Behavioural analytics predicted to take SIEM market by storm
Gartner names unchanged line-up of 'Leaders' in latest SIEM Magic Quadrant as it flags up shift in market towards user and entity behaviour analytics
The security information and event management (SIEM) market is set to be shaken up by the emergence of new user and entity behaviour analytics (UEBA) techniques, Gartner said as it unveiled its latest SIEM Magic Quadrant featuring an unchanged line-up of "Leaders" (see graph below and click to enlarge).
Just like last year, the analyst cited IBM Security, HP, Splunk, Intel Security and LogRhythm as the five Leaders in a market it estimates grew four per cent to $1.73bn (£1.32bn) in 2015 (see bottom).
Its Magic Quadrant ran the rule over 14 vendors in total, with ManageEngine the new entrant.
Gartner said it is monitoring the emergence area of UEBA following Spunk's acquisition of UEBA vendor Capida and HP's announcement of an integration solution including ArcSight and Securonix.
UEBA offers a "higher fidelity in finding advanced attacks than SIEM", with early adopters reporting effective detection of targeted attacks with limited deployment efforts, Gartner said.
By the end of 2017, at least 60 per cent of major SIEM vendors will incorporate advanced analytics and UEBA functionality into their products, Gartner predicted.
"Specialised UEBA products with advanced capabilities to support early breach detection are emerging and have gained awareness and acceptance in the market over the past 18 months," Gartner said.
SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications, according to Gartner.
Demand for the technology has remained strong during the past year, Gartner said, with threat management the primary driver, ahead of compliance.
"Organisations are failing at early breach detection, with more than 80 per cent of breaches undetected by the breached organisation. The situation can be improved with threat intelligence, behaviour profiling and effective analytics," it stated.
The SIEM market is dominated by large vendors including HPE, IBM, Intel Security and Splunk, which together command more than 60 per cent of market revenue, Gartner said.
The analyst said the large vendors with significant customer bases are continuing to focus on the expansion of SIEM technology into existing accounts.
ManageEngine president Raj Sabhlok said: "In the past few years, the need to trace breaches and tackle targeted attacks has outgrown the need to meet compliance requirements. We believe this shift in focus is mirrored in the Gartner Magic Quadrant for SIEM."