured, consolidated, and differentiated over the last two years. Compliance, especially with the Sarbanes-Oxley Act (SOX) and Payment Card Industry (PCI) regulations, has been a primary driver of the SIEM market. In this report, Principal Analyst Bob Blakley discusses the forces that have driven vendors to distinguish security information management (SIM) from security event management (SEM) while continuing to offer both capabilities, and considers how such solutions can provide value to the enterprise.

Table Of Contents

Synopsis

Analysis

  • SIM or SEM?
  • Information Overload: Considerable Truth, Considerable Hype
  • Evolving Business Case
  • Technology Trends
  • Problem Areas
  • Market Impact
    • Market Definition and Size
    • Market Segmentation
    • Market Dynamics
  • Customer Perspectives
    • Product Selection
    • The Wide and Far
    • Plan for Data Explosion
    • Use SEM as a Security Operations Force Multiplier
    • Managing the Case
    • Use What You Have
  • Recommendations
    • Involve Security, Network, Legal, and Audit Teams Early
    • Design Workflows and Reports First
    • Compliance Requires Both SIM and SEM
    • Consider Your Organization's Size
    • Use SEM for Operations and SIM for Investigations
    • Manage Storage
    • Build Meaningful Metrics
    • Add Business Context to Analysis and Response
    • SEM Amid the Field of Alternatives
    • Which Records and How Long to Store?
    • Draw Lines of Responsibility

The Details

  • Collection
  • Normalization
  • Aggregation
  • Correlation
  • Visualizing and Reporting
  • Standards
  • Vendor Solutions
    • Product Components
    • ArcSight
    • CA
    • Cisco Systems
    • EMC
    • IBM
    • Intellitactics
    • LogLogic
    • netForensics
    • NetIQ
    • Novell
    • OpenService
    • Q1 Labs
    • SenSage
    • Symantec
    • TriGeo Network Security
    • Others

Conclusion

Notes

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.