With the ever-growing number of new security threats and continued deterioration of traditional security perimeters, demand for new security analytics tools that can detect those threats in real time is growing rapidly. Real-Time Security Intelligence solutions are going to redefine the way existing SIEM tools are working and finally provide organizations with clearly ranked actionable items and highly automated remediation workflows.
Various market analysts predict that security analytics solutions will grow into a multibillion market within the next five years. Many vendors, big and small, are now rushing to bring their products to this market in anticipation of its potential. However, the market is still far from reaching the stage of maturity. First, the underlying technologies have not themselves reached full maturity yet, with areas like machine learning and threat intelligence still being constantly developed. Second, very few vendors possess enough intellectual property or resources to integrate all these technologies into a single universal solution.
In a sense, RTSI segment is the frontier of the overall market for information security solutions. When selecting the tools most appropriate for their requirements, customers thus have to be especially careful and should not take vendors’ claims for granted. Support for different data sources, scope of anomaly detection and usability in general may vary significantly.
Although we should expect that in a few years, the market will settle and the broad range of products with various scopes of functionality available today will eventually converge to a reasonable number, today we are still far from that. While some vendors are deciding for evolutionary development of their existing products, others opt for strategic acquisitions. At the same time, smaller companies or even startups are bringing their niche products to the market, aiming for customers looking for point solutions for their most critical problems. The resulting multitude of solutions makes them quite difficult to compare and even harder to predict in which direction the market will evolve. We can however name a few notable vendors from different strata of the RTSI market to at least give you an idea where to start looking.
First, large vendors currently offering “traditional” SIEM solutions are obviously interested in bringing their products up to date with the latest technological developments. This includes IBM Security with their QRadar SIEM and Guardium products with significantly improved analytics capabilities, RSA Security Analytics platform, NetIQ Sentinel or smaller vendors like Securonix or LogRythm.
Another class of vendors are companies coming from the field of cybersecurity. Their products are focusing more on detection and prevention of external and internal threats, and by integrating big data analytics and their own or 3rd party sources of threat intelligence they naturally evolve into RTSI solutions that are leaner and easier to deploy than traditional SIEMs and are targeted at smaller organizations. Notable examples here could be CyberArk with Privileged Threat Analytics as a part of their Privileged Account Security solution, Hexis Cyber Solutions with their HawkEye G and AP analytics platforms or AlienVault with Unified Security Management offering. Another important, yet much less represented aspect of security intelligence is user behavior analytics with vendors like BalaBit with Blindspotter tool recently added to their portfolio or Gurucul providing a number of specialized analytics solutions in that area.
Besides bigger vendors, numerous startups with products usually concentrating on a single source of analytics information like network traffic analysis, endpoint security or mobile security analytics. Their solutions are usually targeted towards small and medium businesses and, although limited in their functional scope, rely more on ease of deployment, simplicity of user interface and quality of support service to win their potential customers. For small companies without sufficient security budgets or expert teams, these products can be a blessing, because they quickly address their most critical security problems. To name just a few vendors here: Seculert with their cloud-based analytics platform, Cybereason with an unorthodox approach towards endpoint security analytics, Cynet with their rapidly deployed integrated solution, Logtrust with a focus on log analysis or Fortscale with a cloud-based solution for detecting malicious users.
Surely, such a large number of different solutions makes RTSI market quite difficult to analyze and predict. On the other hand, almost any company will probably be able to find a product that’s tailored specifically for their requirements. It’s vital however that they should look for complete solutions with managed services and quality support, not just for another set of tools.