Security information event management (SIEM) and log management products are gaining a strong following as enterprise organizations look for techniques to defend against advanced threats and persistent hackers. As cyber attacks become more sophisticated, organizations are implementing security products, such as SIEM, to protect their virtual and physical assets. Large organizations leverage SIEM to gain the continuous security intelligence needed to protect against threats that inevitably defeat antivirus, intrusion detection systems (IDS), network behavior analysis devices, and firewall defenses.
KEY QUESTIONS ANSWERED
- How can I tell earlier if my network is being victimized by a cyber-attack?
- How can I better drive the costs out of complying with government and industry security regulations?
- What are the major opportunities in the SIEM/LM security segment?
- Who are the leading SIEM/LM vendors? Who are the upstarts to keep an eye on?
- What are the financial profiles of the SIEM/LM market? Is the market growing or contracting?
- What are the major trends being established by the SIM/LM market leaders?
Log Management (LM)
The collection, administration, and archiving of cyber-information-tackles the Big Data problem. Frost & Sullivan considers LM to provide the foundation for continuous compliance and SIEM analysis.
Types of information collected include:
- Security events from sources such as firewalls, intrusion detection & intrusion prevention systems, and host-based antivirus are collected in centralized systems by LM.
- Network flows provide information on communications within the network - essential for tracing an attack.
- Application logs, from Web servers, application servers, and database servers, for example, provide operations information.
- Management feeds including Syslog and Simple Network Management Protocol (SNMP) provide standardized mechanisms for delivering information to Log Management.
- Custom-developed connectors for translating proprietary protocols and delivering custom information to LM are developed and deployed when necessary.
Security Information and Event Management (SIEM)
The continuous correlation, analysis, and reporting of security and operational information—tackles the Security Intelligence problem.
Frost & Sullivan considers SIEM to be essential in translating the information stored within LM into actionable intelligence.
For many vendors, SIEM includes LM features.
SIEM will drive the inclusion of more information into LM, including:
- Threat feeds with profiles of newly discovered cyber-attacks. Security teams use threat feeds to measure the risk of new attacks to their businesses and to take preventive actions before security signature updates are created.
- Vulnerability scans, targeted at specific resources on demand by SIEM, allow IT to embark on continuous compliance and monitoring programs.
- Business intelligence and analytic systems allow IT operations to associate security actions with business priorities.
* Please note that due to updates, this product may take up to 48 Hours to deliver.
Total SIEM/LM Market
- External Challenges: Drivers and Restraints
- Forecast and Trends
- Market Share and Competitive Analysis
Leading SIEM/LM Vendor Profiles
Mega Trends and Industry Convergence Implications
The Last Word
- Security Information and Event Management/Log Management (SIEM/LM) is considered a mature market with little competitive movement among the top revenue-producing companies. SIEM/LM is very much a displacement market (i.e., one vendor’s product replacing another) and it is also common to see an incumbent SIEM positioned as a data feed to a competing vendor.
- The primary driver at the high end of the market is continuous security intelligence to protect against threats that inevitably defeat antivirus (AV), intrusion detection & intrusion prevention system (IDS/IPS), network behavior analysis devices (NBAD), and firewall (FW) defenses.
- The primary driver at the low end of the market is compliance with regulatory mandates at lower price points. In this market segment, vendors follow a cloud-delivery model to capture new SIEM/LM businesses where there is no incumbent to displace. Incremental features will be added over time to appeal to more than first-entry SIEM/LM customers.
- Unlike other security sectors, the federal government represents the leading vertical for many vendors, a trend that will continue through 2017 with increasing cybersecurity budgets, though there is always the risk of government budget cuts.