It is with great excitement that I have to announce the release of my two papers on Security Information and Event Management (SIEM):
- “Security Information and Event Management Architecture and Operational Processes”
- “SIEM Market Trends, Solutions, Assessment and Select Product Profiles”
Think of the first paper as of “a missing SIEM program manual.” It contains 39 pages of guidance on architecting, deploying, operating and expanding your SIEM deployment. The paper does not cover vendors and product selection. A few quotes follow below:
- "Using security information and event management (SIEM) requires much more than just buying technology. Understanding how to properly design and run SIEM is critical to avoiding the costly mistake of an ineffective or failed deployment”
- “Many an SIEM deployment turns out ineffective or overly expensive due to poor planning and execution. This is because, even with today’s mature product choices and proven deployment options, using SIEM requires more than just out-of-the-box technology.”
- “SIEM tools have been, and are expected to remain, a central point for security monitoring within enterprises. Building, operating and growing an SIEM solution — particularly as part of a larger security monitoring and assessment architecture — is not an easy exercise.”
- “To maximize the often large investment and minimize the risk, organizations must perform the following steps: define scope, use cases and requirements; select the right product to fit these criteria; use a phased deployment approach; define SIEM users’ roles and skills; create processes that use or support SIEM; and tune and refine the uses cases and SIEM deployment over time.”
Think of the second paper as of a in-depth look at today’s SIEM technology and market, as relevant to large enterprises. A few quotes follow below:
- “Security information and event management (SIEM) is a pivotal and widely used security technology, yet many enterprises struggle to get value from their often expensive deployments. Deeply understanding SIEM technology and products is critical to success.”
- “The SIEM market continues to be populated by many vendors, despite incessant predictions of consolidation. Having 20 vendors in the market does not mean that all of them compete for large enterprise deals.”
- “SIEM tool’s enterprise maturity criteria is important: An SIEM product that has been developed and then refined over many years is a better fit for environments where security processes were also refined over years.”
Enjoy! These are by far my favorite research pieces I’ve created in my 16 months at Gartner.
P.S. Access to the papers require Gartner for Technical Professionals (GTP) subscription.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.