By using this site, you agree to the IDC Privacy Policy

TECH SUPPLIER Aug 2019 - Market Presentation - Doc # US45297720

IDC Market Glance: SIEM, 3Q19

By: Christopher KisselResearch Director, Security Products

On-line Presentation

Abstract

This IDC Market Glance provides a view of worldwide SIEM by form factor, region, and vertical market. Traditionally, SIEM platforms have been used to generate compliance reporting, and this is true and an important function today. SIEM has also been used for storage and indexing of packets for investigations; the hope being presently investigated alerts can be tracked for dwell time in a network's environment. Every internet browser session, email, internal server and router transaction, and Active Directory request generates a log. In theory, with the proper amount of time and skill, logs could be reconstructed that they will find when the adversary entered the network, what digital properties were exfiltrated, and what the extrusion path of the adversary was. A fair and lively argument can be made that the intelligent collection of metadata provides an able and cost-effective cyberdefense, but it should be noted that without 100% full-packet capture (PCAP), reconstruction of event timelines with the original artifacts is not possible. Including forensic capabilities, SIEM is the last hope of catching the adversary.

Two key metrics measure the efficacy of a security operation center (SOC): mean time to detect (MTTD) and mean time to respond (MTTR). SIEM is a log-based technology and as such can facilitate both MTTD and MTTR. In 2019, UBA is an important addendum to an overall cybersecurity posture. UBA is both a discrete technology and an essential technology feature set used across multiple technologies such as endpoint detection and response, threat analytics, and SIEM.

These ideas help explain what SIEM has to do from the standpoint of security postures. However, the word security becomes too generic a term. At times, an enterprise (or smaller company) is looking for a specific security tool for a specific use case or for a specific architecture. Some SIEMs are best designed for on-premises use, for manufacturing environments, or address jurisdictional needs on the basis of geo-compliance or data privacy standards.


Coverage

Content
  • 8 slides


Get More

When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.



Related Links

Do you have questions about this document
or available subscriptions?

Contact Us