GigaOm Radar for Security Information and Event Management (SIEM)v4.0

Table of Contents

  1. Executive Summary
  2. Market Categories and Deployment Types
  3. Decision Criteria Comparison
  4. GigaOm Radar
  5. Solution Insights
  6. Analyst’s Outlook
  7. About Andrew Green

1. Executive Summary

The security information and event management (SIEM) solution space is mature and competitive. Most vendors have had well over a decade to refine their products, and the differentiation among basic SIEM functions is fairly minor. However, there’s an increasing number of younger SIEM vendors entering the market that can benefit from all the lessons learned across the 2010s to offer modern, lightweight, and often cloud-native solutions.

To improve differentiation, SIEM vendors are developing advanced platforms that provide greater context and deploy ML and automation capabilities to augment security analysts’ efforts. These solutions deliver value by giving security analysts deeper and broader visibility into complex infrastructures, increasing efficiency and decreasing the time to detection and response.

Vendors offer SIEM solutions in various forms, such as physical appliances, virtual appliances that can be installed in the customers’ on-premises or cloud environments, cloud-hosted solutions on either dedicated or shared infrastructure, and software as a service (SaaS) models. Many vendors have developed multitenant SIEM solutions for large enterprises or managed security service providers (MSSPs). Customers often find SIEM solutions challenging to deploy, maintain, or even operate, leading to a growing demand for managed SIEM services, whether provided by the SIEM vendor or third-party partners.

SIEM solutions continue to vie for space with other security solutions, such as user and entity behavior analytics (UEBA), endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), and security analytics solutions. All SIEM vendors support integrations with other security solutions. Many vendors also offer tightly integrated solution stacks, allowing customers to choose the solutions they need most, whether that’s just a SIEM solution, a SIEM and a SOAR solution, or some other combination. Other vendors are incorporating limited EDR- or SOAR-like capabilities into their SIEM solutions for customers who want the extra features but are not ready to invest in multiple solutions.

This is our fourth year evaluating the SIEM space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 24 of the top SIEM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading SIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.