Blog post

My SIEM Papers Are Out

By Anton Chuvakin | January 07, 2013 | 1 Comment


It is with great excitement that I have to announce the release of my two papers on Security Information and Event Management (SIEM):

Think of the first paper as of “a missing SIEM program manual.” It contains 39 pages of guidance on architecting, deploying, operating  and expanding your SIEM deployment.  The paper does not cover vendors and product selection. A few quotes follow below:

  • "Using security information and event management (SIEM) requires much more than just buying technology. Understanding how to properly design and run SIEM is critical to avoiding the costly mistake of an ineffective or failed deployment”
  • “Many an SIEM deployment turns out ineffective or overly expensive due to poor planning and execution. This is because, even with today’s mature product choices and proven deployment options, using SIEM requires more than just out-of-the-box technology.”
  • “SIEM tools have been, and are expected to remain, a central point for security monitoring within enterprises. Building, operating and growing an SIEM solution — particularly as part of a larger security monitoring and assessment architecture — is not an easy exercise.”
  • “To maximize the often large investment and minimize the risk, organizations must perform the following steps: define scope, use cases and requirements; select the right product to fit these criteria; use a phased deployment approach; define SIEM users’ roles and skills; create processes that use or support SIEM; and tune and refine the uses cases and SIEM deployment over time.”

Think of the second paper as of a in-depth look at today’s SIEM technology and market, as relevant to large enterprises. A few quotes follow below:

  • “Security information and event management (SIEM) is a pivotal and widely used security technology, yet many enterprises struggle to get value from their often expensive deployments. Deeply understanding SIEM technology and products is critical to success.”
  • “The SIEM market continues to be populated by many vendors, despite incessant predictions of consolidation. Having 20 vendors in the market does not mean that all of them compete for large enterprise deals.”
  • “SIEM tool’s enterprise maturity criteria is important: An SIEM product that has been developed and then refined over many years is a better fit for environments where security processes were also refined over years.”

Enjoy! These are by far my favorite research pieces I’ve created in my 16 months at Gartner.

P.S. Access to the papers require Gartner for Technical Professionals (GTP) subscription.

Related posts:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • Olesya says:

    Hello, Anton. I am glad that your work on SIEM continue. I am very interested in your thoughts, but unfortunately there is no registration for Gartner. I’d be happy if you make a New Year’s gift in the form of two recent publications 🙂