Blog post

Our 2017 SIEM Research Papers Publish

By Anton Chuvakin | October 31, 2017 | 0 Comments


Our Summer of SIEM is now fully over since all documents we developed have published. All documents below require Gartner GTP subscription. They are:

Because only one document is 100% new, here are some fun quotes from “Selecting and Deploying SaaS SIEM for Security Monitoring”:

  • “SaaS SIEM does not necessarily offer improved detection or analysis over on-premises SIEM. Clients value SaaS SIEM because it enables them to focus on using the tool instead of maintaining it”
  • “A traditional SIEM software deployed by a vendor or its partner on the client’s behalf does not fall under the SaaS SIEM definition. […] SaaS SIEM is SIEM software delivered from the cloud via a SaaS model.”
  • “Compare SaaS SIEM tools not only against each other, but also against on-premises SIEM tools. […] SaaS SIEM vendors are less mature, so don’t assume they have all the basics covered.”
  • ”SaaS SIEM inherits some of the traditional SIEM prerequisites for success, while removing and taking care of others due to the nature of SaaS. SaaS SIEM also has its own prerequisites for success.”

Also, this year we decided not to update our all-time favorite SIEM document: “Security Information and Event Management Architecture and Operational Processes” [it remains in its 2016 edition – but we still consider to be the most important SIEM reading on the planet :-)].

Related blog posts are:

Comments are closed