In Gartner's Magic Quadrant for Security Information and Event Management Technology report the rankings are graphed, with completeness of vision on the X-axis and the ability to execute on the Y-axis. The graph is sectioned into four quadrants with the "Leaders," the "Challengers," the "Visionaries" and the "Niche Players."
IBM Security QRadar was ranked highest in Gartner's annual Magic Quadrant for Security Information and Event Management (SIEM) Technology report, just out for 2014. In its report, the industry research firm rates 15 vendors on how their products address customers' needs for security intelligence and analytics, ranking them on their ability to execute and completeness of vision.
Gartner graphs the rankings, with completeness of vision on the X-axis and the ability to execute on the Y-axis. The graph is sectioned into four quadrants, with the upper-right quadrant the "Leaders," the upper-left the "Challengers" (strong execution but weaker on vision), the lower-right the "Visionaries" (strong on vision but weaker on execution), and the lower-left the "Niche Players."
IBM Security QRadar rated highest in the Leaders quadrant, followed by Hewlett-Packard, McAfee, Splunk and LogRhythm.
The Leaders
IBM Security's QRadar SIEM technology, "provides an integrated view of the threat environment using NetFlow DPI and full packet capture in combination with log data, configuration data and vulnerability data from monitored sources," Gartner said in its report. Additionally, feedback from IBM customers indicates that the technology is relatively straightforward to deploy and maintain in both medium-size and large environments."
QRadar is a good fit for mid-size and large enterprises that need general SIEM capabilities, and also for use cases that require behavior analysis, NetFlow analysis and full packet capture, according to the report.
Brendan Hannigan, general manager for IBM Security Systems. welcomed Gartner's rating.
"We believe Gartner's recognition helps validate IBM's approach to security that focuses on helping customers benefit from security intelligence and analytics, and overcome challenges created by fragmented point solutions," Hannigan said in a statement.
The Challengers
Two vendors occupy this quadrant: EMC (RSA) and NetIQ. RSA Security Analytics should be considered by organizations with high-security environments that have the staff to support a complex technology that requires extensive customization, and need both log-based monitoring and network-level monitoring for threat detection and investigation, Gartner said.
"[NetIQ's] Sentinel is a good fit for organizations that require large-scale security event processing in highly distributed environments (such as retail), and is an especially good choice for organizations that have deployed NetIQ IAM infrastructure and need security monitoring with an identity context," the report noted.
The Visionaries
AlienVault is the only vendor in this quadrant. "The AlienVault USM platform should be considered by organizations that need a broad set of integrated security capabilities at relatively low cost compared with other commercial offerings, and by organizations that want a commercially supported product that is based on open source," Gartner's report said.
The Niche Players
Topping the list of niche players are SolarWinds and TrustWave. Other vendors in this quadrant are Tibco Software, Tenable Network Security, Event Tracker, AccelOps and BlackStratus.
SolarWinds LEM is a good fit for small- or mid-size companies that require SIEM technology that is easy to deploy as well as companies that use other SolarWinds' operations monitoring components, Gartner said. Trustwave is a good fit for mid-size organizations that require a combination of compliance-oriented services and SIEM technology.
Overall Landscape
Gartner said in its report that the SIEM market is dominated by just a few large vendors — HP, IBM, McAfee, EMC (RSA) and Splunk — that command about 60 percent of market revenue. Other large vendors such as Tibco are also in the mix. There are still a few small vendors that are doing well, but Gartner said there would be "increasing stress on many of the small remaining vendors."
The number one reason businesses are adopting security information and event management technology is to detect data breaches, while compliance remains the secondary motive, Gartner said.
While the SIEM market is mature and competitive, the greatest area of unmet need is effective targeted attack and breach detection, Gartner said. But the situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics.
"SIEM is a $1.5 billion market that grew 16 percent during 2013 — with an expected growth rate of 12.4 percent during 2014," the report said. "During this period, the number of Gartner inquiry calls from end-user clients with funded SIEM projects increased by 12 percent over the previous 12 months."
NewsFactor
