Gartner Blog Network

My SIEM Papers Are Out

by Anton Chuvakin  |  January 7, 2013  |  1 Comment

It is with great excitement that I have to announce the release of my two papers on Security Information and Event Management (SIEM):

Think of the first paper as of “a missing SIEM program manual.” It contains 39 pages of guidance on architecting, deploying, operating  and expanding your SIEM deployment.  The paper does not cover vendors and product selection. A few quotes follow below:

  • "Using security information and event management (SIEM) requires much more than just buying technology. Understanding how to properly design and run SIEM is critical to avoiding the costly mistake of an ineffective or failed deployment”
  • “Many an SIEM deployment turns out ineffective or overly expensive due to poor planning and execution. This is because, even with today’s mature product choices and proven deployment options, using SIEM requires more than just out-of-the-box technology.”
  • “SIEM tools have been, and are expected to remain, a central point for security monitoring within enterprises. Building, operating and growing an SIEM solution — particularly as part of a larger security monitoring and assessment architecture — is not an easy exercise.”
  • “To maximize the often large investment and minimize the risk, organizations must perform the following steps: define scope, use cases and requirements; select the right product to fit these criteria; use a phased deployment approach; define SIEM users’ roles and skills; create processes that use or support SIEM; and tune and refine the uses cases and SIEM deployment over time.”

Think of the second paper as of a in-depth look at today’s SIEM technology and market, as relevant to large enterprises. A few quotes follow below:

  • “Security information and event management (SIEM) is a pivotal and widely used security technology, yet many enterprises struggle to get value from their often expensive deployments. Deeply understanding SIEM technology and products is critical to success.”
  • “The SIEM market continues to be populated by many vendors, despite incessant predictions of consolidation. Having 20 vendors in the market does not mean that all of them compete for large enterprise deals.”
  • “SIEM tool’s enterprise maturity criteria is important: An SIEM product that has been developed and then refined over many years is a better fit for environments where security processes were also refined over years.”

Enjoy! These are by far my favorite research pieces I’ve created in my 16 months at Gartner.

P.S. Access to the papers require Gartner for Technical Professionals (GTP) subscription.

Related posts:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: security  siem  

Tags: security  security-monitoring  siem  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on My SIEM Papers Are Out

  1. Olesya says:

    Hello, Anton. I am glad that your work on SIEM continue. I am very interested in your thoughts, but unfortunately there is no registration for Gartner. I’d be happy if you make a New Year’s gift in the form of two recent publications 🙂

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.