This post is also available in: עברית (Hebrew)
Often seen as inflexible, slow and failing to deliver on the promise of Security Information and Event Management (SIEM), the traditional SIEMs of yesterday are rapidly being replaced by the security intelligence platforms of tomorrow. These products leverage big data architectures to enable a wide range of security and compliance use cases including incident investigations, SIEM, unknown threat detection and analytics. In fact, Gartner recently listed Splunk as the fastest growing security software vendor in the world for 2012.
As Gartner concluded in the Magic Quadrant report, “During the past year, demand for SIEM technology has remained strong…. We continue to see large companies that are re-evaluating SIEM vendors to replace SIEM technology associated with partial, marginal or failed deployments,” according to the report authors Mark Nicolett, managing vice president, and Kelly Kavanagh, principal analyst, security, risk and compliance.
“The greatest area of unmet need is effective targeted attack and breach detection…. The situation can be improved with better threat intelligence, the addition of behavior profiling and better analytics…. Several SIEM vendors are beginning to position their technologies as platforms that can provide security operations and application analytics.” Gartner added, “Scalability is a major consideration with SIEM deployments.”
This Gartner Magic Quadrant Evaluation is based on Completeness of Vision and Ability to Execute in the SIEM market.