I'm Warwick Ashford, and I hope you're going to enjoy the next while with me. We're going to go through some of the results that I found on my romp through my Intelligent SIEM Platform Leadership Compass. So I hope you're with me now. I'll just get going here now. You're all muted centrally, so some housekeeping things, you were all muted centrally, so we are controlling these features. No need to mute or unmute yourself.
We'll run a few polls during the webinar, because we just want to find out what people think and where you are with your implementations, so we can discuss the results of that at the end. There will also be a Q&A session at the end of the webinar. You can enter these questions at any time using the Cvent control panel. You should see at the bottom of your screen several options. Please just go to the Q&A section and put your questions in there, rather than the chat, because I probably won't see those. So please just put the questions into the Q&A section.
And we are recording this webinar, and the recording and the presentation slide decks will be made available for you in the coming days. So you don't have to worry too much about taking copious notes. That will be all sent to you. So a quick look at the agenda. We'll have a quick overview over the Intelligent Siem Marketplace. I'll tell you about the evaluation criteria that I used for the Leadership Compass. I'll tell you a little bit more about how we write Leadership Compasses, the methodology and the categories that we looked at.
And then finally, some looks at trends and innovations around the Intelligent Siem space. And then after that, we'll end up with looking at the polls and then the Q&A section. So why is Siem still relevant?
Well, I think that over the years, they've had a sort of differing reputation, but they are still relevant because they fall gathering, analyzing and correlating security events from multiple sources. So they provide a centralized overview of all the security-related events across the whole enterprise. And so that's as relevant now as it ever was. People still need that centralized overview, that analyze and correlate security events from all the sources across. We also need to raise alerts and provide tools for forensic analysis.
And Siems have served as a focal point of security operation centers, or SOCs, to support threat detection, investigations, incident management and regulatory compliance. So these are all things that most organizations are doing on a regular basis now. And there's an increasing demand for most of them, in fact.
However, there are several challenges with traditional Siems. The most significant limitations of these traditional Siems are the fact that they're expensive to run. They normally require quite a few people to be involved, and that's where the expense starts to come in.
Also, they don't scale easily or economically. Lots of organizations have found it very difficult to scale their Siem solutions as the organization has grown, and they found it not very economically, or they found it expensive to do, because suddenly they're having to buy extra capacity.
Also, they cannot deal with the volume of logs being generated. Now, business IT environments are very different to what they were around 20 years ago when the first generation of Siems emerged.
And so, although there have been several iterations of Siems since then, the more traditional ones just cannot cope with the volume of logs being generated by modern enterprises. Traditional Siems cannot easily manage and store large volumes of data.
So, that's related to the fact that logs are going up as well. And they cannot prioritize alerts for investigation. There's no prioritization. It's just presenting the information for the analysts to follow up and have a look at. And there are often challenges with integration with other security systems.
So, organizations that invested earlier on are finding it difficult to get information from other security systems and come up with an overall picture of what's going on in the security environment. And typically, the older Siem solutions lacked automation capabilities. There was just no help for the analysts. They were having to do things mostly manually.
So, what has changed? I've alluded to that a bit. There's increased reliance on IT and data. And that means that the attack surface has expanded massively, mainly with digital transformation.
So, if you think now we have mobile devices, most organizations are using cloud services, but not just one cloud, they're in multi-cloud implementations, not to mention organizations that are now using things like edge computing and so on. In addition to that, we're adopting flexible working.
Obviously, the pandemic has accelerated that. Even in areas that it wasn't acceptable before, it's now suddenly acceptable because during the pandemic, it was necessary.
So, now people are working from home and just about everywhere else. And in doing so, they're using their own devices to do that, their work.
And so, all this has increased the attack surface. In addition to that, industrialization of cybercrime and the proliferation of threats. We are seeing more and more now that cybercriminals are becoming as organized as legitimate business. They have production schedules and times, and a lot of the researchers have been able to track these across the world. They have different times that they clock on and that they clock off. And they also operate a follow-the-sun model with organizations across the world helping to drive the cybercrime industry, as it were.
Of course, then there's the shortage of skilled cybersecurity professionals. And so, getting an army of people to run your SIEM solution is just no longer practical, not only from a cost point of view, but the fact that there just are no people available is very difficult to get in the skills that are required. There's just a lack of headcount.
So, the bottom line is that traditional SIEMs are no longer effective for all of these reasons. So, security information and event management systems have evolved, and they've evolved by incorporating new technologies, such as data analytics. These things were not in existence or were not very mature when SIEM systems were introduced, and all the evolutions of SIEM systems have not necessarily kept pace with new technologies, such as data analytics, big data.
And, of course, now we have machine learning and other forms of artificial intelligence or AI. AI is kind of the buzzword at the moment. Everybody's looking to incorporate AI in some way to make their operations smoother and more efficient. And so on.
Also, the adoption of cloud services has meant that SIEM solutions can now use those cloud services to offer a more easily deployable solution and a more flexible solution. And then advanced security orchestration, automation and response, or SOAR, has matured, but we're increasingly seeing that incorporated into what we are calling intelligent SIEM platforms. So next generation capabilities are now appearing. They're merging previously standalone tools like behavior analytics and SOAR into a single integrated platform.
So one of the biggest challenges for security operation centers is that analysts were having to use several tools to do their job. Whereas the idea now behind these intelligent SIEMs or these next-gen SIEMs is that everything is available in one platform. So they're not having to work across multiple tools to cobble together a picture of what's going on in their environment. These new technologies provide functionality to reduce false positives.
Now, that was one of the big problems with the traditional SIEMs is that, yeah, sure, they correlated all this information from across the environment, but then they generated loads and loads of false positives that had to be either excluded or had to be investigated so that they could be excluded. And the result was that organizations tended to just ignore the alarms that they were getting because so many of these were false positives. Another functionality is to filter and prioritize security threats.
So this is where the intelligent SIEMs are reducing the manual component of using a SIEM solution. They're able to filter the threats and then prioritize them so that analysts are not having to look through every single threat that's being potentially identified. They can just look through the top five or so. Another important hallmark of intelligent SIEM platforms is that they are automating analyst workflows. So as I've already been saying, it's work of the analyst needs to be a lot less manual.
Things are being automated that previously had to be done painstakingly by the analyst, time-consuming and error-prone. And the result of all of that is that analysts can respond quicker to security threats. So the summary of that is that intelligent SIEMs typically improve the speed and efficiency of analysts in triage processes, investigations, analysis, and remediation to support a proactive approach to cyber defense.
And that was the reason the title for today's webinar presentation is that SIEMs are now pulling together all the information and capabilities to not only identify threats, but also to remediate them that security operations people need. And so that it's making it a much more proactive approach because by identifying chains of events, for example, as a threat, organizations can proactively deal with that rather than waiting for a security incident. I've already mentioned machine learning and other forms of AI.
So in general, in the industry, we're seeing AI as being the role of human augmentation. But in the context of SIEMs, let's just look what they're doing. So they're improving the accuracy of detections. This means that because they can look across the entire estate, they can look across historical events and so on. They're reducing the false positives by just saying, yes, we've seen this before. It led to an incident. It was definitely connected to malicious activity. This is something you need as the human to investigate. So that's a great improvement.
So as I mentioned, they've eliminated false positives and they can automatically do risk scoring. This is something which is invaluable to analysts because they don't have to worry about the lowest risk scores at all. Or they can attend, they can prioritize their work, in other words. Another thing with AI is that it identifies patterns and anomalies that human beings could never do. It's just it's almost impossible for human beings to look across all sorts of disparate sources of information and say, oh, yes, here is a pattern. Whereas AI can do that.
That's one of the things that it does very efficiently. And so that has been a great improvement. So once again, it reduces the alerts by correlating related events. Rather than raising five different alerts, it can say these five alerts are connected to this malicious activity that needs to be investigated. So once again, saving time and effort. They enable real-time analysis of network traffic. That's also something that wasn't possible for humans in the past. And they enrich data with business-related context information and threat intelligence.
So they look at things like impossible travel and that kind of thing and who should be doing what. And if anything is out of the ordinary, then it will raise an alert. And then they can also bring in threat intelligence, internal threat intelligence, external threat intelligence. But this also goes towards what I mentioned earlier, improving the accuracy of detections because it's based on a lot more information that can be assimilated very quickly and correlated quickly by artificial intelligence.
Another important innovation with intelligence seems is that they can guide decisions or investigations. So they can direct analysts in a certain direction and say, well, look, this is what you should investigate first. This is how you could go about it. This is what has worked in the past. These are the kinds of attacks we've seen in the past. So the analyst is no longer alone. They've got this guide where they do not need to make decisions on their own and their investigations can be smoothed and sped up because they're getting prompts from the SIEM system.
Mapping alerts to known tactics and techniques. This is also extremely useful. We've seen a lot of innovation in this area where if certain frameworks are being used, the SIEM system can, using its AI component, say this maps to this specific kind of attack, this well-known attack. So these are the known indicators and these are the known actors and these are the known remedies. Another area is search functionality.
Often it has been difficult for analysts to use SIEMs because they've had to be very proficient in query languages of some kind, whereas we're seeing now with intelligent SIEMs, the search functionality is far more supported. It doesn't rely just on the analyst's ability to come up with the right search queries. So as I've just said, there's no need to master a query language. So typical characteristics of iSIEM solutions, they work well across on-prem, cloud, multi-cloud, and hybrid environments, which is extremely important in this day and age.
They integrate well with all data sources, intelligence sources, and existing security technologies, which is really useful and protects existing investments. They facilitate relatively quick and easy implementations. I think this is one of the biggest problems with SIEMs in the past is that the implementation periods were really long. It took a long time to tune these to individual environments and there was often a lot of cost involved in this with consultants and so on. They also collect and parse security data from multiple sources in various formats.
So now, this speaks to the preliminary question that speaks to the proliferation of devices and services that I was speaking about earlier in the explosion of the attack surface, is that now intelligent SIEMs usually can collect data from many more sources than traditional SIEMs, and they can parse that and use it to come up with useful information for analysts.
That data is enriched with additional context from internal threat intelligent feeds and that it assigns risk scores to each incident, which I mentioned already, and they apply data analytics and machine learning algorithms to detect patterns and outliers in the collected data. So, the value of this is that if there is a previously unknown threat, it can flag that up rather than relying on something that has happened in the past. And finally, they provide built-in or tightly integrated tools for incident response and threat remediation.
So, as I said earlier, analysts are not having to break out of the SIEM environment and go off and find some other forensic analysis tool or some incident response tool or some other tool to block a process or something like that. It can all be done from within the intelligent SIEM platform. I've just included this in the slide deck as some of the drivers for the adoption of SIEM solutions. I'm not going to go through them right now because I've mentioned many of them already. I've just put them there so that they're there for your reference in the slide deck.
So, we've come to our first poll question and I'll be really interested to see what the answers are here. The question is, has your organization considered upgrading to a next generation intelligent SIEM solution?
So, please can you fill in your answers in the poll section? And answer A is yes, actively evaluating options.
B, yes, planning to upgrade in the near future. No, not currently considering an upgrade or if you're not sure.
So, I'll just give you a second or two just to put in the answers for that poll question and hopefully we'll be able to review your answers at the end. So, hopefully you've done that now. Let's go on to the next item on the agenda, which as promised was the evaluation criteria that we use for our leadership compasses.
So, for each leadership compass that we do at Cupid and Cacole Analysts, we start with a list of required capabilities. And now for the iSEEM leadership compass, the required capabilities were as follows. Is the solution that we're looking at capable of doing real-time or near real-time detection of threats? Are they capable of correlating real-time and historical data to identify malicious operations?
So, this is kind of almost the learning component, because if something has been seen in the past and it was benign, then it's less likely to be flagged up to the analyst. But if it's been seen in the past and it turned out to be malicious, then you're getting the more accurate result there in terms of it's a valid alert. This is something that the analyst needs to look at. I mentioned this a few times already, there are fewer alarms and false positives.
So, we looked for that in the solutions that we examined. Is there automation for analysis and remediation workflows? And is there integrated forensic and incident response management capabilities? And these were the main things that we looked at. In addition, we had several key evaluation criteria and this produced the spider graphs, which you will see in the report if you have a look, and I really encourage you to go along and have a look at the report itself.
So, we looked at data collection, and this mainly looked at what kinds of data can the solutions collect? Are they able to collect across all the sources that are found in modern organizations? Correlation and enrichment, to what extent were they able to correlate the findings and enrich this with the contextual business and other data and threat intelligence and so on? What were their threat detection capabilities? What were the forensic investigation capabilities? We also looked at incident response and we looked at intelligence and automation.
So, for this, we were looking at what kind of data So, for this, we were looking at threat hunting capabilities, the ability to integrate threat intelligence information, and then to what extent are the solutions able to automate day-to-day work functions of analysts in the SOC centers? Compliance is also another important area that Siemens can help with, not only in identifying potential compliance breaches, but in doing the reporting for audits and so on, and then in cloud support.
This is one area that the intelligence Siemens excel in because the traditional Siemens typically do not have good cloud support. So, all that across each vendor was correlated into the spider diagrams that I mentioned. I won't tell you which vendor's spider diagram this is. You'll have to go and have a look at the report to identify that, but you can see how we plotted and you can see how you can compare across the vendors how their strengths compare in terms of those different categories.
I won't go into each of the evaluation criteria, but I'll give you an idea of what we looked at for the data collection one. So, we looked at the range of log sources supported. We looked at the support for operational technology and internet-connected devices or mobile devices.
Now, this is getting increasingly important because organizations are increasingly using operational technology environments or they're getting more connected than they were in the past. So, this is something that we thought was really important to have in a next-gen SIEM to be able to support the operational technology and the IoT environments as well as mobile devices.
Also, within data collection, the functionality to develop custom connectors for log collections. So, we looked at if organizations have got sources that are unique to them or that are not included out of the box with the SIEM solution, are they able to develop custom connectors for collecting logs? Technical limitation to the number or size of logs collected. We found that some of the solutions out there have limitations to these, so we rated them against each other in terms of that. We looked at support for analyzing network traffic.
Not all SIEM solutions are created equal in terms of their analysis of network traffic, so that was a key area that we focused on. And then we looked at support for OSI level seven traffic analysis, support for common protocols, which protocols do they support across all SIEM solutions. All the various ones that are available. Collection of data from endpoints. Are they able to see into the endpoints and get data from them so to better inform the overall security picture?
And the use of agents and operating systems that are supported for the use of agents, because we also discovered that not all operating systems are supported equally. And finally, we looked at support for agentless log collection, which is really useful. So we've come to our second poll question, and I'd like to know this time, what are the main barriers preventing your organization from upgrading to a next-generation intelligent SIEM solution? In this case, I'd like you to select all that apply.
So budget constraints, lack of internal expertise or resources, concerns about disruption to existing operations, or uncertainty about return on investment. So if you could just go to the poll section on the event platform, and let me know which of these you're finding to be the main barriers preventing you from upgrading. So I think you've had a couple of seconds to do that. Hopefully you've done that by now. So let's go on with our next item, which according to the agenda is looking at the leadership compass, methodology and categories.
So obviously we identify vendors in a particular market space who are the ones that are active. We invite them to participate, and hopefully as many participate as possible, but we don't always get as many as we would like due to time constraints and so on on their part. And we then do vendor briefings, and they demonstrate their solutions to us. And then we send out technical questionnaires. Technical questionnaires. Now these can be 300, 400 questions that they fill in across the different categories that we analyze and those areas, evaluation criteria areas that I mentioned earlier.
So we get all the answers back, and we do an analysis of that. We evaluate the information and then write the draft of the report. And then we send that to the vendors to review, to check that we've got all our facts straight. And also if there are updates. Often we find that vendors have updated their solutions since the briefing and the compilation of the report. So it's always good to get an update there and make sure that when the report goes out, it reflects the most accurate information, the most up-to-date information that we have. And then finally we publish.
So that's kind of our process. Now I'd like to just talk about all the things that we look at. We look at a couple of dimensions. First of all, security. Now this is often confusing for vendors and perhaps readers. We're not looking at the solution's ability to deliver security per se, but we're looking at does the product solution or the service meet the security requirements of today? So in other words, is there multi-factor authentication and so on. We also obviously look at functionality.
We look across all the different features that we identify in the market as being among the leadership qualities and features. And so we look is each product feature complete. For the deployment, we look at do they cover on-prem as well as cloud? Are they available as a fully software as a service model? Are they easy to deploy? What's the level of effort to maintain and so on? So all the questions around deployment gets plotted and that gets analyzed into a deployment score.
Interoperability, this was an important one for the intelligent SIEM platforms because it's essential for iSEEMs to be able to interoperate with as many other security tools as possible, as well as to pull out information from as many security data sources as possible. Usability, that's obvious. Is it easy for admins and analysts to use? We looked at the user interfaces there and made comparisons and scores as well.
Finally, the last set that we look at includes innovation. Does the product deliver new features that customers need? Is it leading edge or is it playing catch-up? And so that gets rated in terms of innovation.
Market, we look at how many customers have deployed the product, what industries are targeted, and which regions in the world are using it. We also evaluate the ecosystem of each vendor to see how many partners they have, how many ISVs, VARs, and support personnel they have, and how globally distributed are they? Are they just working in one region or are they available worldwide? And finally, we look at financial strength. Is the company profitable? Are they massively so? Are they a new startup or are they mid to late stage?
And that's just to give an idea for end-user organizations on how stable they are and how likely they are to be around in coming years if they choose to invest. So here's just a brief look at the vendors who took part in this one. I also have included this just for completion. I won't go through all of them. You can have a look at them at your leisure. So all those scores are bubbled up into various kinds of leadership graphs or scatter graphs. We look at product leadership, which is across the functionality and completeness of the product vision.
Market leadership, again, the number and geographic distribution of customers, partners, and the support ecosystem. Innovation leadership is looking at delivering new and useful features at customer request. And then overall leadership, obviously, all these scores get combined. And then we get an idea of the spectrum of vendors in any given market. If you have a look at the report, and again, I would very much like you to have a look at the report, you will see that most of the participants ended up in the leadership category.
And I think this is important because it shows that this market is incredibly mature. It also shows that there is very little separating the top companies or the top vendors in this market. And so I think it's really important for organizations to identify what it is that they need, and then try and map that to what the different vendors offer, because a vendor may be at the top of the list or it may be the highest leading vendor, for example, but if they don't have the strengths that you particularly need, then that's not the best fit for you.
So the idea of the leadership compass report is to expose these solutions to the end user organizations so that they can find the option that meets their needs best. Okay, poll question number three, this is the last one. I'd like to know what factors are the most important to your organization when considering a next generation intelligence seam solution? And once again, I'd like you to select all that apply. You've got the choice between cost effectiveness, ease of deployment and management, scalability and performance, and advanced analytics and machine learning capabilities.
So if you just take a few seconds then to fill in, which of those are the ones that are important to you? Okay, hopefully you've had time to do that. Let's go on then, and we've reached the last big item on our agenda, which is trends and innovation. And here I'm going to talk about what we observed in the latest research.
And I think the most basic observation that I can make is that seam solutions remain relevant due to the fact that they are evolving to meet the requirements of modern business IT environments, and that there is a continued need to gather, analyze and correlate security events from multiple sources, which I alluded to at the beginning. This need hasn't gone away.
In fact, I think it's greater now than ever before. The ISEAM market is competitive and continues to grow. In a short while, I will give you an idea of where we see the growth of this market. Continued evolution of ISEAM solutions as security management and intelligence platforms. This is what I think will happen in the coming months and years, is that ISEAM solutions will develop as management and intelligence platforms. So I don't know how long the ISEAM label will continue, but this is what I think they're evolving into and probably where they will stabilize.
And we're also seeing the adoption of a modular approach to enable a mix and match with existing seam and SOAR investments. So this is great because organizations are not necessarily wanting to have to rip out and replace what they've got. So we're seeing a lot of the vendors in this market adopting this more modular approach so that you can just pick and choose the components that best suit you or best complement what you already have.
Other observations are we're seeing a greater incorporation of user and entity behavior analytics, as well as security analytics capabilities, of course, supported by machine learning and even deep learning in some cases, which is an exciting development. Typically, these solutions offer out-of-the-box compliance reporting. This is really important for most organizations nowadays. And if you can get that compliance reporting directly from the tool that's got a really good view across your enterprise, to me, that's a good deal. There's a focus on automation capabilities.
We're seeing quite a bit of automation already, but I think as the AI models mature and as people get more comfortable with automation, we're going to see a big increase in what these solutions offer in terms of automation.
And these solutions are increasingly becoming available as cloud-based services, so probably not that attractive to organizations that work in regulated sectors or where the information is sensitive, but certainly organizations that are wanting to be flexible, are wanting to keep the cost down and are wanting to make up for the fact that there is a lack of skills, this is going to be appealing to them.
So as promised, the market size for intelligent SIEM platforms, one of my colleagues has done some number crunching, and so we project that this market will be worth $6.15 billion in 2025 and $6.58 billion in 2026. That's up from 5.18 in 2023. So as you can see, if it continues on the current trend, this market is definitely going to grow. Now we look at the innovation, the areas of innovation across the ISEE market, fully integrated unified platforms.
And as I mentioned earlier, I think this is the way it's going to go, it's going to stay with unified platforms, and the integration here is really important. Improved search functionality. Some of the solutions that we looked at in the report already have some of these things, but I think the competitors are going to catch on to this really quickly, and we're going to see a lot more fast, hot and cold search. We're going to see better federated search capabilities. And of course, there's going to be AI-supported search. There's going to be a lot more around intelligent decision making.
That's when I mentioned earlier about the guidance for analysts in doing their jobs. And more specifically, this is going to be in the form of assistance or chatbots based on generative AI. So this is where analysts can interrogate these chatbots for pointers on which way to go. And this means that even the most junior of analysts can be more productive and efficient. Automation capabilities are only going to increase.
Collaboration capabilities also, so that across the SOC operations and across the wider enterprise, anyone needing information about the security status of the organization are going to be able to tap into this information. Then there's also going to be increased support, I think, for SOCs, not only in IT environments, but also in OT environments. And this is something that I mentioned earlier as well, is where organizations that use operational technology are using a lot more of it, and it's becoming more connected and so on. This is becoming a huge part of the attack surface.
And so it is more important now than ever that these operations are covered by security solutions. And I think we'll see an increase in incident simulation to test and improve workflows. This is not very common now, but some vendors are doing it, and I think we're going to see a lot more of it because it's really useful to be able to simulate an incident and then to test whether your workflows are working or up to scratch. And if not, how to improve them. And finally, an area that we're seeing some innovation in now is file integrity and registry monitoring.
And I think that will probably increase because it gives just another layer of information to the scene that can be useful in determining whether something is a valid attack or not, and also if it is an attack, just what the impact of that's going to be. So looking into my crystal ball, I've already alluded to this already. My prediction is that search functionality using natural language processing, or NLP, and digital assistance, those chatbots that I mentioned based on generative AI, are likely to become standard, I would say, in the next 12 to 18 months.
So some solutions have them now, but not all. And I think we're going to see more of that because that is where intelligence seams are really adding value, is the ability to kind of guide analysts in their investigations and guide them in their workflows and so on.
Okay, so finally, we'll look at some advice on adopting intelligence seams. And basically, this is a how to use the leadership compass. Use the detailed list of capability requirements to identify your organization's requirements. So have a look at the report. Go through the detailed list of capability requirements and just see, well, which of these will I need? Map your organization's requirements to those offered by the vendors in this market. So not just the ones that are featured in the report, but the ones that you've shortlisted.
Then draw up a short list from the vendors that best meet your requirements. Make a choice, and here you need to take into consideration your company size. Are you going to be growing? What skills do you have? What skills are you likely to have? What sort of assistance are you going to need? And finally, of course, you're going to have to take into consideration your budget. So we've reached the Q&A section of this presentation. Let me just see whether there are any questions in the Q&A.
Well, while we're waiting for people to put questions in the Q&A, perhaps we could see the polls. We could have a look at the polls. So the first question was, has your organization considered upgrading to a next-gen SIEM? The biggest proportion is we're planning to integrate and upgrade into the near future. That's really interesting. I'm surprised that the proportion of people that are not considering it is still relatively small. And I would encourage people to investigate these. So once again, another call out for the report. Have a look at the report.
I'm sure you'll be surprised at how useful these can be. Right, if we have a look at the next poll question, what was the result there?
OK, so we asked, what are the main barriers? OK, so that's interesting. The main uncertainty is around the return on investment. I think that that is quite understandable. And I would also encourage you to investigate this market a little bit further, and then you can see what kinds of things that these kinds of solutions can deliver. And then you will be able to see that it can probably deliver for your organization a fairly good return on investment because it's going to make your analysts in your SOC operations teams far more efficient.
And then the final poll question, what was the answer there? Let's have a quick look at that.
OK, more or less an equal spread. Yeah, definitely an equal spread between cost effectiveness and advanced analytics and machine learning. I'm surprised the ease of deployment and management and the scalability and performance weren't higher. I think these are two areas that will really be beneficial in intelligence teams, but definitely is going to help with the cost effectiveness and the ease of deployment. And I think these results are fairly useful for you to be able to kind of benchmark where you are in comparison with the others taking part in this webinar.
OK, so let me have a look back now at the Q&A section to see if there are any questions. OK, if an enterprise has normal SIEM capability, so I'm not quite sure what you mean by normal, I don't know whether you mean traditional, what would it take to integrate those legacy stacks with iSIEM?
OK, so the answer is always going to be it depends. This is not going to be the same from one solution to another. But the great news is that this next generation of SIEMs are more geared towards integrating with the environments that organizations already have. So I think that you may be pleasantly surprised with how easy that it would be.
Obviously, just look for the more modular solutions, the ones that are designed to integrate with existing deployments. So that's why once you've narrowed down your choice, engage with the top vendors that you selected, that you find or you feel will suit your organizations the best, and then interrogate them around their ability to integrate with your particular SIEM solutions. I think iSIEM solutions, particularly those that are cloud-based, are better designed to work with existing environments. So in general, I'd say iSIEM implementations will not require massive changes.
Lots of questions in the questionnaire in the leadership compass were aimed at measuring interoperability. So if you look at the report, you'll see that some have higher ratings than others. This means that some solutions will integrate more easily than others. The report also looks at how well iSIEM solutions support connections with various log sources and used by different parts of the organization's infrastructure. So that's reflected in the write-ups for each of the participating vendors and in the spider diagrams for each vendor that I mentioned earlier.
iSIEM solutions generally strive for smoother assimilations. So as I said earlier, that given the advancements in big data processing, cloud computing, and automated provisioning mechanisms, nonetheless, conducting proper diligence remains vital to anticipate and avoid excessive modifications to your environment. So in other words, kind of do your homework. I think that's the best advice there. Don't seem to see any other questions in the question Q&A section. Let me just refresh my screen and see if there are any other questions that popped up in there.
Okay, I've just seen there is another question here, which is great. Do next-gen SIEM options adequately cover regulations applicable to us such as GDPR, HIPAA, PCI DSS, and others?
Okay, this is where it's important to know your organization's requirements and then map these to what vendors have on offer. The trend in this market is to offer support for compliance with things like automatic compliance reporting, as I mentioned earlier, for the main regulations like GDPR, HIPAA, and PCI.
But again, it varies from vendor to vendor. Some solutions can restrict access on a need-to-know basis, on a departmental basis, also on a geographical basis. Some solutions can offer guaranteed data and metadata residency for the US, EU, and UAE even, and provide the option of keeping customer data entirely on-premises. But not all of them, so therefore it's important to check if your organization's particular needs can be met.
Okay, let me just see if there's another question. I think, yeah.
Okay, well, I don't see any more questions. So, I think that means that we can close off the session. I really hope that that's been useful, giving you a good overview of the SIEM market, the intelligent SIEM market, and I hope it's also given you encouragement to go and have a look at the report and to engage with the report and see what this technology can do for you.
And so, all that remains for me to do is to point to the fact that in the slide deck, there is some related research that you can go and have a look at, and to say thank you. Thank you very much for joining me here today, and hopefully it was a useful and informative session for you. Goodbye.
