GigaOm Key Criteria for Evaluating Security Information and Event Management (SIEM) Solutionsv4.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Executive Summary
  2. SIEM Sector Brief
  3. Decision Criteria Analysis
  4. Analyst’s Outlook
  5. About Andrew Green

1. Executive Summary

Security information and event management (SIEM) solutions consolidate multiple security data streams under one roof. Initially, SIEM solutions supported early detection of cyberattacks and data breaches by collecting and correlating security event logs. Over time, they evolved into sophisticated systems capable of ingesting huge volumes of data from disparate sources, analyzing that data in real-time, and gathering additional context from threat intelligence feeds and new sources of security-related data.

With more and more digital infrastructure and services becoming mission-critical to every enterprise, SIEM tools must handle ever-higher volumes of data. Therefore, vendors and customers increasingly focus on cloud-based SIEM solutions, whether SaaS or cloud-hosted models, for their scalability and flexibility. A fivefold increase in the number of alerts generated by a SIEM tool can easily be scaled in the cloud, whereas a similar change in on-premises deployments can require manual provisioning of additional infrastructure to support the increase.

As the nerve center of the security operations center (SOC), SIEM solutions are in a prime position to expand their capabilities through native developments, integrations with third-party security tools, or by consuming other tools altogether via mergers and acquisitions. An ongoing trend shows SIEM solutions integrating security orchestration, automation, and response (SOAR) solutions to create a product with deep end-to-end capabilities for managing security operations.

With increasing functions and responsibilities, SIEM solutions are now balancing between a comprehensive portfolio of capabilities on the one hand and usability and user experience (UX) on the other, all while recognizing an overlap with existing security tool deployments. Given more interdependencies, IT buyers must be aware of how deploying a SIEM solution will impact their existing ecosystem of security products, the costs involved, and the analysts’ experience.

Business Imperative
SIEM is an indispensable tool for organizations that must comply with industry-standard regulations, such as payment card industry (PCI)-DSS and HIPAA. Many regulatory bodies require organizations to have adopted a SIEM solution in order to become compliant with their regulations. Even organizations that don’t have to comply with these standards require a SIEM solution to monitor activity across their organization. The only type of organization that does not require or benefit from having a SIEM solution are small businesses or start-ups.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a SIEM solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a SIEM solution, we provide an overall Sector Adoption Score (Figure 1) of 4.2 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a SIEM solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for SIEM are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating SIEM Solutions

Sector Adoption Score

1.0

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for SIEM

This is the fourth year that GigaOm has reported on the SIEM space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective SIEM solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading SIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.