Not every solution fits into a neat market box. In the past year or so, I – and I am sure others — have struggled to characterize some vendors who detect security threats, including external hacks and insider threats using advanced security analytics. They don’t fit neatly into any of the defined market categories that use advanced security analytics. See figure 1.
Figure 1: Security Domains with Advanced Security Analytics and Machine Learning
They are not SIEM or standalone UEBA vendors because:
- they have their own proprietary technology (usually an endpoint agent or a network tap) that is a ‘must have’ data feed to their analytics
- they target security use cases only – typically insider threats or hacker detection – and stay away from compliance
- they have advanced analytics that go well beyond rules and heuristics into supervised and unsupervised machine learning models that improve detection capabilities.
There are numerous vendors in this category – and they struggle to fit into a named market. Some smaller or startup vendors that seem to fit into this un-named category include Empow Networks, SecDo, and SS8. Also fitting in, in my opinion, are some combinations of packages from more established and larger security vendors, such as Rapid7 (InsightIDR), BAE Applied Intelligence, RSA, Symantec, Verint and others.
These Alt-SIEM platforms don’t replace SIEM – as they don’t purport to monitor a comprehensive roster of security events and they certainly don’t support compliance use cases. The bottom line though is that they are attractive propositions for advanced insider or hacker threat detection, especially for companies who don’t own SIEMs. And it would help if there were a named market category they could attach themselves to. Wondering what you think of ‘alt-SIEM’?