Frost & Sullivan estimates security information and event management (SIEM) and log management (LM) vendors sold $ billion of SIEM/LM appliances and related services for the basis year of the study 2014. This represented an improvement of % more than 2013.
Note: In the report the term SIEM/LM will be used the majority of the time as the appliance is usually sold as a combination of products and functions. When the term SIEM is used without LM, this is in reference to the single module or console that houses the analytics or physical archive. SIEM is also is also used to refer to the logistical functions of the technology.
The traditional use cases for SIEM/LM in compliance, storage, and forensic investigations remain important (and in some industries indispensable).
The traditional SIEM/LM use cases can be argued to be passive in nature. The new approach to SIEM/LM is to use SIEM/LM as a part of an active cyber defense plan.
The following is how SIEM is used to enhance an active cyber-defense posture:
Bidirectional communication between SIEM and other cyber security platforms (e.g., firewalls and vulnerability management (VM)) enhances the efficacy of each platform.
Incident mean-time-to-detect and mean-time-to-respond can be greatly reduced if analytics are applied in the SIEM.
Analytics are applied to detect anomalous behavior from end users.
Rules violations can be used as a way to create alarms or fed into a ticketing system.
Analytics can be applied to SIEM for redundancy. For example if a patch is applied, subsequent polling of the SIEM will determine if the patch got through to the endpoint.
About this report
Security information event management (SIEM) and log management (LM) products have been used traditionally by organizations for compliance reporting and auditing. SIEM/LM are integral to advanced persistent threat defense (APT) as statistical baselines can be established to monitor enterprise networks for anomalous behavior. SIEM can be the last chance to find a malicious binary before a cyber-attack detonates. In this report, the SIEM/LM market is reviewed for revenues by region, by vertical market, by product type, and by market-size. Market shares for overall market, enterprise accounts, and SMB are provided. The strategies of top SIEM/LM vendors are discussed and evolving trends within SIEM/LM are presented.
Electronic Access - Site License Fulfilled By Publisher
Electronic Access - Global site License Fulfilled By Publisher