Key Criteria for Evaluating Security Information and Event Management Solutionsv2.0

An Evaluation Guide for Technology Decision Makers

Table of Contents

  1. Summary
  2. SIEM Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Andrew Green

1. Summary

Security information and event management (SIEM) solutions consolidate multiple security data streams under a single roof. Initially, SIEM supported early detection of cyberattacks and data breaches by collecting and correlating security event logs. Over time, it evolved into a sophisticated system capable of ingesting huge volumes of data from disparate sources, analyzing data in real time, and gathering additional context from threat intelligence feeds and new sources of security-related data.

With more and more digital infrastructure and services becoming mission critical to every enterprise, SIEMs must handle higher volumes of data. Vendors and customers are increasingly focused on cloud-based SIEM solutions, whether software as a service (SaaS) or cloud-hosted models, for their scalability and flexibility. Compared to their on-premises counterparts, a fivefold increase in the number of alerts generated by a SIEM can easily be scaled in the cloud, while a similar change in on-premises deployments can require manual provisioning of additional infrastructure to support the increase.

As the nerve center of the security operations center (SOC), SIEM has been placed in a prime position to expand its capabilities through native developments, integrations with third-party security tools, or by consuming other tools altogether via mergers and acquisitions. An ongoing trend shows SIEM solutions integrating with security orchestration, automation, and response (SOAR) solutions, to create a product with deep end-to-end capabilities for managing security operations. This integration has launched a new category of products in the security market—automated security operations management (ASOM).

With increasing functions and responsibilities, SIEM is now balancing between a comprehensive portfolio of capabilities on the one hand and usability and user experience (UX) on the other, while recognizing an overlap with existing security tool deployments. With more interdependencies, IT buyers must be aware of how deploying a SIEM solution will impact their existing ecosystem of security products, as well as the cost and analyst experience.

The GigaOm Key Criteria and Radar reports provide an overview of the SIEM market, identify capabilities (table stakes, key criteria, and emerging technology) and evaluation metrics for selecting a SIEM platform, and detail vendors and products that excel. These reports will give prospective buyers an overview of the top vendors in this sector and will help decision makers evaluate solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

Full content available to GigaOm Subscribers.

Sign Up For Free