Gartner Magic Quadrant for SIEM 2017: Where Partners, MSSPs Fit In

The security information and event management (SIEM) market, according to Gartner, is “defined by the customer’s need to analyze event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, analyze, investigate and report on event data for incident response, forensics and regulatory compliance.”

But which SIEM offerings are most helpful for customers — and which SIEM platforms are designed for MSSP adoption? MSSP Alert took a look at the Gartner Magic Quadrant for SIEM 2017. We’ve summarized the Gartner findings below, while also adding some of our own spin on the partner and MSSP front. Vendors mentioned in the article below are sorted alphabetically below and not by ranking. The Magic Quadrant grid is on the final page, showing companies in their actual grid (leaders, challenges, visionaries and niche players).

1. AlienVault

Gartner quadrant: Niche player
Gartner says: AlienVault competes in the SIEM market with two offerings: AlienVault Unified Security Management (USM) Appliance (physical or virtual) for on-premises deployment and AlienVault USM Anywhere, a cloud-based SaaS solution. USM Appliance includes file integrity monitoring (FIM) via the host intrusion detection system (IDS), NetFlow analysis and full-packet capture. USM Anywhere is designed to monitor cloud and on-premises environments from the AlienVault Secure Cloud. AlienVault also offers Open Threat Exchange (OTX), a free, community-supported threat intelligence sharing forum that integrates threat intelligence into USM.
MSSP Alert says: AlienVault solutions often are too complex for smaller MSPs to deploy and manage. But a November 2017 relationship with ConnectWise simplifies how AlienVault’s offerings are consumed, deployed and managed by MSPs and emerging MSSPs. Moreover, AlienVault is very, very serious about MSSP engagements.

2. BlackStratus

Gartner quadrant: Niche player
Gartner says: BlackStratus is a SIEM technology and service-focused vendor with solutions aimed at large enterprises, small or midsize businesses (SMBs), managed security service providers (MSSPs), and managed service providers (MSPs). The portfolio is composed of LOGStorm, SIEMStorm and CYBERShark.
MSSP Alert says: CYBERShark has a very strong brand among MSPs in the SMB sector, but some partners have been trying to figure out if there are lower cost alternatives.

3. Dell Technologies (RSA)

Gartner quadrant: Challenger
Gartner says: RSA (a Dell Technologies business since the acquisition of EMC by Dell in September 2016) competes in the SIEM market via its RSA NetWitness Suite. The suite is composed of RSA NetWitness Logs and Packets, RSA NetWitness Endpoint, and RSA NetWitness Security Operations (SecOps) Manager.
MSSP Alert says: The RSA brand has struggled a bit to remain relevant. Rumors about Dell or EMC potentially selling the business popped up multiple times during the Dell-EMC merger discussions. And RSA, overall, is now better known for its annual industry conference that its actual products.

4. EventTracker

Gartner quadrant: Niche player
Gartner says: In October 2016, EventTracker merged with Netsurion, a provider of managed security services, and EventTracker continues as a subsidiary with its own brand. EventTracker targets its SIEM software and service offerings primarily at midsize and government organizations with security event management and compliance reporting requirements.
MSSP Alert says: EventTracker is serious about MSSP engagements.

5. Exabeam

Gartner quadrant: Visionary
Gartner says: Exabeam Security Intelligence Platform is a collection of components that collectively deliver the Exabeam SIEM solution that was introduced in February 2017. The platform is built on a variety of big data technologies, including Elastic, Hadoop, Kafka and Spark. Data management (collection, parsing, indexing and storage) is provided by Log Manager, which also includes agent-based collectors that can collect logs from local resources or from cloud-based applications using RESTful APIs.
MSSP Alert says: Exabeam briefly mentioned MSSPs in their 3.0 release launch statement back in 2016. We’d like to hear that MSSP emphasis far more regularly.

6. FireEye

Gartner quadrant: Niche player
Gartner says: FireEye is a new entrant in the SIEM Magic Quadrant. FireEye’s SIEM offering is Threat Analytics Platform (TAP), which is delivered as a service leveraging AWS. TAP provides real-time security analytics, investigative threat hunting, monitoring and data management, and storage, with data segregated on a per-customer basis. Integrated threat intelligence is provided by in-house iSIGHT security researchers and Mandiant incident responders. Both multitenant as well as single-instance versions are supported.
MSSP Alert says: FireEye has struggled to maintain healthy, pure channel relationships ever since the company acquired Mandiant for IT consulting and forensics expertise. However, the company’s overall security solutions are respected by partners.

7. Fortinet

Gartner quadrant: Niche player
Gartner says: FortiSIEM, acquired from AccelOps in 2016, is a component of Fortinet’s Security Fabric framework that provides traditional SIM and SEM capabilities, complemented by a built-in CMDB, application and system performance monitoring capabilities, and agent-based FIM. Fortinet positions FortiSIEM for MSPs, telecommunications providers and MSSPs that use or support other Fortinet solutions, in addition to security operations buyers in large enterprises, government and education.
MSSP Alert says: Fortinet helped to pioneer the MSSP and MSP channel models. The company is highly respected in MSSP circles.

8. IBM

Gartner quadrant: Leader
Gartner says: IBM QRadar Security Intelligence Platform is composed of QRadar SIEM at the core, with additional components providing complementary security monitoring and operations capabilities, such as log management (Log Manager), network monitoring (QFlow, Network Insights and Incident Forensics), vulnerability management (Vulnerability Manager) and risk management (Risk Manager). IBM positions QRadar as an on-premises solution available via a stand-alone or distributed architecture, SIEM as a service (QRadar on Cloud) or as co-managed QRadar in partnership with IBM Managed Security Services.
MSSP Alert says: IBM itself is a Top 100 MSSP for 2017, but the company has been working more closely with MSSP partners in recent years.

9. LogRhythm

Gartner quadrant: Leader
Gartner says: LogRhythm Threat Lifecycle Management Platform provides core SIEM capabilities, in addition to optional add-ons for network and host monitoring. LogRhythm’s SIEM solution consists of several components that can be run from a single appliance or separately as discrete components — Data Collector, Data Processor, Data Indexer, AI Engine, Platform Manager and WebUI Services. Multitenancy for MSSP buyers is also natively supported.
MSSP Alert says: Yes indeed, LogRyhthm’s partner program specifically serves MSSPs.

10. ManageEngine

Gartner quadrant: Niche player
Gartner says: Log360 is the SIEM offering from ManageEngine, a division of Zoho. ManageEngine Log360 is composed of three components — EventLog Analyzer, which provides core SEM and SIM features including event log management, correlation-based analytics, and management/UI for reports, dashboards and log search functionality; ADAudit Plus, which provides real-time monitoring and auditing for AD; and Cloud Security Plus, which manages log event data from public cloud environments.
MSSP Alert says: ManageEngine is perhaps better known as an IT management platform provider to MSPs, but we get the sense that a more concerted MSSP push is coming…

Gartner’s SIEM Magic Quadrant 2017 with our partner spin continues on page two with companies 11 to 19 (sorted Alphabetically, not by ranking)

Return Home

No Comments

Leave a Reply

Your email address will not be published.