In this Leadership Compass, we are looking at the latest SIEM solutions, which tend to be predominantly cloud-based services and continue to evolve as security management and intelligence platforms, incorporating innovative intelligence and automation capabilities.
While we recognize that the market continues to evolve and expand, with other segments like SOAR maturing in parallel, we observe the trend to incorporate these related capabilities into integrated, yet modular and flexible platforms that we consider to be next generation “intelligent SIEM" solutions that provide a high degree of visibility across modern IT environments and deliver a small number of key actionable insights for security teams.
Next-generation I-SIEM solutions are typically designed to cater for businesses of all sizes with the ability to scale as organizations grow, to support all modern IT environments across multiple locations, to automate and coordinate detection and response activities, and to enable security teams to get most out of the resources at their disposal to help address the shortage of cybersecurity skills.
There is also typically a focus on using a combination of real-time correlation, anomaly detection, and user behavior analytics to detect known and unknown threats and to identify related threat activities rather than raising isolated alerts. The most innovative solutions support intelligent decision-making, include sophisticated forensic tools, and support orchestration and automation for incident response. Some are also designed to maximize storage, search, and reporting capabilities, while minimizing the cost, and providing out-of-the-box (OOTB) pre-packaged content in the form of pre-written rules, analytics, and correlation policies to enable customer organizations to get immediate value.
The market for these modern security intelligence and automation solutions continues grow and evolve, with solutions gaining new capabilities, merging previously standalone tools into integrated platforms, and updating licensing policies to provide modern, scalable, and intelligent solutions to ensure that SIEM systems remain a core component of modern enterprise security architectures. While there are several new and smaller players in the market, I-SIEM offerings from larger vendors are likely to benefit as the market appears set to pursue a security vendor consolidation strategy due to reduced security team staffing, and in pursuit of improved security capabilities and improved risk management.
We expect these solutions to implement management on the application, not networking level, maintaining uniform policies regardless of location, even across the public Internet. We presume modern ZTNA solutions to be scalable without practical limitations, based on open identity and security standards, and agnostic to the specific application or network protocols.
The most important driver listed above is the lack of people with the information security skills required to use tools to monitor, analyze, and respond to cyber threats. This underlines the point that intelligent, next-generation SIEM solutions should not require a team of trained security experts to operate. Instead, they should provide actionable alerts that are understandable to businesspeople, a high degree of workflow automation, and a comprehensive end-to-end solution for the security operations center (SOC). Having the solution available as a managed service is crucial and will directly influence its rating.