The authors of The Forrester Wave™ turn to a quote from ‘The Empire Strikes Back’ to sum up the direction of SIEM: “You truly belong here with us among the clouds.” Sticking with ‘Star Wars’ for guidance, we might also find some truth in ‘The Phantom Menace’: “You can’t stop change, any more than you can stop the suns from setting.”

Security analytics has always needed to adapt to changing threats, and this year has been no exception. Threat detection, investigation and response are more complex than ever. Enterprise is shifting the workload to the cloud as employees work at home in an always-evolving threat landscape.

Therefore, modern security analytics is more than SIEM. It also needs to include SOAR, user and entity behavior analytics (UEBA) and sometimes extended detection and response (XDR).

As a buyer in 2020, what trends should you consider when making a purchase? Drawing on insights from ‘The Forrester Wave™: Security Analytics Platforms, Q4 2020’, cloud services will be key, and pave the way for a suite of features to look out for when choosing between solutions.

Download the report

SIEM Cybersecurity for Cloud Services

In the past, security analytics have been seen as an on-premise toolset. However, recent years have seen growth in software-as-a-service (SaaS) SIEM security tools. These have arisen in response to demands for lower capital expense in favor of a model based on operating expenses. SIEM tools delivered as SaaS also offer quicker time to value, are more flexible and scale easily.

Now, many vendors offer cloud deployment on infrastructure-as-a-service (running in AWS/Azure) and in containers. The deployment of these solutions can be even more flexible, providing better scale and portability.

Using SIEM via SaaS or cloud-hosted models “has enabled vendors to more quickly roll out new capabilities to their customers and decrease the management overhead for these systems,” the authors of the Forrester report state.

Fast and flexible cloud service is a major factor in the trends for additional features that SIEM buyers in 2020 should look for.

Customizability

For enterprises, detection content and analytics straight from the vendor could be enough. However, enterprises with advanced use cases need more flexibility. In addition, power users need to be able to create custom analytics. Open analytics and machine learning are critical for custom detection.

Advanced Analytics

In 2018, Gartner predicted that 85% of UEBA would be a feature of broader security platforms. Many vendors support behavioral analytics and provide more data via network and endpoint detection tools. Two years later, threats and threat actors have evolved, demanding layered analytics such as:

  • Correlation, including multiple sources, threat data and out-of-the-box detection use cases.
  • Machine learning, including multiple statistical models applied to users, networks and assets.
  • Automation, including automated detection and response workflows and automated response for malware or phishing.

MITRE ATT&CK™

Over recent years, the MITRE ATT&CK framework has become the de facto threat detection framework, based on models of how attackers operate.

Teams need the ability to map their tasks — including visibility and detection, investigation and response — to the framework. Doing so can help reveal gaps in their walls and enable them to detect attacks before they progress. Picturing active exploits and attacks in progress provides context for threat hunters and responders that can help them act faster and with confidence when studying threats.

XDR

XDR offers diverse threat detection and response. The mix of endpoint detection and response (EDR) and analytics from other tools “[provides] highly enriched telemetry, speedy investigations and automated response actions,” according to The Forrester Wave™.

Earlier this year, we explored the past, present and future of SIEM. One trend we studied is the continued adoption of behavioral-based analytics across users, devices, networks, apps and the cloud. From there, we saw the future of SIEM as open, with a need for more cohesive workflows powered by tools working together seamlessly.

Looking ahead to the end of 2020 and beyond, it’s intriguing to see industry efforts toward open security, standard protocols and collection of readings from multiple systems evolving into this new realm. With XDR, the industry is enabling a broader, more connected approach.

SIEM is Always Evolving

With eyes on how much security analytics has evolved in the past and looking ahead to upcoming changes, it becomes clear how important it is to select a partner that understands market needs.

IBM Security has been named a leader in The Forrester Wave™ for Security Analytics, Q4 2020 and had the highest score in the current offering category. Check out The Forrester Wave™ for the current overview of the security analytics market.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings and comments. Forrester does not endorse any vendor, product or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today