- “Magic Quadrant for Security Information and Event Management” (2014)
- “Critical Capabilities for Security Information and Event Management” (2014)
Some fun quotes from this year’s documents:
- “Broad adoption of SIEM technology is being driven by the need to detect threats and breaches, as well as by compliance needs.” and “Breach detection is the primary driver, and compliance remains a secondary driver.” [note the order – A.C]
- “SIEM is a $1.5 billion market that grew 16% during 2013 — with an expected growth rate of 12.4% during 2014.” and “During this period [past year], the number of Gartner inquiry calls from end-user clients with funded SIEM projects increased by 12% over the previous 12 months” [so, NO, SIEM is not doing away! – A.C.]
- “Analytics are an important [SIEM] capability to support the early detection of targeted attacks and breaches. […] Initial deployments of the “separate analytics back store” approach have been implemented by a small number of Type A companies.” [further confirming what I’ve been saying here and here – A.C]
- “The SIEM market is mature and very competitive. […] The greatest area of unmet need is effective targeted attack and breach detection. […]The situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics. ” [please use what you have first, then think of another box to buy. Remember: the more you spend on boxes, the less you have for people who will use them! – A.C.]
P.S. My add-on effort, a detailed SIEM Evaluation Guide is coming out shortly as well!!