Today we have a guest blogger – Mark Nicolett gives his thoughts on what Gartner is up to with the Security Information and Event Management (SIEM) Magic Quadrant for 2009:
We (Kelly Kavanagh and myself) have just published the Gartner 2009 SIEM Magic Quadrant and a companion Critical Capabilities research note. The Gartner SIEM magic quadrant has an impact on SIEM technology providers and on SIEM deployment service providers, and so we can expect external commentary by these vendors that promotes their particular business interest in the segment. In light of this and recent changes in the market, I thought it would be a good time to review our advice on how to use our research.
The 2009 SIEM magic quadrant evaluates 21 vendors. We show 9 as leaders, 4 as visionaries, 3 as challengers, and 5 as niche. Vendors that are in the leaders or visionary quadrant meet the major functional requirements of the broad SIEM market. Leaders are generally the vendors we see driving the market, and have critical mass in terms of general viability, SIEM customer base, revenue and growth. Visionary vendors have scored lower in ability to execute (most often due to smaller company size or installed base or growth rate) as compared to leaders.
The SIEM market is maturing. Many vendors now provide capabilities that meet the general requirements of the majority of customers, and customer requirements have been evolving slowly. As a result, there has been a general improvement of vendor vision scores. In addition, many vendors have fewer cautions based on functional limitations than in the past. We have however expressed a concern about the viability of smaller externally funded vendors in the current environment
Given the large number of vendors in the quadrant and decreasing functional differentiation, how should Gartner clients use our research to make a determination about best fit to their environment ? In addition to the execution and vision evaluation, the Magic Quadrant research note provides a description of each vendor’s offering, approach to the market and product strategy. It also provides guidance on company and technology strengths and cautions. However, given the page limits of Magic Quadrant research notes, we can’t put all the information we collect into the MQ.
So, in addition to the Magic Quadrant, we have also published a Critical Capabilities research note for the 11 largest SIEM vendors that evaluates specific SIEM technology functional capabilities (log management, compliance reporting, security event management, user and resource access monitoring, deployment and support simplicity) with respect to the three major use cases (compliance, threat management, overall SIEM deployment). The critical capabilities research should be used to identify SIEM technology offerings that are the best fit to a company’s requirements and uses cases.
The written research is intended as a starting point for a product selection decision. We really encourage Gartner clients to use our inquiry process to augment your use of the published research. The idea is to get on the phone with us so that we can provide more specific advice based on the client’s environment. We typically spend more than half our week talking with Gartner clients – a 30 minute conversation will often save you hours, if not days, of effort.
1 response so far ↓
1 How to use Gartner’s SIEM MQ « eIQviews // Jun 16, 2009 at 8:59 am
[...] Nicolett hijacked John Pescatore’s blog for a day to clarify how to use the MQ. In the post, he describes leaders and visionaries: “Vendors that are in the leaders or [...]
Leave a Comment