Gartner Magic Quadrant for SIEM 2017: Where Partners, MSSPs Fit In

Welcome to companies 11 to 19 — sorted Alphabetically.

11. McAfee

Gartner quadrant: Leader
Gartner says: McAfee Enterprise Security Manager (ESM) provides core SIEM functionality, including a web-based user interface, a parsed event database, reporting capabilities and central management of other components in the solution. The other components in the solution include Event Receiver (ERC), which provides event and flow collection, and event parsing and normalization; Enterprise Log Manager (ELM), which collects, manages and stores all raw events; Advanced Correlation Engine (ACE), which provides real-time analytics using four types of correlation approaches (rule-based, risk-based, statistical and historical); and Enterprise Log Search (ELS) for log search functionality.
MSSP Alert says: McAfee has been striving to accelerate a channel partner renaissance ever since Intel sold its majority ownership in the company. There are signs of progress.

12. Micro Focus (ArcSight)

Gartner quadrant: Challenger
Gartner says: In September 2017, Hewlett Packard Enterprise (HPE) and Micro Focus closed a business transaction that resulted in the ArcSight SIEM product becoming part of the Micro Focus business. ArcSight Enterprise Security Manager (ESM) is the core component of ArcSight’s SIEM solution. Data collection and management is enabled by ArcSight Data Platform (ADP) using HDFS, Kafka, and Logger and Connectors (both prepacked SmartConnectors and customizable FlexConnectors).
MSSP Alert says: The company quietly has MSSP-friendly partners — including SOC Prime.

13. Micro Focus (NetIQ)

Gartner quadrant: Niche player
Gartner says: NetIQ Sentinel is a SIEM solution from Micro Focus. Sentinel Enterprise is the full SIEM solution that provides SIM and SEM capabilities to support both threat detection- and compliance-oriented use cases. Sentinel for Log Management provides log management, search and reporting capabilities, and can be upgraded to Enterprise.
MSSP Alert says: The company offers some clear guidance on potential MSSP partnerships and relationships for customers.

14. Rapid7

Gartner quadrant: Visionary
Gartner says: InsightIDR is Rapid7’s SIEM solution that is delivered as a service via the Insight platform. The solution consists of the InsightIDR service, EDR agents and honeypots. InsightIDR provides core SIEM features like log collection and management, threat detection rules and correlations, advanced analytics, dashboards, case management, and workflow and reporting.
MSSP Alert says: The company positions itself as a more robust MSSP alternative, and the partner program focuses mostly on distributors and resellers.

15. Securonix

Gartner quadrant: Visionary
Gartner says: Securonix’s SIEM platform is branded as Snypr Security Analytics and runs on top of a Hadoop big data platform. Snypr incorporates an event and data collection and management tier, advanced analytics that include native UEBA functionality as well as a threat library of traditional signatures and rules, and case management and workflow functions.
MSSP Alert says: The company’s partner program specifically mentions MSSPs — but so far most of the chatter involves IT consulting partners.

16. SolarWinds

Gartner quadrant: Niche player
Gartner says: SolarWinds Log & Event Manager (LEM) provides SEM and SIM functionality delivered as a virtual appliance for VMware and Hyper-V platforms. SolarWinds LEM is composed of Manager, which provides central management of the overall solution as well as log and event management and storage; Console, which provides the user interface; and Agents.
MSSP Alert says: The company’s SolarWinds MSP arm supports roughly 20,000 MSPs worldwide, but many of them offer network- and device-centric managed services. The push is on to more aggressively promote security services.

17. Splunk

Gartner quadrant: Leader
Gartner says: Splunk’s Security Intelligence Platform is composed of Splunk Enterprise and two premium solutions, Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk Enterprise is the core component of the product, providing event and data collection, a variety of analytics capabilities, search, and visualizations. Splunk Enterprise (aka Core Splunk) and Splunk Cloud provide use-case-agnostic data analysis capabilities that are used for various purposes like IT operations, application and network performance monitoring, business intelligence, and some security use cases.
MSSP Alert says: Splunk is extremely serious about expanding its partner program — including deeper MSP engagements focused on security.

18. Trustwave

Gartner quadrant: Niche player
Gartner says: Trustwave’s SIEM solution is composed of two versions — SIEM Enterprise and Log Management Enterprise (LME). Both products complement their broader security solution offerings across network, endpoint, and content and data security. Customers consuming SIEM Enterprise as a service leverage the local collector appliance (LCA).
MSSP Alert says: Trustwave is a Top 100 MSSP for 2017 in its own right, but the company also has a healthy, growing channel partner program.

19. Venustech

Gartner quadrant: Niche player
Gartner says: The Venustech SIEM solution is composed of various components under the Venusense Unified Security Management (USM) product, which includes modules for Security Analytics (SA), Network Behavior Analysis (NBA), Configuration Verification System (CVS) and Business Security Management (BSM). Venusense SA provides log collection, normalization and storage, and an analytics engine for threat detection and compliance use cases. It is based on a big data platform, with both Hadoop and Elasticsearch options available, that enables ML analytics in addition to standard correlation-based detection.
MSSP Alert says: Venustech is best known in China, and the company’s partner program focuses mostly on more traditional distributors and resellers.

Gartner SIEM Magic Quadrant Grid 2017

Here’s a look at the actual Gartner Magic Quadrant 2017 for SIEM, and where each vendor plots on the chart:

Got feedback on our MSSP-related perspectives, or SIEM-focused MSSP partner programs? Send me email (

Return Home

No Comments

Leave a Reply

Your email address will not be published.