Blog post

My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes

By Anton Chuvakin | August 18, 2015 | 0 Comments


My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded sections related to workflow, incident management, threat intelligence, analytics (of course!) and tightened a bunch of various loose ends. As a reminder, the document lists Required, Preferred and Optional requirements for a SIEM tool.

A few fun quotes are below – but really, this document is meant to be used (Excel tool is shipped with it), not perused:

  • “Customers must evaluate SIEM on functionality, implementation effort, maintenance effort, ease of operation, scalability up to a desired level, cost and the enterprise maturity of the solution — and must also take into account their monitoring goals and security operations process maturity. ”
  • “There is clear segmentation between vendors that commonly appear on enterprise SIEM shortlists (and thus capture the majority of enterprise deployments) and all others (that might also have a few enterprise customers).”
  • SIEM and threat intelligence feeds are a marriage made in heaven. Indeed, all SIEM users should send tactical threat intelligence feeds into their SIEM tools. ”


Other posts announcing research publication:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed