A war is coming!! A war where not everybody will survive [which is, I guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance of a dramatic SIEM vs UEBA / UBA confrontation in the next 1-2 years – and it will be fun to watch!
The essence of this war is obvious from this visual (sourced from this presentation):
- A better SIEM vendors have acquired (one example), partnerered (two examples) or are building (three or more examples) UEBA capabilities. SIEM MQ nonwithstanding, there are only 3-5 SIEM vendors today that truly matter and all of them are aggressively working on UBA / UEBA projects. So, SIEM is doing [some] UEBA!
- Some UEBA vendors (example, example – there are others) are building SIEM platform features (collection, normalization, storage, etc) and report a growing number of SIEM-less deployments. So, UEBA is doing [some] SIEM!
But Anton, some of you may say, what war? Don’t SIEM vendors partner with UEBA providers? Suuuuure, they do, and some SIEMs treat their UEBA partners as “weird younger brothers” … Still, I hope neither side will be shocked when the other side’s marines land on their shores … and definitely not to “partner”
Who will win? Well….
Related blog posts about security analytics:
- Next Research: Back to Security Analytics and UBA/UEBA
- Sad Hilarity of Predictive Analytics in Security?
- Security Analytics Webinar Questions – Answered
- On Unknown Operational Effectiveness of Security Analytics Tooling
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- Now That We Have All That Data What Do We Do, Revisited
- Killed by AI Much? A Rise of Non-deterministic Security!
- Those Pesky Users: How To Catch Bad Usage of Good Accounts
- Security Analytics Lessons Learned — and Ignored!
- Security Analytics: Projects vs Boxes (Build vs Buy)?
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Security Analytics – Finally Emerging For Real?
- Why No Security Analytics Market? <- important read for VCs and investors!
- More On Big Data Security Analytics Readiness
- 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
- “Big Analytics” for Security: A Harbinger or An Outlier?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.