Finally i had time for reading the Gartner Magic Quadrant for SIEM (May 2010) and I'm not surprise that the 2 clear leaders continue being ArcSight and RSA(EMC) -I'm completely agree with it :P -
It's interesting to see how the primary driver continues to be regulatory compliance (80% North America SIEM market). Here in Norway I'd say it's even bigger, close to the 90%, especially PCI and its requirement for log management.
Some things keep me attention; I expected to see included Splunk with its Enterprise Security Suite, but it wasn't because it's in the process of introducing real-time monitoring (one of the basic requirements to be considered in the report). Maybe in the next one?
Other thing to mention is how NitroSecurity is positioned at the head of the visionaries; already 1 year ago, i liked the live demo i got in one of the stands at the Black Hat USA. If they improve their sales channels towards Europe maybe we'll start to see them.
The one who seems losing gas is Symantec, just in the middle of the quadrant. Who has lost some position in favor of Q1Labs.
Just say goodbye to CISCO MARS after its decision of freeze support for most of the non-Cisco event sources.
For finishing, my congratulations again to ArcSight and RSA for being the leader of the market.
And also congratulations to 21Sec (in Spain) for appears in the report, even if they are not included because of its regional market focus.
cheers,
Subscribe to:
Post Comments (Atom)
I don't read the new Magic Quadrant too :p
ReplyDeleteBut for the moment I work with 3 solutions and soon another :
My own quadrant ;-) :
enVision
Juniper STRM
Symantec SSIM
But Arcsight should join the list in the first place soon.
I work with enVision since 2 years, so I've a lot of experience with this product.
Don't hesitate if we need help or some ressources.
I work also (unfortunately) with Symantec SSIM since 3 years.
Hei, thanks for the comment, you said in your post that you work with Symantec SSIM also, why unfortunately?
ReplyDeleteHi all,
ReplyDeleteThe purpose of this thread is to discuss SIEM as a solution, functionality and anything related to SIEM as a market or field of expertise. This blog is NOT intended to market any specific vendor, nor talk down on any vendors. Share your experience, but be polite and precise.
All vendor has their small or large caveats so there is no point going in to a "war" between vendors in this blog. That discussion will go on forever.
Of course, many have a lot of experience with some specific vendors and it is natural to mention those so others can get an idea of the background of the person who post or comment.