Blog post

My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes

By Anton Chuvakin | August 18, 2015 | 0 Comments


My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded sections related to workflow, incident management, threat intelligence, analytics (of course!) and tightened a bunch of various loose ends. As a reminder, the document lists Required, Preferred and Optional requirements for a SIEM tool.

A few fun quotes are below – but really, this document is meant to be used (Excel tool is shipped with it), not perused:

  • “Customers must evaluate SIEM on functionality, implementation effort, maintenance effort, ease of operation, scalability up to a desired level, cost and the enterprise maturity of the solution — and must also take into account their monitoring goals and security operations process maturity. ”
  • “There is clear segmentation between vendors that commonly appear on enterprise SIEM shortlists (and thus capture the majority of enterprise deployments) and all others (that might also have a few enterprise customers).”
  • SIEM and threat intelligence feeds are a marriage made in heaven. Indeed, all SIEM users should send tactical threat intelligence feeds into their SIEM tools. ”


Other posts announcing research publication:

Comments are closed