SIEM Gathers Steam In 2010

Strong market growth rate attracting new start-ups, but biggest slices are increasingly being hoarded by a very short list of SIEM vendors

The past year has been eventful for security information and event management (SIEM), a colorful security niche that continues to grow at a healthy clip, but still remains in flux amid consolidation, changing technological demands, and a push to service a wider market base beyond SIEMs bread-and-butter financial services enterprise customer.
A recent report by Frost & Sullivans Network Security research practice estimates that when all is said and done for 2010, the SIEM and log management market will have achieved a 15.8 percent growth rate. Thats good for an overall IT marketplace that has experienced relatively flat growth in the small single-digit percentage range. At the same time, though, the markets growth rate slipped slightly compared to 2009s 18.5 percent rate.
In truth, however, 2009 was a bulwark year for SIEM, and the slight dip in growth could be viewed less as a downward trajectory and more like a slight adjustment following a breakthrough in technology adoption.
Two years ago, vendors had to evangelize SIEM and make the case for it, says Chris Poulin, chief security officer for Q1 Labs. Now it is seen as a critical part of the architecture for a mature security organization -- it is baked into the architecture.
Perhaps no better evidence of ITs embrace of SIEM as a mainstream, everyday necessity was
HPs $1.5 billion acquisition of market leader ArcSight
.
The ArcSight buy was actually just the latest endcap to a long stream of SIEM consolidation moves that can be followed as far back as 2006 with the IBM purchase of Consul and the RSA pickup of Network Intelligence. Within the past 18 months alone, the market has seen ArcSight gobbled, Cisco discontinue its MARS product line, and Trustwave purchase Intellitactics. And yet, even as the market has consolidated, the SIEM landscape is still relatively cluttered, with more than 20 players vying for the $785 million market.
This leaves a bit of a paradox: How can the market have consolidated so much and yet the number of vendors still continue to grow? The answer is bifurcation, says Mike Rothman, analyst and president of Securosis. With such a strong growth rate, SIEM continues to attract new start-ups, but that doesnt mean theyre necessarily succeeding at the same rate as the rest of the market. Instead, the SIEM pie is growing, but the biggest slices are increasingly being hoarded by a very short list of market leaders.
From a lot of the conversations Im having, we are starting to see that kind of bifurcation where the big companies in the space, whether theyre public or not, are showing good growth, whereas a lot of the smaller companies are having a hard time because theyre not big enough, they dont get into enough deals, and once they get into a deal, a deal viability issue comes up and makes it hard for them to win, he says.
According to Q1s Poulin, the most successful vendors are the ones that have been able to most easily help customers come to grips with the inundation of security data that they need to make sense of. After all, in the sixth annual SANS Log Management survey out earlier in 2010, IT professionals said the top two challenges they faced in this arena was searching through reports and having the ability to interpret reports.
The vendors that have pulled away from the pack are the ones who understand that different sources of telemetry need to be treated as more than just another event feed: Network flows need to be stitched together to get the full picture, VA data is context to add to or build up as an asset database, and configuration data at the host level and along the network path is critical to not just incident impact analysis, but also incident fidelity, Poulin says.
At the same time, though, there could still be room for new players that can find a way to service nontraditional SIEM markets -- SMBs, and enterprise outside the financial services sectors -- with easy-to-use solutions that deliver targeted security intelligence. Analysts say growth rates within SIEM hosted and managed services are strong and could soon greatly outstrip the growth of traditional SIEM offerings.
Frost & Sullivan says this year the services subcategory within SIEM grew by $21 million, up to $121 million this year. Next year it expects this market to grow by another $26 million.
In order for this market to continue to grow and to continue to drive value to customers, it has to be easier to use, and it has to be much more applicable to the midmarket customer, Securosis Rothman says.
At the same time, dont expect SIEM vendors to be sidetracked from their main missions of serving their core constituency. The vendors are likely to focus in 2011 on offering more sophisticated products that dive deeper into the data already at hand.
The next step for SIEM is to go further with feed, interpreting nontraditional telemetry in a way that makes sense for specific customer needs, Poulin says. Many vendors have focused on SCADA, currently the media darling due to Stuxnet and fears of state-sponsored attacks on utilities. However, the use cases simply arent that exotic.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SIEM Gathers Steam In 2010