Another year of publishing the Gartner Magic Quadrant for SIEM, our flagship tool in the Data-Driven Cybersecurity line.
While we update our SIEM functionalities tool that we published in 2020, I decided to share some conclusions of the evolution of this service and what vendors position as new functionalities or default functionalities of a SIEM solution.
SIEM solutions are defined as tools that support the Cybersecurity function to cover the following customer needs:
Although the main source of events is logs, telemetry processing such as flows or packets is becoming important. Additionally, context by enriching user, asset, threat and vulnerability information for the purpose of assessing, prioritizing and accelerating investigation becomes critical.
Technology must offer real-time event analysis and telemetry for security monitoring, advanced analysis of user and entity behavior, wide-ranging analytics for historical analysis, support for investigation and incident response and reporting (compliance requirements).
SIEM has long since become an ideal solution for security incident detection and response. Last year, new capabilities such as advanced data analytics and process automation and orchestration were introduced. Now the focus is on 3 key elements:
SIEM is here to stay. We find in the integration of solutions such as UEBA or SOAR, an evolution of SIEM with new capabilities in detection and response for the Cybersecurity function.
SIEM Native Cloud and Hybrid. The fundamental architecture of the SIEM solution, is a Cloud native SIEM with SaaS capabilities, integrations and visibility for cloud processing, on premise and Cloud services (Office 365 or SalesForce, among others).
Not just the tool, customers need MDR. The conclusion of the analysis shows that manufacturers are looking for channels or offering MDR (Managed Detection & Response) capabilities because security is not only the technological part, but also the processes and equipment.
Interested in learning more about it, meet me!