KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Security Information and Event Management (SIEM) solutions have dominated the enterprise security market for nearly two decades, and even nowadays they are still widely used to power security operations centers (SOCs) in large companies or managed security services for smaller ones.
At the beginning of the Digital Transformation era, when perimeter-focused tools like firewalls were no longer able to protect corporate networks, the scope of cybersecurity was gradually shifting towards threat detection. Back then, SIEM tools were hailed as the ultimate solution to all security challenges.
With centralized collection and management of security-related data across all corporate IT systems and a set of rules to identify known malicious activities in that stream of security events, the only thing that remained was to analyze each finding and respond accordingly. In addition to providing visibility into the overall security posture, SIEMs serve as a convenient tool for compliance reporting.
Unfortunately, it did not take long to realize that SIEM solutions were failing in delivering on their promises, with companies deploying them facing multiple obstacles and challenges. High deployment and operational costs, consistent failures to react to modern cyber threats in time, and, last but not least, the growing skills gap to staff the security teams needed for efficient security operations were the most common problems of legacy SIEM solutions.
Even with fairly simple rule-based detection capabilities, traditional SIEMs tend to generate an overwhelming number of alerts with a high percentage of false positives. Lacking any risk scores or other meaningful metrics for their impact, they make it very difficult to prioritize analysis. When it comes to analyzing a discovered incident, traditional SIEMs offer few automation capabilities and usually do not support two-way integration with security devices like firewalls and thus do not make forensic investigations any easier for analysts, since their job remains largely manual and time-consuming.
For years, organizations have been looking for better alternatives to replace their aging SIEMs. Some experts have even proclaimed that SIEM as a concept is no longer relevant, and they should give way to modern alternatives, such as XDR – the emerging "Extended Detection and Response" technology. However, the SIEM market itself has also been constantly evolving in recent years, and modern products bear little resemblance to their ancestors.
Over the last decade or so, the security analytics market has undergone profound changes thanks to several groundbreaking technologies that emerged after the first generation of SIEM tools. These include such fundamental developments as Big Data frameworks, public clouds, and artificial intelligence, and machine learning. By incorporating these technologies into their products, as well as augmenting them with further new capabilities (such as user behavior analytics, intelligent decision support for analysts, sophisticated forensic tools, orchestration and automation for incident response, and so on), vendors can offer their customers substantially modernized, scalable and intelligent solutions and ensure that SIEMs remain a core component of modern enterprise security architectures.
The market for these modern security intelligence and automation solutions continues to evolve, with solutions gaining new capabilities, merging previously standalone tools into integrated platforms, and, last but not least, changing names, definitions, and licensing policies. Some vendors continue to offer these capabilities as separate products or platform modules – such as UEBA, SOAR, or even NDR – while others deliver various capabilities under the single overarching "Next-Gen SIEM" banner.
Companies looking for an upgrade for their aging SIEM solution now have to face a tough task – to look behind the alphabet soup of various security technologies, identify the most necessary capabilities that would address their specific requirements, and then choose a solution or a combination of solutions to modernize their security operations centers. Unfortunately, there is no universal recipe that would fit all possible customer sizes, industries, or geographies.
This Leadership Compass should be seen as an additional tool that can help you identify your requirements and map them onto capabilities offered by specific vendors, taking into consideration your scale, available skill set, and, of course, budget constraints.
