Gartner Research

SIEM Technology Assessment and Select Vendor Profiles

Published: 15 September 2014

ID: G00264177

Analyst(s): Anton Chuvakin

Summary

Security information and event management is a crucial and widely used security technology, yet many security architects struggle to get value from their often expensive deployments. Deeply understanding SIEM technology and products is critical to success.

Table Of Contents
  • Key Findings

Analysis

  • Introduction
  • SIEM Drivers and Requirements
  • SIEM Drivers
    • Driver: Current and Emerging Threats
    • Driver: Compliance Mandates and Regulations
    • Driver: Converging Threat and Compliance
  • SIEM Market
    • Market Basics
    • Market Segmentation
  • SIEM Market Dynamics
    • SIEM Challenges Driving the Evolution
    • Potential Market Disruptors
  • SIEM Market Trends
    • Core Trend: More of Everything
    • Converging Core Functionality
    • Variability in Analytics Capabilities
    • Workflow and User Experience Evolution
  • SIEM Technology
    • SIEM as Security Monitoring
    • SIEM Capabilities
    • SIEM Technology and Functional Components
    • SIEM Tool Generic Architecture
    • SIEM Performance Considerations
    • SIEM Tools and SIEM Content
  • SIEM Use Cases
    • SIEM Deployment Scenarios: Do I Need a SOC?
  • SIEM Sourcing Options
    • More Outsourcing vs. Less Outsourcing
    • SIEM Services and Outsourcing
  • Approaches to SIEM Solutions Comparison
  • Strengths
  • Weaknesses

Guidance

  • Evaluate SIEM Solutions Based on Both Threat and Compliance Use Cases
  • Review Your Use Cases in Depth Before Deciding on a SIEM Tool
  • Large Enterprises Should Pick Solutions With Extensive Enterprise Maturity
  • Use This Assessment and SIEM Evaluation Criteria to Define Additional Criteria for Choosing a SIEM Solution
  • Consider Usage Scenarios Such as SOC or Virtual SOC
  • Review Sourcing Options for SIEM Tools
  • Evolve a Chosen Sourcing Option Over Time
  • If Using External Parties for SIEM, Focus on Knowledge Transfer
  • Use NFT and ETDR in Addition to SIEM for Comprehensive Security Monitoring and Enterprise Visibility

The Details

  • Profiled Vendors
    • HP ArcSight
    • McAfee/NitroSecurity
    • IBM Security QRadar SIEM
    • LogRhythm
    • Splunk

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.