Welcome back to our ongoing discussions on Gartner’s most recent Magic Quadrant reports. This week, we will be specifically discussing the “big movers” in Security Information and Event Management (SIEM). If you haven’t read them yet, you can review our other posts analyzing the Magic Quadrants for ADC, EPP, Enterprise Network Firewalls, IaaS, SSA, Integrated Systems, IPS, and WAF.
For now, let’s get started by plotting out the movements of security corporations, Splunk and AlienVault, within SIEM.
Splunk Leaps and Bounds
Splunk made it’s Gartner Security Information and Event Management Magic Quadrant debut in May 2011 when it first established itself in the topmost portion of the SIEM “Niche Players” Quadrant. By the following year, Splunk had gained enough momentum to charge straight up into the lower-right corner of the “Challengers” Quadrant. But Splunk didn’t stop there. Impressively, the following year Splunk launched itself squarely into the 2013 Gartner “Leaders” Quadrant, following closely on the heels of McAfee, HPE, and IBM. Relishing in their ever-increasing “Ability to Execute,” Splunk surpassed MacAfee in 2014, overtook HPE in 2016. Today, Splunk continues to exhibit its “big moves,” as Gartner’s 2017 SIEM report chronicles the ground that Splunk continues to gain on frontrunner IBM.
AlienVault also entered the Gartner Magic Quadrant in May 2011, but it was positioned slightly below and to the right of Splunk in the “Niche Players” Quadrant. However, AlienVault made “big moves” in other positive directions. By 2012, AlienVault had made a significant lateral move into the “Visionaries” Quadrant with marginal movement upward toward the “Leaders” Quadrant. Its impressive trajectory consistently moved it towards the right, exhibiting AlienVault’s growing “Completeness of Vision.” Today, AlienVault holds its ground in the “Visionaries” Quadrant, after showing consistent upward movement in 2015 and 2016.
Beyond the Quadrants
As you can see, Splunk and AlienVault’s “blue dots” have moved significantly across the visual boards of Gartner’s SIEM Magic Quadrants. However, to better understand Gartner’s rationale for their forward motion over the past six years, it is important to delve further into each company’s offerings.
Splunk – Real-time Visibility Born from Analytics
Gartner begins by praising Splunk Security Intelligence Platform and its specific SIEM features and services, saying that the company’s “investment in security monitoring use cases” is the driving force of its success and movement within the Quadrants. Splunk’s unique advantage is the fact that data analytics was an already well-established feature of Splunk Enterprise proper. Rather than simply use this background in analytics for IT management and business intelligence alone, Splunk expertly applied its data analysis proficiencies to its security event monitoring and analysis too.
As a fully-fledged security vendor, Splunk now provides real-time monitoring and rapid investigations using ad hoc search along with static, dynamic and visual correlations to help you investigate potential breaches and report on compliance issues. These advanced security analytics are architected to fully support on-premise, private, public, and hybrid cloud environments—comprehensive support that ultimately provides a broad spectrum of IT security teams with the ability to monitor their own security in house.
AlienVault USM – Comprehensive and Competitive
Gartner’s 2017 report describes AlienVault as a corporation that should be strongly considered by consumers “who need a broad set of integrated security capabilities … for on-premise and AWS environments.” Ultimately, AlienVault’s comprehensive interfaces—vulnerability assessment, asset discovery, NIDS/HIDS, flow and packet capture, and FIM—provide threat intelligence based on kill chain frameworks and enable effective navigation and mitigation of security events. Moreover, AlienVault simplified its licensing models by basing them on utilized appliances rather than on the number of events. In addition, AlienVault’s clients express great appreciation for the free Open Threat Exchange (OTX), commending its community-driven security discussions and sharing platforms. Overall, customers view AlienVault as a value leader, reporting that AlienVault delivers comprehensive and competitive services at a more reasonable price than other SIEM vendors.
Movement Alone Does Not Gain Gartner’s Attention
What does it take to attract Gartner’s attention? If we use AlienVault and Splunk’s impressive movement as a litmus test, it’s ingenuity, innovation, and a pointed dedication to their customers that makes a corporation difficult for Gartner to ignore. And if their forward trajectories continue at a similar rate, AlienVault and Splunk are sure to find themselves in Gartner’s MQ’s for years to come.