Fourteen cybersecurity companies landed in Gartner's Magic Quadrant for Security Information and Event Management (SIEM). But which of those SIEM providers have friendly MSSP (managed security services provider) offerings?
We took a closer look at Gartner's August 2016 Magic Quadrant results. (Yes, we'll take another look when the 2017 results arrive.) Then, we cross-referenced each Magic Quadrant member with their MSSP initiatives. The result is this blog.
Before we take a look at each company and their MSSP strategies, let's define the SIEM market. SIEM fulfills a customer's need to analyze event data in real time for the early detection of targeted attacks and data breaches, Gartner says. Also, SIEM helps partners to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance, the researcher says. The typical SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications, Gartner adds.
Now, here's a look at each SIEM provider. We've sorted them alphabetically within Gartner's Magic Quadrants, and the commentary is our own.
SIEM Gartner Magic Quadrant: Niche Players
- BlackStratus: The company is very well known for its CYBERShark platform, which is designed for MSPs that support SMB customers. BlackStratus also has a security operations center in Connecticut. MSSP Friendly?: Yes.
- EventTracker: The company’s EventTracker platform comprises SIEM, vulnerability scanning, intrusion detection, behavior analytics, a honeynet deception network and other defense in-depth capabilities within a single management platform. EventTracker offers managed services from its global SOC. MSSP Friendly?: Yes
- Fortinet: The company's FortiSIEM is formerly known as AccelOps. MSSP Friendly?: Yes.
- ManageEngine: ManageEngine offers a range of IT management solutions for IT professionals and service providers. For SIEM, check out the company's Log360 offering. MSSP Friendly?: ManageEngine has some MSP-centric tools, but I don't see SIEM listed among them.
- Micro Focus: Here, you've got to look for Micro Focus's NetIQ business -- which offers a SIEM platform called Sentinel. MSSP Friendly?: I don't see any particular MSSP emphasis.
- SolarWinds: The well-known maker of IT management tools has a SIEM product aptly called SIEM: Log and Event Manager. MSSP Friendly?: SolarWinds also has a business division called SolarWinds MSP -- which includes a range of RMM (remote monitoring and management), backup and disaster recovery (BDR), remote control and security offerings. At present, the SIEM offering isn't part of the SolarWinds MSP portfolio -- but I've been watching for potential cross-pollination...
- Trustwave: Poke around and you'll see that Trustwave offers multiple SIEM products. MSSP Friendly?: The company has a partner program. But Trustwave itself also is an MSSP, offering managed SIEM services and plenty of additional security services.
SIEM Gartner Magic Quadrant: Visionaries
- AlienVault: The AlienVault Unified Security Management (USM) solution provides SIEM, vulnerability assessment (VA), asset discovery, network and host intrusion detection (NIDS/HIDS), flow and packet capture, and file integrity monitoring (FIM), Gartner notes. MSSP Friendly?: Yes.
SIEM Gartner Magic Quadrant: Challengers
- Dell EMC (RSA): Here, the product to know is RSA Security Analytics. MSSP Friendly?: We haven't heard from RSA in this area...
SIEM Gartner Magic Quadrant: Leaders
- HP Enterprise: The company's ArcSight Enterprise Security Manager (ESM) is a threat detection, analysis, triage, and compliance management SIEM platform, HPE says. MSSP Friendly?: Perhaps. We've heard promises from HPE to more aggressively embrace MSPs over the years. But I don't see a clear-cut MSSP partner program for ArcSight.
- IBM: No doubt, IBM Security is big business for the technology giant. And IBM Security QRadar SIEM is a key piece of that business. MSSP Friendly?: IBM touts MSP relationships at the company's annual PartnerWorld conference. But IBM itself also is an MSSP.
- LogRhythm: The company's key offering in this market is aptly called LogRhythm SIEM. MSSP Friendly?: Yes. In fact, Deloitte leverages LogRhythm in its managed security services business practice, the IT consulting firm confirmed this week.
- McAfee (formerly Intel Security): Here, the product to watch is McAfee Enterprise Security Manager. MSSP Friendly? Increasingly yes after some earlier stumbles in the market.
- Splunk: The company's Splunk Enterprise Security is a SIEM offering that "provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information." MSSP Friendly?: Splunk has been building and expanding its partner program. Many MSPs already use the company's tools. But a formalized engagement process for those MSPs and MSSPs is just coming into focus.
Bottom Line
Of the 14 companies in this particular Gartner Magic Quadrant, roughly five have been absolutely committed to MSSPs with clear communications. Several more have some MSSP engagement strategies under way. If you disagree with our views or have a different take on the market please email me ([email protected]) or post a comment. By the way, here's how Gartner displays the SIEM Magic Quadrant for 2016:
