Our SIEM Futures Paper Publishes!

“Security Information and Event Management Futures” paper by myself and Ramon Krikken is up on the Gartner site – go and grab it there. Abstract follows below:

“Security information and event management (SIEM) is the principal technology used for security monitoring by enterprises today. This assessment predicts the directions for this technology in the next two to three years and highlights five primary trends that will define the SIEM tools of the near future.”

Here are a few (and I mean it – ONLY a few) fun quotes:

• “SIEM tools have been, and are expected to remain, a central point for security monitoring within enterprises.”
• “SIEM faces opportunities for growth in five core areas: new types of log and context data, shared intelligence, novel analytic algorithms, monitoring of emerging environments, and application security monitoring.” <- one of the central points of the paper!
• “SIEM is a security technology, but it is also a data management technology. In addition to being a data management technology, SIEM is inherently a data analysis technology. This will continue to drive its evolution.”
• “Before evaluating and deploying capabilities of SIEM tools and other monitoring solutions, organizations need to realize that newly emerging IT environments must be covered by security monitoring.” (see this for details)

If you don’t have a subscription, please enjoy my blog posts from the same research project:

• Many Faces of Application Security Monitoring 
• More on Application Security Monitoring

Finally, I will be working on another piece of SIEM research (focused on the present, not future) in Q3 2012. It is time to address SIEM architecture, deployment planning, and key aspects of SIEM operations in a detailed GTP-style document!