Key Criteria for Evaluating Security Information and Event Management Solutions (SIEM) v1.0

An Evaluation Guide for Technology Decision Makers

Table of Contents

  1. Summary
  2. Security Information and Event Management Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Chris Grundemann
  9. About Logan Andrew Green

Summary

Security Information and Event Management (SIEM) solutions ingest security information from a range of products, then analyze and contextualize that data to provide a complete and actionable assessment of the cybersecurity threats facing an organization. These findings are then reported to end users, either directly or, for organizations that prefer a more hands-off approach, through managed SIEM platforms.

This report aims to give the reader a detailed and comprehensive framework for evaluating SIEM products. Targeting IT practitioners who are looking for three-dimensional insights into the SIEM market, it takes a considered and methodical approach to differentiating among the offerings of the leading vendors in this space.

Beginning with a primer on the development of SIEM platforms, the report traces the growth of the SIEM sector to accommodate the increasingly high volumes of security data produced by organizations across an ever-growing number of endpoints and environments.

The report then establishes a framework for evaluating the offerings of different vendors, beginning with the expectations for any SIEM platform, such as the need for flexible storage capabilities and support for multiple security inputs.

It continues by examining the features that can be used to differentiate among products, such as proactive threat hunting and platform automation, that will guide and inform your evaluation of the suitability of a solution to meet your business requirements.

The emerging technologies section looks to the medium- and long-term future of the SIEM market, identifying technologies that will add significant value to a platform as they develop and mature.

Read the full report to:

  • Discover how SIEM vendors are addressing the challenges posed by the move away from traditional on-prem endpoints and toward the embrace of a decentralized cloud-first environment.
  • Learn how machine learning and big data are informing and driving the evolution of SIEMs to better protect businesses from new threats.
  • Explore the debate over the possibility that SIEM tools will evolve into a single pane of glass to provide visibility across all security operations.
  • Understand how different distribution models for SIEM platforms and services can cater to a wide range of needs and budgets.

Chris Grundemann is GigaOm’s chief networking and security analyst, as well as the author of an IEFC RFC, two books, and countless articles and papers. His work as an analyst builds on an extensive career as a network engineer and solution architect.

Coauthor Logan Andrew Green is an experienced technologist and technical writer with a background in radio network optimization engineering. He currently oversees Vodafone’s portfolio of managed enterprise IT products.

Full report available to GigaOm Subscribers.

Subscribe to GigaOm Research