Gartner Report: Critical Capabilities for SIEM

Sunday, January 02, 2011

Heather Howland

1961d93172f8088a077c52e638e31f41

Critical Capabilities for Security Information and Event Management Technology

This research will help project managers, who are responsible for selecting a security information and event management (SIEM) solution, evaluate products from 12 of the major vendors in the segment.

There are wide variations in the level of SIEM technology support for specific use cases, so understanding them is a prerequisite for selecting the best product in a given situation.

SIEM technology is used to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for regulatory compliance and forensics.

SIEM products provide SIM and SEM. Many Gartner clients need to implement SIEM technology to satisfy regulatory requirements – for example, log management for the Payment Card Industry (PCI) or privileged user reporting for Sarbanes-Oxley (SOX).

Our clients generally recognize that these compliance-funded projects are also an opportunity to improve security monitoring and incident management capabilities.

Key Findings Include:

• Security event management (SEM) provides real-time monitoring for security events, and helps IT security operations personnel identify and be more effective in responding to external and internal threats.

• Security information management (SIM) provides log management, reporting and analytics for security events to support regulatory compliance initiatives, internal threat management and security policy compliance management.

• Gartner has defined nine major capabilities provided by SIEM technologies.

• In the three major use cases, six critical capabilities differentiate SIEM products: log management, compliance reporting, user monitoring, application monitoring, SEM, and deployment and support simplicity.

This research will help organizations define their requirements and select a technology.

Download the Complete Report from Q1Labs HERE

Alos Available from Q1 Labs:

The Business Case for a Next-Generation SIEM
Possibly Related Articles:
20327
Network->General
PCI Compliance Log Management SIEM Vendor Management report Gartner Q1 Labs
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.