Gartner Magic Quadrant for SIEM

Thanks for the pointer to the Gartner report on this market segment, a link which is hosted on the ArcSight Web site. We must note here, however, that Gartner's analysts do not use actual test data when making decisions about where products sit in their quadrants. So you are making an apples to oranges comparison in your post, something we try to avoid in the third party testing world.

Since ArcSight declined to be tested by Greg Shipley for Network World in this round of testing, we can't really know how it compares with the products that were tested. Perhaps ArcSight would care to step up to the plate now and be measured against the same methodology its competitors have stood up to?

Christine Burns
Executive Editor, Testing
Network World

Based on the May Gartner study the leaders were arcsight, symantec and rsa.

Considering that these tools start at $20,000 dollars and go up is one BIG strike against them. Secondly, the complexities and integration are nothing to write home about. And third, all the correlations in the world don't mean SQUAT if the data is unintelligible to decision makers. Sure, the geeks love them because they can feather their resumes with yet another expensive technology merit badge, but as for helping to secure an organization it's just more overkill and technology fog.

I'll wager that the market will wake up and realize that the SIEM market, created by and for Gartner on behalf of their paying SIEM customers, will implode.

Novell acquired eSecurity Sentinel. Is there some reason they were not included? In my eval, they look pretty good, especially since they perform Identity Auditing with our Novell Identity Management solution which includes Active Directory.

We're about ready to purchase QRadar any day now. I'm glad to see it's stacking up very well with the competition. One thing the article did not mention is that Juniper Networks has teamed up with Q1 Labs and has an identical appliance called Juniper STRM, which is basically identical to QRadar. Don't be surprised if Juniper buys out Q1 Labs in the near future.

Greg, you definitely make some well pointed observations about the SIEM market in general, and the high degree of variance in both the environments that need to be supported and the way in which this technology is used. As you pointed out, NetIQ is working hard on addressing the configuration challenges that result from the flexibility of deployment options. We have been working for several years on meeting the needs of ongoing “security operationalization”, not only through event integration, but also through the context of IT Process Automation. This article ( http://www.networkworld.com/newsletters/nsm/2008/070708nsm2.html ) posted by your colleague Denise Dubie on NWW this morning provides further details.

Have you seen this blog? What do people think about that?

With the larger SIEM players falling somewhat flat, perhaps it is time to do away with the bells and whistles and test the smaller vendors such as Prism Microsystems, Logrhythm etc. After all it is often the smaller guys that that drive technical innovation.