Gartner Blog Network


Is there an ‘Alt SIEM’ Market?

by Avivah Litan  |  July 14, 2017  |  Submit a Comment

Not every solution fits into a neat market box. In the past year or so, I – and I am sure others — have struggled to characterize some vendors who detect security threats, including external hacks and insider threats using advanced security analytics. They don’t fit neatly into any of the defined market categories that use advanced security analytics. See figure 1.

Figure 1: Security Domains with Advanced Security Analytics and Machine Learning

AltSIEMslide

They are not SIEM or standalone UEBA vendors because:

  1. they have their own proprietary technology (usually an endpoint agent or a network tap) that is a ‘must have’ data feed to their analytics
  2. they target security use cases only – typically insider threats or hacker detection – and stay away from compliance
  3. they have advanced analytics that go well beyond rules and heuristics into supervised and unsupervised machine learning models that improve detection capabilities.

There are numerous vendors in this category – and they struggle to fit into a named market.  Some smaller or startup vendors that seem to fit into this un-named category include Empow Networks, SecDo, and SS8. Also fitting in, in my opinion, are some combinations of packages from more established and larger security vendors, such as Rapid7 (InsightIDR), BAE Applied Intelligence, RSA, Symantec, Verint and others.

These Alt-SIEM platforms don’t replace SIEM – as they don’t purport to monitor a comprehensive roster of security events and they certainly don’t support compliance use cases.  The bottom line though is that they are attractive propositions for advanced insider or hacker threat detection, especially for companies who don’t own SIEMs.  And it would help if there were a named market category they could attach themselves to. Wondering what you think of ‘alt-SIEM’?

Category: 

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.