Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

GigaOm Radar for Security Information and Event Managementv2.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Andrew Green

1. Summary

The security information and event management (SIEM) solution space is mature and competitive. Most vendors have had well over a decade to refine their products, and the differentiation among basic SIEM functions is fairly minor.

In response, SIEM vendors are developing advanced platforms that provide greater context and deploy machine learning (ML) and automation capabilities to augment security analysts’ efforts. These solutions deliver value by giving security analysts deeper and broader visibility into complex infrastructures, increasing efficiency, and decreasing the time to detection and response.

Vendors offer SIEM solutions in various forms, such as physical appliances, virtual appliances that can be installed in the customers’ on-premises or cloud environments, cloud-hosted solutions on either dedicated or shared infrastructure, and software as a service (SaaS) models. Many vendors have developed multitenant SIEM solutions for large enterprises or managed security service providers (MSSPs). Customers often find SIEM solutions challenging to deploy, maintain, or even operate, leading to a growing demand for managed SIEM services, whether provided by the SIEM vendor or third-party partners.

SIEM solutions continue to vie for space with other security solutions, such as user and entity behavior analytics (UEBA), endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), and security analytics solutions. All SIEM vendors support integrations with other security solutions. Many vendors also offer tightly integrated solution stacks, allowing customers to choose the solutions they need most, whether just a SIEM, a SIEM and a SOAR, or some other combination. Other vendors are incorporating limited EDR- or SOAR-like capabilities into their SIEM solutions for customers who want the extra features but are not ready to invest in multiple solutions.

This GigaOm Radar report details the key SIEM solutions in the market, identifies key criteria and evaluation metrics for selecting a SIEM, and identifies vendors and products that excel. It will give you an overview of the key SIEM offering and help decision-makers evaluate existing solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.