Last week Gartner published its 2018 Magic Quadrant for Security Information and Event Management (SIEM). As in past years, the report supports the steady evolution of SIEM technology and the growing demand from customers for simple SIEM functionality with an architecture built to scale that meets both current and future use cases.
So how do we interpret from Gartner what it means to be a SIEM leader in 2018? Based on a quick dissection, the main characteristics of a leading SIEM tool are centered around innovation in early threat detection, adaptation to customer environments and strong market presence.
What Separates a SIEM Leader From the Rest of the Market?
The first element, early detection via analytics — more clearly stated as efficacy in threat detection and response — remains the centerpiece of any effective SIEM solution. Security analysts and security operations center (SOC) leaders today need to detect both known and unknown threats in real time. By applying analytics to a combination of threat intelligence, behavioral analytics and a wide variety of security monitoring data, organizations can improve both their time to detection and total alert volumes. While these two basic outcomes — reduced dwell time and fewer alerts — sound tactical, they can ultimately help security teams become less distracted and more effective at managing threats, which helps reduce business risks and liabilities and maintain a positive brand reputation.
The second element of Gartner’s definition of a leader, rapid adaptation to customer environments, is becoming a core factor in how much return on investment (ROI) customers realize and how quickly they realize it. Ad hoc content, add-on applications and flexibility in upgrading the platform are all required to mature a SIEM system in an affordable way once it’s installed.
Also included in this element is the ability to scale the platform in terms of both network coverage and security capabilities. By using out-of-the-box content to automate and streamline more security workflows, organizations can better combat challenges related to the shortage of skills and headcount and better enable the business to adopt new technologies that can help increase its competitive position.
The third element of a leading SIEM is strong market presence and easy access to services. Growth rates around the world still vary based on local security maturity, regulations and specific geographic needs. Customers are looking for access to local resources to help meet their unique requirements and learn lessons from a local community that has already gone through SIEM deployment. It is not uncommon for customers to first select a SIEM platform and then find a local managed service provider or systems integrator for operational support or oversight. Support for this approach provides SIEM users with multiple options to help optimize operating expenses without cutting into expertise.
Take Your SIEM Deployment to the Next Level
IBM was named a SIEM leader in the 2018 Gartner Magic Quadrant report. The IBM QRadar platform has demonstrated continuous innovation that has expanded its value, from its origins in network behavior anomaly detection to real-time threat detection to more recent developments that help automate investigations and streamline orchestrated response processes.
Unique to QRadar is the simplified approach to provide a continuous evolution of use cases and deployment options via optimized content packs, easily downloadable apps from IBM Security App Exchange and flexible deployment options that support organizations regardless of where they are on their cloud journey.
Market presence also contributed to IBM’s leadership; a community of thousands of customers worldwide, a strong business partner network and a wealth of services options allows QRadar customers to easily find knowledgeable local resources that can help them maintain and scale their platform.
To learn more about Gartner’s full review of QRadar, SIEM market trends and vendor evaluation criteria, download your complimentary copy of the 2018 Gartner Magic Quadrant for SIEM.
We also invite you to register for our upcoming webinar, “Stay Ahead of Threat Detection & Response with a Scalable SIEM Platform.” The webinar will take place Dec. 18 at 11 a.m. ET and will be available to watch on-demand thereafter.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.