All Research
Leadership Compass
I like this
I don't like this

Intelligent SIEM Platforms

Warwick Ashford
This KuppingerCole Leadership Compass provides an overview of the market for Intelligent SIEM (I-SIEM) Platforms that go beyond traditional Security Information and Event Management (SIEM) capabilities to proactively identify threats and automatically suggest mitigation measures to meet the requirements of modern IT environments that are typically on premises as well as being mobile and distributed across multiple cloud environments.

1 Introduction / Executive Summary

Traditional SIEMs were introduced less than 20 years ago as unified platforms for gathering, analyzing, and correlating security events from multiple sources to provide a centralized overview of all security-related events across the whole enterprise, alert the team of security experts, and provide tools for forensic analysis. For many companies, SIEMs have served as the focal point of their in-house or outsourced security operations centers (SOCs) for several years to support threat detection, investigations, incident management, and regulatory compliance.

However, since SIEM systems were first introduced, the rate at which enterprises are generating data and the IT attack surface have both expanded massively. IT environments have become increasingly mobile and cloud-based, driven by digital transformation, which was accelerated by Covid 19 pandemic due to the need for organizations to enable their employees to work from home. The pandemic also led to an increase in the use of personal devices for work purposes. At the same time, there has been an exponential increase in the number and sophistication of cyberattacks and cyber attackers. The increased size and complexity of corporate IT infrastructures and the proliferation of threats is forcing most enterprises to realize that their existing tools face inherent limitations, preventing them from responding effectively to cyberthreats.

Despite dominating the enterprise security market since the early 2000s, it has become increasingly difficult for organizations to sustain traditional SIEM systems or derive full value from them due to high deployment and operating costs, the shortage of cybersecurity skills, and the rapidly expanding attack surface that has resulted in an unprecedented volume of logs and security alerts being generated by most businesses. This has often meant that SIEM solutions were unable to identify and respond to threats effectively. The lack of automation capabilities and support for two-way integrations with security controls such as firewalls has also limited SIEM systems’ ability to make forensic investigations easier for analysts, and consequently, their job remained largely manual and time-consuming.

As a result, SIEM solutions have come under pressure from alternative approaches such as specialized security monitoring solutions for different attack surfaces (endpoints, networks, APIs, and databases) and unified extended detection and response (XDR) solutions. However, SIEM solutions have continued to evolve, expand their coverage, and address their historical challenges. As a result, modern SIEM systems are quite different to their predecessors, taking advantage of several key technological advancements.

The evolution of SIEM solutions has been facilitated mainly by the emergence of breakthrough technologies such as data analytics, machine learning (ML), and cloud-based services that have driven innovation in the cybersecurity market for at least the past decade.

New intelligent automation capabilities, whether integrated directly into newer SIEM solutions or augmenting the existing ones with new functions, ensure that security monitoring, forensic analysis, and incident response remain a core component of any modern cybersecurity architecture, supported by a new generation of SIEM solutions, which will be discussed in further detail in the chapter on the Market Segment.

Despite their checkered history, SIEM tools remain as relevant today as they have ever been because they perform the essential function of providing centralized collection and management of security information across all corporate IT systems.

This Leadership Compass is designed as a tool to help organizations to identify their requirements and map them to the capabilities offered by specific vendors, taking into consideration the size, growth, skills, and budget of the customer organization. To better understand the fundamental principles this report is based on, please refer to KuppingerCole’s Research Methodology.

1.1 Highlights

  • SIEM solutions have dominated the enterprise security market for nearly two decades, but due to high operating costs, an increasing shortage of skilled security experts, and the rapid pace of change in the business IT and cyber threat environments, traditional SIEMs are no longer effective.
  • Legacy SIEM tools typically cannot deal with the volume of security alerts generated across an expanding attack surface, they cannot prioritize alerts for investigation, and they lack automation capabilities and two-way integration with security tools to support forensic investigations.
  • The SIEM market is experiencing pressure from alternative approaches such as specialized security monitoring solutions and unified XDR solutions, but SIEM solutions continue to evolve and address historical challenges.
  • The evolution of SIEM solutions has been facilitated mainly by the emergence of technologies like data analytics, ML, and cloud-based services, which, together with threat hunting and remediation capabilities have ensured the significant improvement of SIEM tools.
  • Incorporation of advanced security orchestration, automation, and response (SOAR) capabilities either directly or via two-way API integrations ensures that forensic analysis and incident response can be automated to a high degree, reducing the time needed to respond to a breach.
  • Modern SIEM tools continue to evolve, with solutions gaining new capabilities, merging previously standalone tools such as behavior analytics and SOAR into integrated platforms, and updating licensing policies to provide modern, scalable, and I-SIEM platforms.
  • The most innovative solutions offer fully integrated unified platforms, fast hot and cold search, and fully federated search capabilities.
  • Future innovation will be focused on faster and easier search capabilities, interactive chatbot/assistants, and greater automation and collaboration capabilities.
  • Search functionality using natural language processing (NLP) and digital assistants based on generative AI are likely to become standard in the next 12 to 18 months.
Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use