根据Gartner魔力象限,SIEM是什么?
SIEM, 根据Gartner的魔力象限, is defined by Gartner as “SIEM aggregates the event data that is produced by monitoring, 评估, detection 和 response solutions deployed across application, 网络, 端点, 云环境. 功能包括威胁检测, through correlation 和 user 和 entity behavior analytics (UEBA), 和 response integrations commonly managed through security orchestration, 自动化和响应(SOAR). 安全报告和通过威胁情报平台(TIP)功能不断更新的威胁内容也是常见的集成. 尽管SIEM主要作为基于云的服务部署,但它也可能支持本地部署.”
By 应用ing a graphical treatment 和 a uniform set of evaluation criteria, The Gartner Magic Quadrant for 安全信息 和 事件管理(SIEM) 是否有一份报告可以帮助您快速确定技术提供商执行其既定愿景的情况,以及他们与Gartner的市场观点相比表现如何. Gartner evaluates vendors based on their "ability to execute" 和 "completeness of vision.魔力象限提供了四种技术提供商的图形竞争力定位, in markets where growth is high 和 provider differentiation is distinct.
Gartner如何评估供应商
Vendors are recognized as Niche Players, Challengers, Visionaries, 和 Leaders.
- 小众玩家成功地专注于一个小细分市场, or are unfocused 和 do not out-innovate or outperform others.
- Challengers execute well today or may dominate a large segment, but do not demonstrate an underst和ing of market direction.
- Visionaries underst和 where the market is going or have a vision for changing market rules, 但还不能很好地执行.
- Leaders execute well against their current vision 和 are well positioned for tomorrow.
一个厂商今年出现在魔力象限而下一年没有出现,并不一定表明Gartner改变了对该厂商的看法. 这可能是市场变化的反映, 因此, 评价标准变更, 或者是供应商改变了重点.
Evaluation Criteria from 2022 Gartner的SIEM魔力象限
视觉完整性
- 市场的理解此标准评估供应商理解买家新出现的需求以及如何有效沟通解决方案的能力. 对市场了解程度最高的SIEM供应商能够识别技术和工作方式的变化将如何转化为现代安全操作需求, while also meeting the business risk 和 ROI reporting 需要 of organizations.
- 市场策略此标准评估供应商传达其SIEM产品的价值和竞争力差异的能力.
- 销售策略: This criterion evaluates a vendor's use of direct 和 indirect sales, 市场营销, 服务, 和 communications affiliates to extend the scope 和 depth of its market reach.
- 提供(产品)策略: This criterion evaluates a vendor's approach to product development 和 delivery, with an emphasis on how well functionalities 和 features correspond to current requirements. Development plans during the next 12 to 18 months are also evaluated. SIEM市场是成熟的——大多数供应商之间在支持通用网络设备等方面几乎没有区别, 安全设备, 操作系统, 以及整合的管理功能. Gartner assigns higher weightings to coverage of emerging event sources, 例如IaaS和SaaS, 环境背景.
- 商业模式: Despite vendors’ focus on expanding their capabilities, Gartner continues to value speed 和 simplicity of deployment 和 breadth of platform support. 用户, especially those with limited IT 和 security resources, still value this attribute over breadth of coverage beyond basic use cases. SIEM products are complex 和 tend to become more so as vendors extend their capabilities. 供应商能够提供有效的产品,用户可以成功地将其用作服务或部署, 配置, 和 manage with limited resources — will be the most successful. Gartner评估共同管理或混合部署SIEM技术和支持服务的选项,因为越来越多的Gartner客户期望或要求供应商交付的服务包装器(VDSW)或安全服务提供商合作伙伴支持来监控或管理他们的SIEM技术部署.
- 垂直/产业战略:此标准评估供应商的策略,以支持特定于行业的SIEM需求, 比如操作技术(OT)环境.
- 创新:此标准评估供应商的SIEM技术开发和交付,该技术以独特的方式满足关键客户需求,与竞争对手有所区别. Product capabilities 和 customer use in areas such as application layer monitoring, identity-oriented监控, 并对事件调查进行评估. This is in addition to other product-specific capabilities needed 和 deployed by customers. 高级威胁检测和事件响应所需的功能被赋予了很大的权重:用户, data, 和 application monitoring; ad hoc queries; visualization; orchestration 和 incorporation of context to investigate incidents; 和 workflow/case-management features.
- 地理战略这个标准考虑到这样一个事实, 尽管北美和欧洲, 中东, 和 African (EMEA) markets produce the most SIEM revenue, Latin America 和 Asia/Pacific are growth markets for SIEM, 它们的增长主要受到威胁管理需求的驱动(其次是遵从性需求)。. Gartner对这个魔力象限中的供应商的总体评估包括对这些地区的销售和支持策略的评估,以及支持本地和区域数据驻留和隐私合规要求的产品功能的评估.
执行能力
- 产品/服务:此标准评估供应商在核心SIEM领域提供产品功能的能力,例如创建的能力, 修改, 并维护威胁检测用例, 提供案例管理, 支持事件响应活动, 并生成支持业务的报告, 合规, 以及审计需求.
- Overall financial viability (business unit, financial, strategy, organization)可行性包括对供应商的客户吸引力以及其SaaS SIEM业务的财务和实际成功的评估, 和 indicators that it will continue to invest in SIEM technology.
- 销售执行/定价此标准评估技术供应商在SIEM市场的成功程度及其在售前活动中的能力. Considerations include the size of its cloud-native/SaaS SIEM revenue 和 installed base, 定价模式的灵活性, 售前支持, 和 the distribution 和 inclusivity of its sales channel. The level of interest 和 reviewed experiences from Gartner clients is also considered.
- 市场反应能力和业绩记录:该标准评估交付的特性和对相邻SIEM功能和现代部署方法的客户需求的一致性,以及根据不断变化的市场需求交付新的和差异化功能的跟踪记录. Considerations include support for multi-cloud monitoring, 云原生或SaaS业务重点, 和 industry-specific support within areas such as OT.
- 营销执行该标准根据Gartner对客户需求的理解来评估供应商的SIEM市场信息. It also identifies particular vendor-identified variations by industry or geographic segment.
- 客户体验: This criterion evaluates product function 和 服务 experience in production environments. 公司luded are operations, administration, 和 vendor-support capabilities. 该标准评估的领域如下, 提供支持和培训, 用户界面定制, 和 takes into account interactions with Gartner clients that are using, 或已完成竞争性评估, 供应商的SIEM产品.
- 操作: This criterion evaluates a vendor’s 服务, support, 和 sales capabilities. It includes an 评估 of these capabilities across multiple geographies.
Rapid7's Underst和ing of the Gartner的SIEM魔力象限
在适当的语境下, it's possible to view a Gartner Magic Quadrant through a specific lens, providing high-impact additional perspectives by key industry, 地区, 公司规模.
该报告有助于了解一个市场的技术供应商是如何进行竞争定位的,以及他们为争夺终端用户业务而采用的策略. 它还阐明了如何将技术提供商的优势和挑战与您的特定需求进行比较.
高德纳还表示,专注于领导者象限并不总是最好的做法. 市场挑战者, 有远见的人, 和 niche players may better support an organization’s 需要 versus a market leader. It all depends on how the provider aligns with the organization’s business goals.
Gartner的交互式魔力象限功能使您能够创建魔力象限的视图,以反映您自己的业务目标, 需要, 和优先级. 最重要的是, 交互特性使您能够调整应用于每个评估标准的权重,以生成新的评估标准, client-specific Magic Quadrant graphic for that market.
阅读更多
Gartner Magic Quadrant: Positioning technology players within a specific market
Gartner, Magic Quadrant for 安全信息 和 Event Management, 皮特Shoard, 安德鲁•戴维斯, 2022年10月10日
GARTNER是GARTNER的注册商标和服务标志,Magic Quadrant是GARTNER的注册商标, 公司. 及/或其在美国的附属公司.S. 和 internationally 和 are used herein with permission. 版权所有.
Gartner不认可任何供应商, 在其研究出版物中描述的产品或服务,不建议技术用户只选择那些具有最高评级或其他指定的供应商. Gartner研究出版物由Gartner研究组织的意见组成,不应被解释为事实陈述. Gartner不提供任何保证, 明示或暗示, 关于这项研究, including any warranties of merchantability or fitness for a particular purpose.