SIEM 2022 - Gartner Magic Quadrant

Over the past year, SIEM has undergone significant evolution in 2022, thus reinforcing digital security operations. In this article, we will share with you the new predictions for the future of this tool. 

Analyzing SIEM is something we are passionate about, and for the past decade at A3Sec, we have been analyzing it to understand the evolution and positioning of the market. 

To provide some context, the term SIEM refers to "Security Information and Event Management." It is a comprehensive cybersecurity approach that merges Security Event Management (SEM) with Security Information Management (SIM) into a unified platform. 

For more information, read here the history of SIEM Magic Quadrants. 

Just to refresh our memory a bit, last year we concluded that SIEM was not losing ground and continued to gain strength in cybersecurity strategies. Additionally, it evolved to include several features that were previously seen as additional tools in the digital security architecture, such as UEBA, SOAR, and TIP. The migration to the cloud and the need for managed services were also observed.

You might find it interesting: Magic Quadrant 2021 analysis.

Do you want to know how the result of SIEM 2022 turned out?

Well, here we have it!

How has it evolved in recent years?

Microsoft experienced significant growth and emerged as a leader in its second year. Splunk showed notable recovery, and Gucurul demonstrated remarkable evolution in the market.

• If we focus on the leaders, we can observe a new addition compared to 2021, which is Microsoft, Rapid7, and LogRhythm.
• In terms of regression in their position compared to 2021, Exabeam stood out the most.
• Finally, this year, Netwitness, VenusTech, FireEye, McAfee, and Odyssey were not included.
  
  

What did we see in 2022 that we didn't see before?

For the last year, the vision we presented about SIEM's evolution as a tool that integrates security operations functionalities, such as TIP, UEBA, and SOAR, is further strengthened. Additionally, it begins to generate the intention of integrating the security ecosystem, with a need to connect with EDR and NDR. 

Gartner Has been emphasizing the market's need for vendor integration, but we see it more as a necessity to strengthen and make digital security operations more efficient on a daily basis. 

One emerging impactful element is coverage, both in commercial aspects and support, as well as the ability to have managed services with the solution. We see that some solutions are affected due to the lack of coverage or the absence of MSSP or MDR. 

An important aspect is the ability to serve as a single control panel with information not only for SecOps but also for DevOps and IT observability.

Which precautions had the most impact on SIEM in 2022? 

The elements that Gartner highlights as important considerations for acquiring SIEM tools can be summarized in the following list:

• Absence of features of a modern SIEM: It has evolved and now integrates functionalities such as UEBA, Advanced Analytics (ML and DL), SOAR, and TIP.
  
  
• Regional coverage and absence of managed services: The importance of having a market presence and coverage is emphasized to ensure effective sales and support processes. Additionally, it is important to have providers or the ability to have managed cybersecurity operation services with the solution.
  
  
• Inadequate marketing messaging: There is a problem with positioning concepts such as XDR and NG SIEM. Some companies fail to convey the differences between these concepts with their value proposition.
  
  
• Cloud environment coverage: We integrate two key elements, the first being a native cloud solution, and the second being the ability to have visibility and security management capabilities for cloud solutions.
  
  
• Agility in implementation and visibility evolution: Among the challenges mentioned, clients highlight the complexity of implementing certain solutions and integrating new event sources or product evolution within the organization.
  
  
• Pricing model: Gartner cautions that clients should have clarity on the pricing model and understand the impact of growth and the required functionalities to avoid project setbacks over time.
  
  

Our predictions for SIEM Evolution

The great concern surrounding the marketing concept of XDR is starting to be resolved. Some argued that it was an EDR on steroids, while others believed it was the integration of the EDR + NDR + SIEM triad. What is becoming apparent is that it encompasses all of the above, along with cybersecurity operational services. 

The integration of cybersecurity ecosystem components is a reality. Three years ago, we discussed that UEBA represented use cases and advanced analytics models within SIEM and that SOAR should be a SIEM functionality. Now, what we will see is that SIEM will become the unified solution for visibility and management of faults, events, incidents, and failures for cybersecurity operations, as well as for the processes of IT, OT, IoT, and cloud workloads. 

The short-term focus will be on maturing workflows to be more efficient in daily operations, such as managing prevention requirements (vulnerability management, patches, and configuration) and responding appropriately to breaches and incidents to reduce dwell time and minimize the impact of incidents. Want to know the cost of incidents and the time of exposure to attacks? Click here and find out. 

Driving collaborative intelligence: enhancing cybersecurity detection and response with SIEM

Last but not least is the ability to consume, create, and share intelligence. This capacity helps the ecosystem continuously improve its detection and response capabilities.

Every intelligence system, incident response team, threat hunting unit, and cybersecurity data scientists should contribute to enhancing the security capabilities and posture of all organizations. In this way, together, we can effectively and efficiently secure digital assets. All this is made possible through SIEM, which continues to evolve and become the central control for our cybersecurity operations. 

If you want to read Gartner's 2022 Magic Quadrant, our partner Splunk shares it with you through this link by clicking here.