Blog post

Is there an ‘Alt SIEM’ Market?

By Avivah Litan | July 14, 2017 | 1 Comment

Not every solution fits into a neat market box. In the past year or so, I – and I am sure others — have struggled to characterize some vendors who detect security threats, including external hacks and insider threats using advanced security analytics. They don’t fit neatly into any of the defined market categories that use advanced security analytics. See figure 1.

Figure 1: Security Domains with Advanced Security Analytics and Machine Learning


They are not SIEM or standalone UEBA vendors because:

  1. they have their own proprietary technology (usually an endpoint agent or a network tap) that is a ‘must have’ data feed to their analytics
  2. they target security use cases only – typically insider threats or hacker detection – and stay away from compliance
  3. they have advanced analytics that go well beyond rules and heuristics into supervised and unsupervised machine learning models that improve detection capabilities.

There are numerous vendors in this category – and they struggle to fit into a named market.  Some smaller or startup vendors that seem to fit into this un-named category include Empow Networks, SecDo, and SS8. Also fitting in, in my opinion, are some combinations of packages from more established and larger security vendors, such as Rapid7 (InsightIDR), BAE Applied Intelligence, RSA, Symantec, Verint and others.

These Alt-SIEM platforms don’t replace SIEM – as they don’t purport to monitor a comprehensive roster of security events and they certainly don’t support compliance use cases.  The bottom line though is that they are attractive propositions for advanced insider or hacker threat detection, especially for companies who don’t own SIEMs.  And it would help if there were a named market category they could attach themselves to. Wondering what you think of ‘alt-SIEM’?

Comments are closed

1 Comment

  • So hard to put a consistent label on vendors in our space. A lot of overlap of varying degrees. The state of cybersecurity vendors reminds me of digital marketing vendor landscape of 5+ years ago or so. Like infosec, digital marketing tech had so many various areas of functional specialty and began a frenzied process of cross-over and consolidation. Likewise, here we have SIEM, UEBA, MDR/EDR, Threat Intel, Honeynet, IDS, Vulnerability Assessment… and the list goes on. What was once a 1:1 mapping of company:capability, is rapidly becoming a thing of the past. Today, in Marketing we have the Customer Experience Management (CXM) platforms. Perhaps, now in Cybersecurity we’re simply heading toward Cyber Security Management (CSM) platforms.