A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS SIEM” products on the market and I wanted to quickly mention them here, as a part of my current cloud security monitoring research.
To me [and that is an important point – this is not yet our published research position], these products below fit under “almost cloud SIEM”, listed in no particular order:
- FireEye Threat Analytics Platform (TAP)
- Splunk Cloud with Enterprise Security App installed
Since I am already deviating from my personal rule of “not mentioning vendors by name on the blog”, I will not go into details as to why I think these are indeed close enough to be SaaS SIEM. Frankly, both their “cloudiness” (such as rapid provisioning, scaling, on-demand, multi-tenancy, etc) and their “SIEMness” (such as near-real time correlation, search, reports, security content, etc) are both present.
Naturally, a cloud SIEM is well-suited for doing cloud security monitoring (hence my interest now!) and the above tools have indeed been used for things like AWS / IaaS security monitoring – some for years.
On the other hand, these are NOT really cloud SIEM (even though some people mistakenly think that it is):
- A traditional SIEM that somebody runs for you at their site (this is hosted SIEM, nothing “cloudy” about it)
- A traditional SIEM that you run on some IaaS like AWS (this is a regular SIEM, just located over there)
- Broad scope (i.e. not security focused) SaaS-delivered log management (this is not SIEM, by definition)
- MSSP where the security analysts are asleep at the wheel or left for a long vacation 🙂
There you have it – just clarifying here.
Will there be more cloud SIEM in the future? I am almost certain of it….
P.S. Vendors, if you think you have a real cloud SIEM, please argue!
Related blog posts:
- Cloud Security Monitoring … Revisited (aka It Is Not 2012 Anymore!)
- My Cloud Security Monitoring Paper Publishes! (2012)
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.