Every year the SIEM industry holds its breath for Gartner’s SIEM Magic Quadrant report. And for good reason. Gartner coined the term SIEM in 2005 and is still an authority on the SIEM industry. The 2020 report holds some words of wisdom vendors should heed. Here are my three main take-aways:
Vendors are tone-deaf to the needs of customers.
The second sentence in the report – after the definition of SIEM – is this: “Users should balance advanced SIEM capabilities with the resources needed to run and tune the solution.”
What Gartner analysts Kelly Kavanagh, Toby Bussa and Gorka Sadowski are saying, more politely, is that SIEM vendors are often in love with their shiny new technologies and tone deaf to the needs of customers. In their words, " Despite the vendor focus on expansion of capabilities, we continue to heavily weight simplicity of deployment and ongoing support. Users, especially those with limited IT and security resources, still value this attribute over breadth of coverage beyond basic use cases. SIEM products are complex and tend to become more so as vendors extend capabilities. Vendors able to provide effective products that users can successfully use as a service, or deploy, configure and manage with limited resources will be the most successful in the market.”
SIEMs got an “F”
The SIEM market is healthy and growing, reaching $2.597 billion in 2018. Organizations of all sizes are implementing SIEM solutions for breach detection, threat management, monitoring and compliance. However, “We continue to see organizations of all sizes that are reevaluating SIEM vendors to replace SIEM technology associated with incomplete, marginal or failed deployments.”
We at empow have been saying this for a long time – SIEM has failed to deliver on its promises. The unsustainable burden of implementing and managing most SIEM solutions make them impossible to manage, and ultimately almost totally lacking in value. We see this every day, when we replace SIEMs like LogRhythm, QRadar and others. Especially for mid-sized organizations with small security teams, managing most SIEMs effectively is simply impossible (which they realize after pouring many thousands of dollars into unsuccessful SIEM projects).
There are new ways of doing things
The high cost and complexity of SIEM solutions are driving organizations to look beyond the pool of usual SIEM suspects for collecting and analyzing log data. According to the Gartner report, the “leading” alternative direction is the Elastic Stack. The report also lists a small group of vendors in this arena – for the first time mentioning empow in the Magic Quadrant report – who are able to provide alternative solutions that provide logs collection and security analytics without the complexity and cost that comes with the big SIEM vendor solutions.
The report lists other trends – the migration towards cloud-based solutions, and the services model – among others. But throughout the report the main theme that comes up time and time again, and drives many of the trends, is the unbearable complexity and cost associated with SIEM solutions today. Only those companies that can provide real security value without becoming nightmares, have a real future.