So There Is a New SIEM MQ…

By Augusto Barros, VP, Cyber Security Evangelist 

The release of a new Gartner Magic Quadrant is always an exciting time for technology providers, including Securonix. There are multiple things to be said about the “MQ”, but invariably it turns into a simplistic discussion of winners and losers (cue to ABBA’s “The Winner Takes it All”).

As much as I could do it too, considering Securonix is again positioned as a Leader and some of our competitors have significantly dropped in their position, I like to look at this research document with my old industry analyst hat. There are many interesting points hidden in the 35 pages, not only in its famous “Figure 1”. What are the interesting things we can extract this time?

First, as good as it is to look at the vendors in the quadrant, it’s also important to notice those that are not there. Some vendors that used to be part of the MQ are not even listed anymore, and some trying to compete in this space haven’t made the cut. Why?

The MQ always has an “inclusion criteria”. Have you ever wondered why there are just a few vendors represented? That some that you may know (or even use the product) are not even listed? Most likely they haven’t met the inclusion criteria. The inclusion criteria serves the purpose of ensuring you will be comparing apples to apples. It is usually a simple definition of what a product and its vendor should have in order to be profiled in the MQ. But in a dynamic market like SIEM, it can also help drive requirements forward, transforming trends into “must-haves”. This year’s criteria, for example, requires vendors to have a certain amount of revenue coming from a cloud-native/SaaS offering. In short, a SIEM vendor must have a credible cloud-based solution. The criteria also indicates the direction of converging markets; vendors should include in the SIEM product, or offer as an add-on, at least two of these four capabilities: SOAR, TIP, UEBA, and long term log storage. Additional criteria related to built-in integrations and global presence complete the picture that has left at least a couple of well-known products out of the Quadrant.

Another important part of the MQ to consider is the list of “strengths and cautions” Gartner includes for the vendors profiled. These are often comments that describe what Gartner analysts have been hearing from their customers in inquiry calls. We notice, for example, some vendors have cautions related to deployment complexity, sometimes requiring high expenses with professional services, or lack of out-of-the-box content. Other vendors have been struggling in their migration to the cloud, and although they may have done enough to stay above the line of the inclusion criteria, the existence of different UIs and fragmented architectures have been noticed by the analysts and are mentioned as cautions too.

The MQ cautions have always been good indicators for us vendors about where we must work to improve. We are happy at Securonix to see that some cautions from past editions related to our product and services are now gone, showing we’ve been able to improve in those areas. We still have work to be done on finessing our message and demonstrating how we offer certain options more clearly to our customers, and we are facing those challenges head on.

Two of our strengths mentioned by Gartner highlight how we’ve been working to help organizations scale up their security operations. First, our threat intelligence integration capabilities, used to enrich events and support investigations, powered by our Securonix Threat Labs research. Second, our “refined investigation and case management capabilities”. In times when everyone is working to reduce time to respond and eliminate toil, these capabilities are critical to maximize the value of the analysts working on alerts and incidents. Our recent product announcements in 2022, Securonix SOAR, Securonix Autonomous Threat Sweeper and Securonix Investigate are clear indications that we are moving further and faster in that direction.

Finally, we are also happy to see that a key point from our strategy to deliver the best and most efficient SIEM solution has been recognized in one of our strengths: The use of third-party data lake access, such as our “Powered by Snowflake” solution. About that point, Gartner says: “Data decentralization enables more cost-effective deployments, with more up-to-date data, and is expected to be a key trend for SIEM over the next 18 months”.

Forrester also has recently said (in its “The Security Analytics Platform Landscape, Q3 2022“) that the top disruption in the security analytics platform market (SIEM in “Forrester speak”) is “security analytics on top of independent data stores”. Both analyst firms are well aware of what should be done for SIEM to deliver cost-efficient and scalable threat detection, and we are certainly one of those driving this trend.

For those tired of all the comments from the vendors about how marvelous their position in the MQ is (including us!): I invite you to download a complimentary copy of the report and read it in full, beyond the famous chart on the first page. The analysts put a lot of work on that content and that’s where the most important pieces are. The picture may show where we are when compared to the others, but the text will give you a good understanding about why we are there.